1 karl 1.1 // ===================================================================
2 // Title: User-Security Identity
3 // $State: Preliminary $
4 // $Date: 2004/07/06 16:48:07 $
5 // $Source: /home/dmtf2/dotorg/var/cvs/repositories/dev/Schema/MOF/User_Identity.mof,v $
6 // $Revision: 1.3 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 2003-2004 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 karl 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 karl 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes related to
49 // Identities.
50 //
51 // The object classes below are listed in an order that
52 // avoids forward references. Required objects, defined
53 // by other working groups, are omitted.
54 // ===================================================================
55 // Change Log for V.29 Preliminary
56 // CR1380 - Clarify IdentityContext cardinalities
57 //
58 // Change Log for v2.8 Final
59 // CR1218 - Clarified the Identity Description, added the
60 // IdentityContext
61 // association, removed the property IdentityContexts in lieu
62 // of the association, promoted Experimental classes to Final
63 // CR1221 - Identity class also promoted to Final
64 karl 1.1 // CR1235 - Corrected copyright
65 //
66 // Change Log for v2.8 Preliminary
67 // CR1011 - Added Identity and Privilege; Deprecated UsersAccess and
68 // AccessControlInformation and their related classes
69 // CR1026 - Extended Identity with an IPNetworkIdentity subclass
70 // ===================================================================
71
72 #pragma Locale ("en_US")
73
74
75 // ==================================================================
76 // Identity
77 // ==================================================================
78 [Version ( "2.8.0" ), Description (
79 "An instance of an Identity represents a ManagedElement that "
80 "acts as a security principal within the scope in which it is "
81 "defined and authenticated. (Note that the Identity's scope is "
82 "specified using the association, CIM_IdentityContext.) "
83 "ManagedElements with Identities can be OrganizationalEntities, "
84 "Services, Systems, etc. The ManagedElement 'behind' an "
85 karl 1.1 "Identity is described using the AssignedIdentity association. "
86 "\n\n"
87 "Within a given security context, an Identity may be imparted a "
88 "level of trust, usually based on its credentials. A trust "
89 "level is defined using the CIM_SecuritySensitivity class, and "
90 "associated with Identity using CIM_ElementSecuritySensitivity. "
91 "Whether an Identity is currently authenticated is evaluated by "
92 "checking the CurrentlyAuthenticated boolean property. This "
93 "property is set and cleared by the security infrastructure, "
94 "and should only be readable within the management "
95 "infrastructure. The conditions which must be met/authenticated "
96 "in order for an Identity's CurrentlyAuthenticated Boolean to "
97 "be TRUE are defined using a subclass of PolicyCondition - "
98 "AuthenticationCondition. The inheritance tree for "
99 "AuthenticationCondition is defined in the CIM Policy Model. \n"
100 "\n"
101 "Subclasses of Identity may include specific information "
102 "related to a given AuthenticationService or authority (such as "
103 "a security token or computer hardware port/communication "
104 "details) that more specifically determine the authenticity of "
105 "the Identity. An instance of Identity may be persisted even "
106 karl 1.1 "though it is not CurrentlyAuthenticated, in order to maintain "
107 "static relationships to Roles, associations to accounting "
108 "information, and policy data defining authentication "
109 "requirements. Note however, when an Identity is not "
110 "authenticated (CurrentlyAuthenticated = FALSE), then "
111 "Privileges or rights SHOULD NOT be authorized. The lifetime, "
112 "validity, and propagation of the Identity is dependent on a "
113 "security infrastructure's policies.")]
114 class CIM_Identity : CIM_ManagedElement {
115
116 [Key, Description (
117 "Within the scope of the instantiating Namespace, InstanceID "
118 "opaquely and uniquely identifies an instance of this class. "
119 "In order to ensure uniqueness within the NameSpace, the "
120 "value of InstanceID SHOULD be constructed using the "
121 "following 'preferred' algorithm: \n"
122 "<OrgID>:<LocalID> \n"
123 "Where <OrgID> and <LocalID> are separated by a colon ':', "
124 "and where <OrgID> MUST include a copyrighted, trademarked "
125 "or otherwise unique name that is owned by the business "
126 "entity creating/defining the InstanceID, or is a registered "
127 karl 1.1 "ID that is assigned to the business entity by a recognized "
128 "global authority. (This is similar to the <Schema "
129 "Name>_<Class Name> structure of Schema class names.) In "
130 "addition, to ensure uniqueness <OrgID> MUST NOT contain a "
131 "colon (':'). When using this algorithm, the first colon to "
132 "appear in InstanceID MUST appear between <OrgID> and "
133 "<LocalID>. \n"
134 "<LocalID> is chosen by the business entity and SHOULD not "
135 "be re-used to identify different underlying (real-world) "
136 "elements. If the above 'preferred' algorithm is not used, "
137 "the defining entity MUST assure that the resultant "
138 "InstanceID is not re-used across any InstanceIDs produced "
139 "by this or other providers for this instance's NameSpace. \n"
140 "For DMTF defined instances, the 'preferred' algorithm MUST "
141 "be used with the <OrgID> set to 'CIM'.")]
142 string InstanceID;
143
144 [Description (
145 "Boolean indicating whether this Identity has been "
146 "authenticated, and is currently known within the scope of "
147 "an AuthenticationService or authority. By default, "
148 karl 1.1 "authenticity SHOULD NOT be assumed. This property is set "
149 "and cleared by the security infrastructure, and should only "
150 "be readable within the management infrastructure. Note that "
151 "its value, alone, may not be sufficient to determine "
152 "authentication/ authorization, in that properties of an "
153 "Identity subclass (such as a security token or computer "
154 "hardware port/ communication details) may be required by "
155 "the security infrastructure.")]
156 boolean CurrentlyAuthenticated = FALSE;
157 };
158
159
160 // ===================================================================
161 // IdentityContext
162 // ===================================================================
163 [Association, Version ( "2.8.1000" ), Description (
164 "This relationship defines a context (e.g., a System or "
165 "Service) of an Identity. Note that the cardinalities of this "
166 "association are many to many, indicating that the Identity MAY "
167 "be scoped by several elements. However, it is likely that "
168 "there will only be a single scope, if one exists at all.")]
169 karl 1.1 class CIM_IdentityContext {
170
171 [Key, Description (
172 "An Identity whose context is defined.")]
173 CIM_Identity REF ElementInContext;
174
175 [Key, Description (
176 "The ManagedElement that provides context or scope for the "
177 "Identity.")]
178 CIM_ManagedElement REF ElementProvidingContext;
179 };
180
181
182 // ===================================================================
183 // AssignedIdentity
184 // ===================================================================
185 [Association, Version ( "2.8.0" ), Description (
186 "This relationship associates an Identity to a specific "
187 "ManagedElement, whose trust is represented.")]
188 class CIM_AssignedIdentity {
189
190 karl 1.1 [Key, Description (
191 "An Identity of the referenced ManagedElement.")]
192 CIM_Identity REF IdentityInfo;
193
194 [Key, Max ( 1 ), Description (
195 "The ManagedElement assigned to a specific Identity.")]
196 CIM_ManagedElement REF ManagedElement;
197 };
198
199
200 // ==================================================================
201 // IPNetworkIdentity
202 // ==================================================================
203 [Version ( "2.8.0" ), Description (
204 "IPNetworkIdentity is used to represent the various network "
205 "identities that may be used for an IPProtocolEndpoint. The "
206 "relationship between the NetworkIdentity and the "
207 "IPProtocolEndpoint is modeled by the AssignedIdentity "
208 "association, inherited from CIM_Identity. This association "
209 "could also be used to relate an address range or other "
210 "endpoint collection with the Identity."),
211 karl 1.1 MappingStrings { "IPSP Policy Model.IETF|IKEIdentity" }]
212 class CIM_IPNetworkIdentity : CIM_Identity {
213
214 [Required, Description (
215 "The IdentityType specifies the type of IP network Identity. "
216 "The list of identities was generated from Section 4.6.2.1 "
217 "of RFC2407. Note that the enumeration is different than the "
218 "RFC list, since the value 'Other' is taken into account."),
219 ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
220 "11", "12", "..", "0x8000.." },
221 Values { "Other", "IPV4 Address", "FQDN", "User FQDN",
222 "IPV4 Subnet Address", "IPV6 Address", "IPV6 Subnet Address",
223 "IPV4 Address Range", "IPV6 Address Range", "DER ASN1 DN",
224 "DER ASN1 GN", "KEY ID", "DMTF Reserved", "Vendor Reserved" },
225 MappingStrings { "IPSP Policy "
226 "Model.IETF|IKEIdentity.IdentityType",
227 "RFC2407.IETF|Section 4.6.2.1" },
228 ModelCorrespondence { "CIM_IPNetworkIdentity.IdentityValue" }]
229 uint16 IdentityType;
230
231 [Required, Description (
232 karl 1.1 "IdentityValue contains a string encoding of the Identity. "
233 "For Identity instances that are address types, the "
234 "IdentityValue string value may be omitted and the "
235 "associated IPProtocolEndpoint, RangeOfIPAddresses or "
236 "similar class is used to define this information. The class "
237 "is associated using the AssignedIdentity relationship."),
238 MappingStrings { "IPSP Policy "
239 "Model.IETF|IKEIdentity.IdentityValue" },
240 ModelCorrespondence { "CIM_IPNetworkIdentity.IdentityType" }]
241 string IdentityValue;
242 };
243
244
245 // ===================================================================
246 // end of file
247 // ===================================================================
|
Return to
User_Identity.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIMPrelim29