1 tony 1.1 // ===================================================================
2 // Title: User-Security Users Access 2.8
3 // Filename: User28_UsersAccess.mof
4 // Version: 2.8
5 // Status: Preliminary
6 // Date: 05/29/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // users' access to a target, and a notary service that
48 // may verify biometrics defined in the UsersAccess class.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // Change Log for v2.8 Preliminary:
55 // CR1011: Modify description of Notary,
56 // Deprecate UsersAccess,ElementAsUser,UsersCredential,
57 // PublicPrivateKeyPair, NotaryVerifiesBiometric
58 //
59 // Change Log for v2.7 - None
60 // ===================================================================
61
62 #pragma Locale ("en_US")
63
64 tony 1.1
65 // ==================================================================
66 // UsersAccess
67 // ==================================================================
68 [Deprecated {"CIM_Identity", "CIM_BiometricCredential"},
69 Version ("2.7.1000"), Description (
70 "The UsersAccess object class is used to specify a 'user' that "
71 "is permitted access to resources. The ManagedElement that has "
72 "access to the resources (represented in the model using the "
73 "ElementAsUser association) may be a person, a service, a "
74 "service access point or any collection thereof.\n"
75 "\n"
76 "This class is deprecated in lieu of the simpler CIM_Identity "
77 "abstraction. The UsersAccess class combines credential "
78 "requirements (in the form of biometric requirements) with the "
79 "concepts of organizational information (via its position in "
80 "the inheritance hierarchy), and identity management. These "
81 "concepts need to be separated to be better understood and "
82 "managed - hence, the deprecation.") ]
83 class CIM_UsersAccess : CIM_UserEntity {
84
85 tony 1.1 [Deprecated {"No value"}, Key, Description (
86 "CreationClassName indicates the name of the class or the "
87 "subclass used in the creation of an instance. When used "
88 "with the other key properties of this class, this property "
89 "allows all instances of this class and its subclasses to be "
90 "uniquely identified."),
91 MaxLen (256) ]
92 string CreationClassName;
93
94 [Deprecated {"CIM_Identity.ElementName"}, Key, Description (
95 "The Name property defines the label by which the object is "
96 "known."),
97 MaxLen (256) ]
98 string Name;
99
100 [Deprecated {"CIM_Identity.InstanceID"}, Key, Description (
101 "The ElementID property uniquely specifies the "
102 "ManagedElement object instance that is the user represented "
103 "by the UsersAccess object instance. The ElementID is "
104 "formatted similarly to a model path except that the "
105 "property-value pairs are ordered in alphabetical order (US "
106 tony 1.1 "ASCII lexical order).") ]
107 string ElementID;
108
109 [Deprecated {"CIM_BiometricCredential.Biometrics"}, Description (
110 "Biometric information used to identify a person. The "
111 "property value is left null or set to 'N/A' for non-human "
112 "user or a user not using biometric information for "
113 "authentication. This property is deprecated as it "
114 "represents required Credential information and is more "
115 "correctly modeled as a specific biometric credential."),
116 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8"},
117 Values {"N/A", "Other", "Facial", "Retina", "Mark", "Finger",
118 "Voice", "DNA-RNA", "EEG"} ]
119 uint16 Biometric[];
120 };
121
122 // ==================================================================
123 // ElementAsUser
124 // ==================================================================
125 [Association, Deprecated {"CIM_AssignedIdentity"},
126 Version ("2.7.1000"), Description (
127 tony 1.1 "CIM_ElementAsUser is an association used to establish the "
128 "'ownership' of UsersAccess object instances. That is, the "
129 "ManagedElement may have UsersAccess to systems and, therefore, "
130 "be 'users' on those systems. UsersAccess instances must have "
131 "an 'owning' ManagedElement. Typically, the ManagedElements "
132 "will be limited to Collection, Person, Service and "
133 "ServiceAccessPoint. Other non-human ManagedElements that "
134 "might be thought of as having UsersAccess (e.g., a device or "
135 "system) have services that have the UsersAccess.\n"
136 "\n"
137 "Since the UsersAccess class is deprecated in lieu of "
138 "CIM_Identity, this association is also deprecated and replaced "
139 "by one of similar semantics, AssignedIdentity. It should be "
140 "noted that the new class is NOT defined as a Dependency "
141 "relationship, since it was felt that the association was not "
142 "truly a dependency of the element on its access.") ]
143 class CIM_ElementAsUser : CIM_Dependency {
144
145 [Deprecated {"CIM_AssignedIdentity.ManagedElement"},
146 Override ("Antecedent"), Min (1), Max (1), Description (
147 "The ManagedElement that has UsersAccess.") ]
148 tony 1.1 CIM_ManagedElement REF Antecedent;
149
150 [Deprecated {"CIM_AssignedIdentity.IdentityInfo"},
151 Override ("Dependent"), Description (
152 "The 'owned' UsersAccess.") ]
153 CIM_UsersAccess REF Dependent;
154 };
155
156
157 // ==================================================================
158 // UsersCredential
159 // ==================================================================
160 [Association, Deprecated {"CIM_AuthenticationCondition"},
161 Version ("2.7.1000"), Description (
162 "CIM_UsersCredential is an association used to establish the "
163 "credentials that may be used for a UsersAccess to a system or "
164 "set of systems.\n"
165 "\n"
166 "Since the UsersAccess class is deprecated in lieu of "
167 "CIM_Identity, this association is also deprecated and replaced "
168 "by policy - where the AuthenticationCondition class describes "
169 tony 1.1 "the credentials that SHOULD be authenticated in order to "
170 "establish the Identity.") ]
171 class CIM_UsersCredential : CIM_Dependency {
172
173 [Deprecated {"CIM_AuthenticationCondition"},
174 Override ("Antecedent"), Description (
175 "The issued credential that may be used.") ]
176 CIM_Credential REF Antecedent;
177
178 [Deprecated {"CIM_Identity"}, Override ("Dependent"),
179 Description (
180 "The UsersAccess that has use of a credential.") ]
181 CIM_UsersAccess REF Dependent;
182 };
183
184
185
186 // ==================================================================
187 // Notary
188 // ==================================================================
189 [Version ("2.7.1000"), Description (
190 tony 1.1 "CIM_Notary is an AuthenticationService which compares the "
191 "biometric characteristics of a person with known "
192 "characteristics, to establish identity. An example is a bank "
193 "teller who compares a picture ID with the person trying to "
194 "cash a check, or a biometric login service that uses voice "
195 "recognition to identify a 'user'.") ]
196 class CIM_Notary : CIM_CredentialManagementService {
197
198 [Description (
199 "The types of biometric information which this Notary can "
200 "compare."),
201 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8"},
202 Values {"N/A", "Other", "Facial", "Retina", "Mark", "Finger",
203 "Voice", "DNA-RNA", "EEG"} ]
204 uint16 Comparitors;
205
206 [Description (
207 "The SealProtocol is how the decision of the Notary is "
208 "recorded for future use by parties who will rely on its "
209 "decision. For instance, a drivers licence frequently "
210 "includes tamper-resistent coatings and markings to protect "
211 tony 1.1 "the recorded decision that a driver, having various "
212 "biometric characteristics of height, weight, hair and eye "
213 "color, using a particular name, has features represented in "
214 "a photograph of their face.") ]
215 string SealProtocol;
216
217 [Description (
218 "CharterIssued documents when the Notary is first "
219 "authorized, by whoever gave it responsibility, to perform "
220 "its service.") ]
221 datetime CharterIssued;
222
223 [Description (
224 "CharterExpired documents when the Notary is no longer "
225 "authorized, by whoever gave it responsibility, to perform "
226 "its service.") ]
227 datetime CharterExpired;
228 };
229
230
231 // ===================================================================
232 tony 1.1 // NotaryVerifiesBiometric
233 // ===================================================================
234 [Association, Deprecated {"CIM_ManagedCredential"},
235 Version ("2.7.1000"), Description (
236 "This relationship associates a Notary service with the Users "
237 "Access whose biometric information is verified. It is "
238 "deprecated since one of its references (UsersAccess) is "
239 "deprecated, and because specific biometric credentials are "
240 "defined in a new subclass of CIM_Credential (specifically, "
241 "BiometricCredential). Given the latter, the relationship of a "
242 "Credential to its management service (ManagedCredential) can "
243 "be used directly.") ]
244 class CIM_NotaryVerifiesBiometric : CIM_Dependency {
245
246 [Deprecated {"CIM_ManagedCredential.Antecedent"},
247 Override ("Antecedent"), Description (
248 "The Notary service that verifies biometric information.") ]
249 CIM_Notary REF Antecedent;
250
251 [Deprecated {"CIM_ManagedCredential.Dependent"},
252 Override ("Dependent"), Description (
253 tony 1.1 "The UsersAccess that represents a person using biometric "
254 "information for authentication.") ]
255 CIM_UsersAccess REF Dependent;
256 };
257
258 // ===================================================================
259 // PublicPrivateKeyPair
260 // ===================================================================
261 [Association, Deprecated {"CIM_AuthenticationCondition"},
262 Version ("2.7.1000"), Description (
263 "This relationship associates a PublicKeyCertificate with the "
264 "Principal who has the PrivateKey used with the PublicKey. The "
265 "PrivateKey is not modeled, since it is not a data element that "
266 "ever SHOULD be accessible via management applications, other "
267 "than key recovery services, which are outside our scope.\n"
268 "\n"
269 "Since the UsersAccess class and this association's superclass "
270 "are deprecated, this association is also deprecated. There is "
271 "no need to have a special subclass for public-private "
272 "credentials. This is especially true since the properties of "
273 "the association describe aspects of the certificate and its "
274 tony 1.1 "handling. The latter is currently out of scope for the "
275 "model.") ]
276 class CIM_PublicPrivateKeyPair : CIM_UsersCredential {
277
278 [Deprecated {"CIM_AuthenticationCondition"},
279 Override ("Antecedent") ]
280 CIM_PublicKeyCertificate REF Antecedent;
281
282 [Deprecated {"CIM_Identity"}, Override ("Dependent") ]
283 CIM_UsersAccess REF Dependent;
284
285 [Deprecated {"No value"}, Description (
286 "The Certificate may be used for signature only or for "
287 "confidentiality as well as signature."),
288 ValueMap {"0", "1"},
289 Values {"SignOnly", "ConfidentialityOrSignature"} ]
290 uint16 Use;
291
292 [Deprecated {"No value"}, Description (
293 "Indicates if the certificate canNOT be repudiated.") ]
294 boolean NonRepudiation;
295 tony 1.1
296 [Deprecated {"No value"}, Description (
297 "Indicates if the certificate can be backed up.") ]
298 boolean BackedUp;
299
300 [Deprecated {"No value"}, Description (
301 "The repository in which the certificate is backed up.") ]
302 string Repository;
303 };
304
305
306 // ===================================================================
307 // end of file
308 // ===================================================================
|