1 karl 1.1 // ===================================================================
2 // Title: User-Security Kerberos Services and Credentials
3 // $State: Preliminary $
4 // $Date: 2004/06/25 17:56:15 $
5 // $Source: /home/dmtf2/dotorg/var/cvs/repositories/dev/Schema/MOF/User_Kerberos.mof,v $
6 // $Revision: 1.2 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2004 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 karl 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 karl 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the classes modeling a Kerberos
49 // security service and credentials.
50 //
51 // The object classes below are listed in an order that
52 // avoids forward references. Required objects, defined
53 // by other working groups, are omitted.
54 // ===================================================================
55 // Change Log for v2.8 Final
56 // CR1235 - Accepted KerberosTicket's Description change as Final
57 //
58 // Change Log for v2.8 Preliminary
59 // CR1011 - Modified description for KerberosTicket
60 //
61 // Change Log for v2.7
62 // CR784 - Promoted 2 properties, Issued and Expired, from
63 // CIM_KerberosTicket to CIM_Credential.
64 karl 1.1 // ===================================================================
65
66 #pragma Locale ("en_US")
67
68
69 // ==================================================================
70 // KerberosKeyDistributionCenter
71 // ==================================================================
72 [Version ( "2.6.0" ), Description (
73 "The Kerberos KDC.")]
74 class CIM_KerberosKeyDistributionCenter : CIM_CredentialManagementService {
75
76 [Override ( "Name" ), Description (
77 "The Realm served by this KDC.")]
78 string Name;
79
80 [Description (
81 "The version of Kerberos supported by this service."),
82 ValueMap { "0", "1", "2", "3" },
83 Values { "V4", "V5", "DCE", "MS" }]
84 uint16 Protocol[];
85 karl 1.1 };
86
87
88 // ==================================================================
89 // KerberosTicket
90 // ==================================================================
91 [Version ( "2.8.0" ), Description (
92 "A CIM_KerberosTicket represents a credential issued by a "
93 "particular Kerberos Key Distribution Center (KDC) to establish "
94 "an identity, as the result of a successful authentication "
95 "process. There are two types of tickets that a KDC may issue - "
96 "a TicketGranting ticket, which is used to protect and "
97 "authenticate communications between an entity and the KDC, and "
98 "a Session ticket, which the KDC issues to two entities to "
99 "allow them to communicate with each other.")]
100 class CIM_KerberosTicket : CIM_Credential {
101
102 [Key,
103 Propagated ( "CIM_KerberosKeyDistributionCenter.SystemCreationClassName"
104 ), Description (
105 "The scoping System's CCN."),
106 karl 1.1 MaxLen ( 256 )]
107 string SystemCreationClassName;
108
109 [Key,
110 Propagated ( "CIM_KerberosKeyDistributionCenter.SystemName" ),
111 Description (
112 "The scoping System's Name."),
113 MaxLen ( 256 )]
114 string SystemName;
115
116 [Key,
117 Propagated ( "CIM_KerberosKeyDistributionCenter.CreationClassName"
118 ), Description (
119 "The scoping Service's CCN."),
120 MaxLen ( 256 )]
121 string ServiceCreationClassName;
122
123 [Key, Propagated ( "CIM_KerberosKeyDistributionCenter.Name" ),
124 Description (
125 "The scoping Service's Name. The Kerberos KDC Realm of "
126 "CIM_KerberosTicket is used to record the security "
127 karl 1.1 "authority, or Realm, name so that tickets issued by "
128 "different Realms can be separately managed and enumerated."),
129 MaxLen ( 256 )]
130 string ServiceName;
131
132 [Key, Description (
133 "The name of the service for which this ticket is used."),
134 MaxLen ( 256 )]
135 string AccessesService;
136
137 [Key, Description (
138 "RemoteID is the name by which the user is known at the KDC "
139 "security service."),
140 MaxLen ( 256 )]
141 string RemoteID;
142
143 [Description (
144 "The Type of CIM_KerberosTicket is used to indicate whether "
145 "the ticket in question was issued by the Kerberos Key "
146 "Distribution Center (KDC) to support ongoing communication "
147 "between the Users Access and the KDC (\"TicketGranting\"), "
148 karl 1.1 "or was issued by the KDC to support ongoing communication "
149 "between two Users Access entities (\"Session\")."),
150 ValueMap { "0", "1" },
151 Values { "Session", "TicketGranting" }]
152 uint16 TicketType;
153 };
154
155
156 // ===================================================================
157 // KDCIssuesKerberosTicket
158 // ===================================================================
159 [Association, Version ( "2.6.0" ), Description (
160 "The KDC issues and owns Kerberos tickets. This association "
161 "captures the relationship between the KDC and its issued "
162 "tickets.")]
163 class CIM_KDCIssuesKerberosTicket : CIM_ManagedCredential {
164
165 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
166 "The issuing KDC.")]
167 CIM_KerberosKeyDistributionCenter REF Antecedent;
168
169 karl 1.1 [Override ( "Dependent" ), Weak, Description (
170 "The managed credential.")]
171 CIM_KerberosTicket REF Dependent;
172 };
173
174
175 // ===================================================================
176 // end of file
177 // ===================================================================
|