1 karl 1.1 // ===================================================================
2 // Title: User-Security Authentication Requirements
3 // $State: Preliminary $
4 // $Date: 2004/06/25 17:56:15 $
5 // $Source: /home/dmtf2/dotorg/var/cvs/repositories/dev/Schema/MOF/User_AuthenticationReqmt.mof,v $
6 // $Revision: 1.2 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2004 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 karl 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 karl 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes related to
49 // requirements for authentication.
50 //
51 // The object classes below are listed in an order that
52 // avoids forward references. Required objects, defined
53 // by other working groups, are omitted.
54 // ===================================================================
55 // Change Log for v2.8 Final
56 // CR1218 - All deprecations promoted to Final
57 // CR1235 - Accepted the subclassing change for HostedAuthentication
58 // Requirement
59 //
60 // Change Log for v2.8 Preliminary (Company Review)
61 // CR1107 - Deprecated:
62 // AuthenticationRequirement
63 // HostedAuthenticationRequirement
64 karl 1.1 // AuthenticatedForUse
65 // RequireCredentialFrom
66 // AuthenticationTarget
67 // CR1128 - Changed subclassing of HostedAuthenticationRequirement
68 // from Dependency to HostedDependency.
69 //
70 // Change Log for v2.8 Preliminary - None
71 //
72 // Change Log for v2.7 - None
73 // ===================================================================
74
75 #pragma Locale ("en_US")
76
77
78 // ==================================================================
79 // AuthenticationRequirement
80 // ==================================================================
81 [Deprecated { "CIM_AuthenticationCondition",
82 "CIM_AuthenticationRule", "CIM_SecuritySensitivity" },
83 Version ( "2.8.0" ), Description (
84 "CIM_AuthenticationRequirement provides, through its "
85 karl 1.1 "associations, the authentication requirements for access to "
86 "system resources. For a particular set of target resources, "
87 "the AuthenticationService may require that credentials be "
88 "issued by a specific CredentialManagementService. The "
89 "AuthenticationRequirement class is weak to the system (e.g., "
90 "ComputerSystem or Administrative Domain) for which the "
91 "requirements apply. \n"
92 "\n"
93 "Note that this class was defined before the Policy Model "
94 "existed, and is deprecated in lieu of authentication policy - "
95 "specifically, the AuthenticationCondition and "
96 "AuthenticationRule classes. In the updated design, "
97 "AuthenticationCondition describes the specific combinations of "
98 "credentials (or alternative credentials) that are required in "
99 "order to authenticate an Identity. This allows a more explicit "
100 "and flexible description of authentication requirements. Also, "
101 "the definition of 'security classification' as a property of "
102 "this class was problematic - since it could not be assigned to "
103 "an element in a straight forward fashion. To correct this "
104 "issue, the SecuritySensitivity class (and its association, "
105 "ElementSecuritySensitivity) are defined.")]
106 karl 1.1 class CIM_AuthenticationRequirement : CIM_LogicalElement {
107
108 [Deprecated { "CIM_AuthenticationRule.SystemCreationClassName" },
109 Key, Propagated ( "CIM_System.CreationClassName" ),
110 Description (
111 "Hosting systemcreation class name."),
112 MaxLen ( 256 )]
113 string SystemCreationClassName;
114
115 [Deprecated { "CIM_AuthenticationRule.SystemName" }, Key,
116 Propagated ( "CIM_System.Name" ), Description (
117 "Hosting system name."),
118 MaxLen ( 256 )]
119 string SystemName;
120
121 [Deprecated { "CIM_AuthenticationRule.CreationClassName" }, Key,
122 Description (
123 "CreationClassName indicates the name of the class or the "
124 "subclass used in the creation of an instance. When used "
125 "with the other key properties of this class, this property "
126 "allows all instances of this class and its subclasses to be "
127 karl 1.1 "uniquely identified."),
128 MaxLen ( 256 )]
129 string CreationClassName;
130
131 [Deprecated { "CIM_AuthenticationRule.PolicyRuleName" }, Key,
132 Override ( "Name" ), Description (
133 "The Name property defines the unique label, in the context "
134 "of the hosting system, by which the "
135 "AuthenticationRequirement is known."),
136 MaxLen ( 256 )]
137 string Name;
138
139 [Deprecated { "CIM_SecuritySensitivity.SecurityLevel" },
140 Description (
141 "The SecurityClassification property specifies a named level "
142 "of security associated with the AuthenticationRequirement, "
143 "e.g., 'Confidential', 'Top Secret', etc.")]
144 string SecurityClassification;
145 };
146
147
148 karl 1.1 // ==================================================================
149 // HostedAuthenticationRequirement
150 // ==================================================================
151 [Association, Deprecated { "CIM_PolicyRuleInSystem" },
152 Version ( "2.8.0" ), Description (
153 "CIM_HostedAuthenticationRequirement is an association used to "
154 "provide the namespace scoping of AuthenticationRequirement. "
155 "The hosted requirements may or may not apply to resources on "
156 "the hosting system. Since the AuthenticationRequirement class "
157 "is deprecated in lieu of explicit policy rules, this class is "
158 "similarly deprecated to its 'policy' equivalent.")]
159 class CIM_HostedAuthenticationRequirement : CIM_HostedDependency {
160
161 [Deprecated { "CIM_PolicyRuleInSystem.Antecedent" },
162 Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ),
163 Description (
164 "The hosting system.")]
165 CIM_System REF Antecedent;
166
167 [Deprecated { "CIM_PolicyRuleInSystem.Dependent" },
168 Override ( "Dependent" ), Weak, Description (
169 karl 1.1 "The hosted AuthenticationRequirement.")]
170 CIM_AuthenticationRequirement REF Dependent;
171 };
172
173
174 // ==================================================================
175 // AuthenticateForUse
176 // ==================================================================
177 [Association, Deprecated { "No value" }, Version ( "2.8.0" ),
178 Description (
179 "CIM_AuthenticateForUse is an association used to provide an "
180 "AuthenticationService with the AuthenticationRequirement it "
181 "needs to do its job. This association is unnecessary and "
182 "therefore deprecated, since it is implied that an Identity "
183 "MUST be authenticated (its CurrentlyAuthenticatedBoolean set "
184 "to TRUE) in order to have any Privileges.")]
185 class CIM_AuthenticateForUse : CIM_Dependency {
186
187 [Deprecated { "No value" }, Override ( "Antecedent" ),
188 Description (
189 "AuthenticationRequirementfor use.")]
190 karl 1.1 CIM_AuthenticationRequirement REF Antecedent;
191
192 [Deprecated { "No value" }, Override ( "Dependent" ),
193 Description (
194 "AuthenticationServicethat uses the requirements.")]
195 CIM_AuthenticationService REF Dependent;
196 };
197
198
199 // ==================================================================
200 // RequireCredentialsFrom
201 // ==================================================================
202 [Association, Deprecated { "CIM_AuthenticationCondition",
203 "CIM_AuthenticationRule" }, Version ( "2.8.0" ), Description (
204 "CIM_RequireCredentialsFrom is an association used to require "
205 "that credentials are issued by particular CredentialManagement "
206 "Services in order to authenticate a user. This association is "
207 "deprecated in lieu of explicit declaration of the "
208 "AuthenticationConditions in an AuthenticationRule. Instances "
209 "of AuthenticationCondition describe the specific combinations "
210 "of credentials (or alternative credentials) that are required "
211 karl 1.1 "to authenticate an Identity. This allows a more explicit and "
212 "flexible description of authentication requirements.")]
213 class CIM_RequireCredentialsFrom : CIM_Dependency {
214
215 [Deprecated { "CIM_AuthenticationCondition" },
216 Override ( "Antecedent" ), Description (
217 "CredentialManagementService from which credentials are "
218 "accepted for the associated AuthenticationRequirement.")]
219 CIM_CredentialManagementService REF Antecedent;
220
221 [Deprecated { "CIM_AuthenticationRule" },
222 Override ( "Dependent" ), Description (
223 "AuthenticationRequirement that limits acceptable "
224 "credentials.")]
225 CIM_AuthenticationRequirement REF Dependent;
226 };
227
228
229 // ==================================================================
230 // AuthenticationTarget
231 // ==================================================================
232 karl 1.1 [Association, Deprecated { "CIM_PolicySetAppliesToElement" },
233 Version ( "2.8.0" ), Description (
234 "CIM_AuthenticationTarget is an association used to apply "
235 "authentication requirements for access to specific resources. "
236 "For example, a shared secret may be sufficient for access to "
237 "unclassified resources, but for confidential resources, a "
238 "stronger authentication may be required. Since the "
239 "AuthenticationRequirement class is deprecated in lieu of "
240 "explicit policy rules, this association is similarly "
241 "deprecated to its 'policy' equivalent.")]
242 class CIM_AuthenticationTarget : CIM_Dependency {
243
244 [Deprecated { "CIM_PolicySetAppliesToElement.PolicySet" },
245 Override ( "Antecedent" ), Description (
246 "AuthenticationRequirement that applies to specific "
247 "resources.")]
248 CIM_AuthenticationRequirement REF Antecedent;
249
250 [Deprecated { "CIM_PolicySetAppliesToElement.ManagedElement" },
251 Override ( "Dependent" ), Description (
252 "Target resources that may be in a Collection or an "
253 karl 1.1 "individual ManagedElement. These resources are protected by "
254 "the AuthenticationRequirement.")]
255 CIM_ManagedElement REF Dependent;
256 };
257
258
259 // ===================================================================
260 // end of file
261 // ===================================================================
|
Return to
User_AuthenticationReqmt.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIMPrelim29