1 tony 1.1 // ===================================================================
2 // Title: User-Security Shared Secret 2.8
3 // Filename: User28_SharedSecret.mof
4 // Version: 2.8
5 // Status: Preliminary
6 // Date: 05/29/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // shared secret security services and credentials.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 - None
54 //
55 // Change Log for v2.7 - None
56 // ===================================================================
57
58 #pragma Locale ("en_US")
59
60
61 // ==================================================================
62 // SharedSecretService
63 // ==================================================================
64 tony 1.1 [Version ("2.6.0"), Description (
65 "CIM_SharedSecretService is a service which ascertains whether "
66 "messages received are from the Principal with whom a secret is "
67 "shared. Examples include a login service that proves identity "
68 "on the basis of knowledge of the shared secret, or a transport "
69 "integrity service (like Kerberos provides) that includes a "
70 "message authenticity code that proves each message in the "
71 "messsage stream came from someone who knows the shared secret "
72 "session key.") ]
73 class CIM_SharedSecretService : CIM_LocalCredentialManagementService {
74
75 [Description (
76 "The Algorithm used to convey the shared secret, such as "
77 "HMAC-MD5,or PLAINTEXT."),
78 MaxLen (256) ]
79 string Algorithm;
80
81 [Description (
82 "The Protocol supported by the SharedSecretService.") ]
83 string Protocol;
84 };
85 tony 1.1
86
87 // ==================================================================
88 // SharedSecret
89 // ==================================================================
90 [Version ("2.6.0"), Description (
91 "CIM_SharedSecret is the secret shared between a Users Access "
92 "and a particular SharedSecret security service. Secrets may "
93 "be in the form of a password used for initial authentication, "
94 "or as with a session key, used as part of a message "
95 "authentication code to verify that a message originated by the "
96 "pricinpal with whom the secret is shared. It is important to "
97 "note that SharedSecret is not just the password, but rather is "
98 "the password used with a particular security service.") ]
99 class CIM_SharedSecret : CIM_Credential {
100
101 [Key,
102 Propagated ("CIM_SharedSecretService.SystemCreationClassName"),
103 Description (
104 "The scoping System's CCN."),
105 MaxLen (256) ]
106 tony 1.1 string SystemCreationClassName;
107
108 [Key, Propagated ("CIM_SharedSecretService.SystemName"),
109 Description (
110 "The scoping System's Name."),
111 MaxLen (256) ]
112 string SystemName;
113
114 [Key, Propagated ( "CIM_SharedSecretService.CreationClassName"),
115 Description (
116 "The scoping Service's CCN."),
117 MaxLen (256) ]
118 string ServiceCreationClassName;
119
120 [Key, Propagated ("CIM_SharedSecretService.Name"), Description (
121 "The scoping Service's Name."),
122 MaxLen (256) ]
123 string ServiceName;
124
125 [Key, Description (
126 "RemoteID is the name by which the user is known at the "
127 tony 1.1 "remote secret key authentication service."),
128 MaxLen (256) ]
129 string RemoteID;
130
131 [Description (
132 "The secret known by the Users Access.") ]
133 string Secret;
134
135 [Description (
136 "The transformation algorithm, if any, used to protect "
137 "passwords before use in the protocol. For instance, "
138 "Kerberos doesn't store passwords as the shared secret, but "
139 "rather, a hash of the password.") ]
140 string Algorithm;
141
142 [Description (
143 "The protocol with which the SharedSecret is used.") ]
144 string Protocol;
145 };
146
147
148 tony 1.1 // ===================================================================
149 // SharedSecretIsShared
150 // ===================================================================
151 [Association, Version ("2.6.0"), Description (
152 "This relationship associates a SharedSecretService with the "
153 "SecretKey it verifies.") ]
154 class CIM_SharedSecretIsShared : CIM_ManagedCredential {
155
156 [Override ("Antecedent"), Min (1), Max (1), Description (
157 "The credential management service.") ]
158 CIM_SharedSecretService REF Antecedent;
159
160 [Override ("Dependent"), Weak, Description (
161 "The managed credential.") ]
162 CIM_SharedSecret REF Dependent;
163 };
164
165
166 // ==================================================================
167 // NamedSharedIKESecret
168 // ==================================================================
169 tony 1.1 [Version ("2.6.0"), Description (
170 "CIM_NamedSharedIKESecret indirectly represents a shared secret "
171 "credential. The local identity, IKEIdentity, and the remote "
172 "peer identity share the secret that is named by the "
173 "SharedSecretName. The SharedSecretName is used "
174 "SharedSecretService to reference the secret.") ]
175 class CIM_NamedSharedIKESecret : CIM_Credential {
176
177 [Key,
178 Propagated ("CIM_SharedSecretService.SystemCreationClassName"),
179 Description (
180 "The scoping System's CCN."),
181 MaxLen (256) ]
182 string SystemCreationClassName;
183
184 [Key, Propagated ("CIM_SharedSecretService.SystemName"),
185 Description (
186 "The scoping System's Name."),
187 MaxLen (256) ]
188 string SystemName;
189
190 tony 1.1 [Key, Propagated ("CIM_SharedSecretService.CreationClassName"),
191 Description (
192 "The scoping Service's CCN."),
193 MaxLen (256) ]
194 string ServiceCreationClassName;
195
196 [Key, Propagated ("CIM_SharedSecretService.Name"), Description (
197 "The scoping Service's Name."),
198 MaxLen (256) ]
199 string ServiceName;
200
201 [Key, Description (
202 "The local Identity with whom the direct trust relationship "
203 "exists."),
204 MaxLen (256),
205 ModelCorrespondence {
206 "CIM_NamedSharedIKESecret.LocalIdentityType"} ]
207 string LocalIdentity;
208
209 [Key, Description (
210 "LocalIdentityType is used to describe the type of the "
211 tony 1.1 "LocalIdentity."),
212 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
213 "11"},
214 Values {"IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET",
215 "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE",
216 "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID"},
217 ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentity"} ]
218 uint16 LocalIdentityType;
219
220 [Key, Description (
221 "The peer identity with whom the direct trust relationship "
222 "exists."),
223 MaxLen (256),
224 ModelCorrespondence {
225 "CIM_NamedSharedIKESecret.PeerIdentityType"} ]
226 string PeerIdentity;
227
228 [Key, Description (
229 "PeerIdentityType is used to describe the type of the "
230 "PeerIdentity."),
231 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
232 tony 1.1 "11"},
233 Values {"IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET",
234 "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE",
235 "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID"},
236 ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentity"} ]
237 uint16 PeerIdentityType;
238
239 [Description (
240 "SharedSecretName is an indirect reference to a shared "
241 "secret. The SecretService does not expose the actual "
242 "secret but rather provides access to the secret via a "
243 "name.") ]
244 string SharedSecretName;
245 };
246
247
248 // ==================================================================
249 // IKESecretIsNamed
250 // ==================================================================
251 [Association, Version ("2.6.0"), Description (
252 "CIM_IKESecretIsNamed association provides the relationship "
253 tony 1.1 "between a SharedSecretService and a NamedSharedIKESecret.") ]
254 class CIM_IKESecretIsNamed : CIM_ManagedCredential {
255
256 [Override ("Antecedent"), Min (1), Max (1), Description (
257 "The SharedSecretService that manages a "
258 "NamedSharedIKESecret.") ]
259 CIM_SharedSecretService REF Antecedent;
260
261 [Override ("Dependent"), Weak, Description (
262 "The managed NamedSharedIKESecret.") ]
263 CIM_NamedSharedIKESecret REF Dependent;
264 };
265
266
267 // ===================================================================
268 // end of file
269 // ===================================================================
|