1 karl 1.1 // ===================================================================
2 // Title: User-Security Accounts
3 // $State: Preliminary $
4 // $Date: 2004/06/25 17:56:15 $
5 // $Source: /home/dmtf2/dotorg/var/cvs/repositories/dev/Schema/MOF/User_Account.mof,v $
6 // $Revision: 1.2 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2004 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 karl 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 karl 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes related to
49 // Accounts.
50 //
51 // The object classes below are listed in an order that
52 // avoids forward references. Required objects, defined
53 // by other working groups, are omitted.
54 // ===================================================================
55 // Change Log for v2.8 Final
56 // CR1218 - Accepted AccountIdentity and the deprecation of
57 // UsersAccount
58 // as Final
59 // CR1235 - Added Descriptions to the properties of ManagesAccount and
60 // SecurityServiceUsesAccount / Accepted Account's Description
61 // change as Final
62 //
63 // Change Log for v2.8 Preliminary
64 karl 1.1 // CR1013 - Related the Account class with Identity, changed Account's
65 // Description, added AccountIdentity and deprecated
66 // UsersAccount
67 //
68 // Change Log for v2.7 - None
69 // ===================================================================
70
71 #pragma Locale ("en_US")
72
73
74 // ==================================================================
75 // Account
76 // ==================================================================
77 [Version ( "2.8.0" ), Description (
78 "CIM_Account is the information held by a SecurityService to "
79 "track identity and privileges managed by that service. Common "
80 "examples of an Account are the entries in a UNIX /etc/passwd "
81 "file. Several kinds of security services use various "
82 "information from those entries - the /bin/login program uses "
83 "the account name ('root') and hashed password to authenticate "
84 "users, and the file service, for instance, uses the UserID "
85 karl 1.1 "field ('0') and GroupID field ('0') to record ownership and "
86 "determine access control privileges on files in the file "
87 "system. This class is defined so as to incorporate "
88 "commonly-used LDAP attributes to permit implementations to "
89 "easily derive this information from LDAP-accessible "
90 "directories. \n"
91 "\n"
92 "The semantics of Account overlap with that of the class, "
93 "CIM_Identity. However, aspects of Account - such as its "
94 "specific tie to a System - are valuable and have been widely "
95 "implemented. For this reason, the Account and Identity classes "
96 "are associated using a subclass of LogicalIdentity "
97 "(AccountIdentity), instead of deprecating the Account class in "
98 "the CIM Schema. When an Account has been authenticated, the "
99 "corresponding Identity's TrustEstablished Boolean would be set "
100 "to TRUE. Then, the Identity class can be used as defined for "
101 "authorization purposes.")]
102 class CIM_Account : CIM_LogicalElement {
103
104 [Key, Propagated ( "CIM_System.CreationClassName" ),
105 Description (
106 karl 1.1 "The scoping System's CCN."),
107 MaxLen ( 256 )]
108 string SystemCreationClassName;
109
110 [Key, Propagated ( "CIM_System.Name" ), Description (
111 "The scoping System's Name."),
112 MaxLen ( 256 )]
113 string SystemName;
114
115 [Key, Description (
116 "CreationClassName indicates the name of the class or the "
117 "subclass used in the creation of an instance. When used "
118 "with the other key properties of this class, this property "
119 "allows all instances of this class and its subclasses to be "
120 "uniquely identified."),
121 MaxLen ( 256 )]
122 string CreationClassName;
123
124 [Key, Override ( "Name" ), Description (
125 "The Name property defines the label by which the object is "
126 "known. The value of this property may be set to be the same "
127 karl 1.1 "as that of the UserID property or, in the case of an "
128 "LDAP-derived instance, the Name property value may be set "
129 "to the distinguishedName of the LDAP-accessed object "
130 "instance."),
131 MaxLen ( 1024 )]
132 string Name;
133
134 [Description (
135 "UserID is the value used by the SecurityService to "
136 "represent identity. For an authentication service, the "
137 "UserID may be the name of the user, or for an authorization "
138 "service the value which serves as a handle to a mapping of "
139 "the identity."),
140 MaxLen ( 256 )]
141 string UserID;
142
143 [Description (
144 "In the case of an LDAP-derived instance, the ObjectClass "
145 "property value(s) may be set to the objectClass attribute "
146 "values.")]
147 string ObjectClass[];
148 karl 1.1
149 [Description (
150 "The Descriptions property values may contain human-readable "
151 "descriptions of the object. In the case of an LDAP-derived "
152 "instance, the description attribute may have multiple "
153 "values that, therefore, cannot be placed in the inherited "
154 "Description property."),
155 MaxLen ( 1024 )]
156 string Descriptions[];
157
158 [Description (
159 "Based on RFC1274, the host name of the system(s) for which "
160 "the account applies. The host name may be a fully-qualified "
161 "DNS name or it may be an unqualified host name.")]
162 string Host[];
163
164 [Description (
165 "This property contains the name of a locality, such as a "
166 "city, county or other geographic region.")]
167 string LocalityName[];
168
169 karl 1.1 [Required, Description (
170 "The name of the organization related to the account.")]
171 string OrganizationName[];
172
173 [Description (
174 "The name of an organizational unit related to the account.")]
175 string OU[];
176
177 [Description (
178 "In the case of an LDAP-derived instance, the SeeAlso "
179 "property specifies distinguished name of other Directory "
180 "objects which may be other aspects (in some sense) of the "
181 "same real world object.")]
182 string SeeAlso[];
183
184 [Description (
185 "Based on inetOrgPerson and for directory compatibility, the "
186 "UserCertificate property may be used to specify a public "
187 "key certificate for the person."),
188 OctetString]
189 string UserCertificate[];
190 karl 1.1
191 [Description (
192 "In the case of an LDAP-derived instance, the UserPassword "
193 "property may contain an encrypted password used to access "
194 "the person's resources in a directory."),
195 OctetString]
196 string UserPassword[];
197 };
198
199
200 // ==================================================================
201 // AccountIdentity
202 // ==================================================================
203 [Association, Version ( "2.8.0" ), Description (
204 "CIM_AccountIdentity relates a system Account with the Identity "
205 "that is established. Since Account also carries Identity "
206 "semantics, the LogicalIdentity association is defined as the "
207 "superclass of this association.")]
208 class CIM_AccountIdentity : CIM_LogicalIdentity {
209
210 [Override ( "SystemElement" ), Description (
211 karl 1.1 "The Account that establishes Identity.")]
212 CIM_Account REF SystemElement;
213
214 [Override ( "SameElement" ), Description (
215 "The Identity established by the Account.")]
216 CIM_Identity REF SameElement;
217 };
218
219
220 // ===================================================================
221 // AccountOnSystem
222 // ===================================================================
223 [Association, Aggregation, Version ( "2.6.0" ), Description (
224 "A system (e.g., ApplicationSystem, ComputerSystem, "
225 "AdminDomain) aggregates Accounts and scopes the uniqueness of "
226 "the Account names (i.e., userids).")]
227 class CIM_AccountOnSystem : CIM_SystemComponent {
228
229 [Aggregate, Override ( "GroupComponent" ), Min ( 1 ), Max ( 1 ),
230 Description (
231 "The aggregating system also provides name scoping for the "
232 karl 1.1 "Account.")]
233 CIM_System REF GroupComponent;
234
235 [Override ( "PartComponent" ), Weak, Description (
236 "The subordinate Account.")]
237 CIM_Account REF PartComponent;
238 };
239
240
241 // ===================================================================
242 // UsersAccount
243 // ===================================================================
244 [Association, Deprecated { "CIM_AccountIdentity" },
245 Version ( "2.8.0" ), Description (
246 "This relationship associates UsersAccess with the Accounts "
247 "with which they're able to interact. This association is "
248 "deprecated in lieu of AccountIdentity, which defines similar "
249 "semantics. This was done since the UsersAccess reference in "
250 "UsersAccount has been deprecated and replaced by the more "
251 "specific semantics of CIM_Identity.")]
252 class CIM_UsersAccount : CIM_Dependency {
253 karl 1.1
254 [Deprecated { "CIM_AccountIdentity.SystemElement" },
255 Override ( "Antecedent" ), Description (
256 "The user's Account.")]
257 CIM_Account REF Antecedent;
258
259 [Deprecated { "CIM_AccountIdentity.SameElement" },
260 Override ( "Dependent" ), Description (
261 "The User as identified by their UsersAccess instance.")]
262 CIM_UsersAccess REF Dependent;
263 };
264
265
266 // ===================================================================
267 // AccountMapsToAccount
268 // ===================================================================
269 [Association, Version ( "2.6.0" ), Description (
270 "This relationship may be used to associate an Account used by "
271 "an AuthenticationService to an Account used for Authorization. "
272 "For instance, this mapping occurs naturally in the UNIX "
273 "/etc/passwd file, where the AuthenticationService Account "
274 karl 1.1 "('root') is mapped to the AuthorizationService Account ('0'). "
275 "The two are separate accounts, as evidenced by the ability to "
276 "have another AuthenticationService Account which ALSO maps to "
277 "the AuthorizationService Account ('0') without ambiguity. This "
278 "association may be used for other account mappings as well "
279 "such as for coordinating single signon for multiple accounts "
280 "for the same user.")]
281 class CIM_AccountMapsToAccount : CIM_Dependency {
282
283 [Override ( "Antecedent" ), Description (
284 "An Account.")]
285 CIM_Account REF Antecedent;
286
287 [Override ( "Dependent" ), Description (
288 "A related Account.")]
289 CIM_Account REF Dependent;
290 };
291
292
293 // ===================================================================
294 // SecurityServiceUsesAccount
295 karl 1.1 // ===================================================================
296 [Association, Version ( "2.6.0" ), Description (
297 "This relationship associates SecurityService instances to the "
298 "Accounts they use in the course of their work.")]
299 class CIM_SecurityServiceUsesAccount : CIM_Dependency {
300
301 [Override ( "Antecedent" ), Description (
302 "Account used by the SecurityService.")]
303 CIM_Account REF Antecedent;
304
305 [Override ( "Dependent" ), Description (
306 "The Service using the Account.")]
307 CIM_SecurityService REF Dependent;
308 };
309
310
311 // ==================================================================
312 // AccountManagementService
313 // ==================================================================
314 [Version ( "2.6.0" ), Description (
315 "CIM_AccountManagementService creates, manages, and if "
316 karl 1.1 "necessary destroys Accounts on behalf of other "
317 "SecuritySerices.")]
318 class CIM_AccountManagementService : CIM_SecurityService {
319 };
320
321
322 // ===================================================================
323 // ManagesAccount
324 // ===================================================================
325 [Association, Version ( "2.6.0" ), Description (
326 "This relationship associates the AccountManagement security "
327 "service to the Accounts for which it is responsible.")]
328 class CIM_ManagesAccount : CIM_Dependency {
329
330 [Override ( "Antecedent" ), Description (
331 "The account management service.")]
332 CIM_AccountManagementService REF Antecedent;
333
334 [Override ( "Dependent" ), Description (
335 "An account managed by the service.")]
336 CIM_Account REF Dependent;
337 karl 1.1 };
338
339
340 // ===================================================================
341 // ManagesAccountOnSystem
342 // ===================================================================
343 [Association, Version ( "2.6.0" ), Description (
344 "The CIM_ManagesAccountOnSystem provides the association "
345 "between a System and the AccountManagementService that manages "
346 "accounts for that system.")]
347 class CIM_ManagesAccountOnSystem : CIM_SecurityServiceForSystem {
348
349 [Override ( "Antecedent" ), Description (
350 "An AccountManagementService that manages accounts for the "
351 "system.")]
352 CIM_AccountManagementService REF Antecedent;
353
354 [Override ( "Dependent" ), Description (
355 "The system that is dependent on the "
356 "AccountManagementService.")]
357 CIM_System REF Dependent;
358 karl 1.1 };
359
360
361 // ===================================================================
362 // end of file
363 // ===================================================================
|
Return to
User_Account.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIMPrelim29