1 karl 1.1 // ===================================================================
2 // Title: User-Security Users Access
3 // $State: Preliminary $
4 // $Date: 2004/06/25 17:56:15 $
5 // $Source: /home/dmtf2/dotorg/var/cvs/repositories/dev/Schema/MOF/User_UsersAccess.mof,v $
6 // $Revision: 1.2 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2004 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 karl 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 karl 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes related to
49 // users' access to a target, and a notary service that
50 // may verify biometrics defined in the UsersAccess class.
51 //
52 // The object classes below are listed in an order that
53 // avoids forward references. Required objects, defined
54 // by other working groups, are omitted.
55 // ===================================================================
56 // Change Log for v2.8 Final:
57 // CR1218: Modified the Deprecations of biometric information and
58 // promoted all deprecations to Final
59 // CR1235: Accepted the Description changes in CR1011 and added
60 // Descriptions for the references in PublicPrivateKeyPair
61 //
62 // Change Log for v2.8 Preliminary:
63 // CR1011: Modified Notary's Description, deprecated UsersAccess,
64 karl 1.1 // ElementAsUser, UsersCredential, PublicPrivateKeyPair,
65 // and NotaryVerifiesBiometric
66 //
67 // Change Log for v2.7: None
68 // ===================================================================
69
70 #pragma Locale ("en_US")
71
72
73 // ==================================================================
74 // UsersAccess
75 // ==================================================================
76 [Deprecated { "CIM_Identity" }, Version ( "2.8.0" ), Description (
77 "The UsersAccess object class is used to specify a 'user' that "
78 "is permitted access to resources. The ManagedElement that has "
79 "access to the resources (represented in the model using the "
80 "ElementAsUser association) may be a person, a service, a "
81 "service access point or any collection thereof. \n"
82 "\n"
83 "This class is deprecated in lieu of the simpler CIM_Identity "
84 "abstraction. The UsersAccess class combines credential "
85 karl 1.1 "requirements (in the form of biometric requirements) with the "
86 "concepts of organizational information (via its position in "
87 "the inheritance hierarchy), and identity management. These "
88 "concepts need to be separated to be better understood and "
89 "managed - hence, the deprecation.")]
90 class CIM_UsersAccess : CIM_UserEntity {
91
92 [Deprecated { "No value" }, Key, Description (
93 "CreationClassName indicates the name of the class or the "
94 "subclass used in the creation of an instance. When used "
95 "with the other key properties of this class, this property "
96 "allows all instances of this class and its subclasses to be "
97 "uniquely identified."),
98 MaxLen ( 256 )]
99 string CreationClassName;
100
101 [Deprecated { "CIM_Identity.ElementName" }, Key, Description (
102 "The Name property defines the label by which the object is "
103 "known."),
104 MaxLen ( 256 )]
105 string Name;
106 karl 1.1
107 [Deprecated { "CIM_Identity.InstanceID" }, Key, Description (
108 "The ElementID property uniquely specifies the "
109 "ManagedElement object instance that is the user represented "
110 "by the UsersAccess object instance. The ElementID is "
111 "formatted similarly to a model path except that the "
112 "property-value pairs are ordered in alphabetical order (US "
113 "ASCII lexical order).")]
114 string ElementID;
115
116 [Deprecated { "No value" }, Description (
117 "Biometric information used to identify a person. The "
118 "property value is left null or set to 'N/A' for non-human "
119 "user or a user not using biometric information for "
120 "authentication. This property is deprecated as it "
121 "represents required Credential information and is more "
122 "correctly modeled as a specific biometric credential."),
123 ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8" },
124 Values { "N/A", "Other", "Facial", "Retina", "Mark", "Finger",
125 "Voice", "DNA-RNA", "EEG" }]
126 uint16 Biometric[];
127 karl 1.1 };
128
129
130 // ==================================================================
131 // ElementAsUser
132 // ==================================================================
133 [Association, Deprecated { "CIM_AssignedIdentity" },
134 Version ( "2.8.0" ), Description (
135 "CIM_ElementAsUser is an association used to establish the "
136 "'ownership' of UsersAccess object instances. That is, the "
137 "ManagedElement may have UsersAccess to systems and, therefore, "
138 "be 'users' on those systems. UsersAccess instances must have "
139 "an 'owning' ManagedElement. Typically, the ManagedElements "
140 "will be limited to Collection, Person, Service and "
141 "ServiceAccessPoint. Other non-human ManagedElements that might "
142 "be thought of as having UsersAccess (e.g., a device or system) "
143 "have services that have the UsersAccess. \n"
144 "\n"
145 "Since the UsersAccess class is deprecated in lieu of "
146 "CIM_Identity, this association is also deprecated and replaced "
147 "by one of similar semantics, AssignedIdentity. It should be "
148 karl 1.1 "noted that the new class is NOT defined as a Dependency "
149 "relationship, since it was felt that the association was not "
150 "truly a dependency of the element on its access.")]
151 class CIM_ElementAsUser : CIM_Dependency {
152
153 [Deprecated { "CIM_AssignedIdentity.ManagedElement" },
154 Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ),
155 Description (
156 "The ManagedElement that has UsersAccess.")]
157 CIM_ManagedElement REF Antecedent;
158
159 [Deprecated { "CIM_AssignedIdentity.IdentityInfo" },
160 Override ( "Dependent" ), Description (
161 "The 'owned' UsersAccess.")]
162 CIM_UsersAccess REF Dependent;
163 };
164
165
166 // ==================================================================
167 // UsersCredential
168 // ==================================================================
169 karl 1.1 [Association, Deprecated { "CIM_AuthenticationCondition" },
170 Version ( "2.8.0" ), Description (
171 "CIM_UsersCredential is an association used to establish the "
172 "credentials that may be used for a UsersAccess to a system or "
173 "set of systems. \n"
174 "\n"
175 "Since the UsersAccess class is deprecated in lieu of "
176 "CIM_Identity, this association is also deprecated and replaced "
177 "by policy - where the AuthenticationCondition class describes "
178 "the credentials that SHOULD be authenticated in order to "
179 "establish the Identity.")]
180 class CIM_UsersCredential : CIM_Dependency {
181
182 [Deprecated { "CIM_AuthenticationCondition" },
183 Override ( "Antecedent" ), Description (
184 "The issued credential that may be used.")]
185 CIM_Credential REF Antecedent;
186
187 [Deprecated { "CIM_Identity" }, Override ( "Dependent" ),
188 Description (
189 "The UsersAccess that has use of a credential.")]
190 karl 1.1 CIM_UsersAccess REF Dependent;
191 };
192
193
194 // ==================================================================
195 // Notary
196 // ==================================================================
197 [Version ( "2.8.0" ), Description (
198 "CIM_Notary is an AuthenticationService which compares the "
199 "biometric characteristics of a person with known "
200 "characteristics, to establish identity. An example is a bank "
201 "teller who compares a picture ID with the person trying to "
202 "cash a check, or a biometric login service that uses voice "
203 "recognition to identify a 'user'.")]
204 class CIM_Notary : CIM_CredentialManagementService {
205
206 [Description (
207 "The types of biometric information which this Notary can "
208 "compare."),
209 ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8" },
210 Values { "N/A", "Other", "Facial", "Retina", "Mark", "Finger",
211 karl 1.1 "Voice", "DNA-RNA", "EEG" }]
212 uint16 Comparitors;
213
214 [Description (
215 "The SealProtocol is how the decision of the Notary is "
216 "recorded for future use by parties who will rely on its "
217 "decision. For instance, a drivers licence frequently "
218 "includes tamper-resistent coatings and markings to protect "
219 "the recorded decision that a driver, having various "
220 "biometric characteristics of height, weight, hair and eye "
221 "color, using a particular name, has features represented in "
222 "a photograph of their face.")]
223 string SealProtocol;
224
225 [Description (
226 "CharterIssued documents when the Notary is first "
227 "authorized, by whoever gave it responsibility, to perform "
228 "its service.")]
229 datetime CharterIssued;
230
231 [Description (
232 karl 1.1 "CharterExpired documents when the Notary is no longer "
233 "authorized, by whoever gave it responsibility, to perform "
234 "its service.")]
235 datetime CharterExpired;
236 };
237
238
239 // ===================================================================
240 // NotaryVerifiesBiometric
241 // ===================================================================
242 [Association, Deprecated { "CIM_ManagedCredential" },
243 Version ( "2.8.0" ), Description (
244 "This relationship associates a Notary service with the Users "
245 "Access whose biometric information is verified. It is "
246 "deprecated since one of its references (UsersAccess) is "
247 "deprecated, and because specific biometric credentials are "
248 "defined in a new subclass of CIM_Credential (specifically, "
249 "BiometricCredential). Given the latter, the relationship of a "
250 "Credential to its management service (ManagedCredential) can "
251 "be used directly.")]
252 class CIM_NotaryVerifiesBiometric : CIM_Dependency {
253 karl 1.1
254 [Deprecated { "CIM_ManagedCredential.Antecedent" },
255 Override ( "Antecedent" ), Description (
256 "The Notary service that verifies biometric information.")]
257 CIM_Notary REF Antecedent;
258
259 [Deprecated { "CIM_ManagedCredential.Dependent" },
260 Override ( "Dependent" ), Description (
261 "The UsersAccess that represents a person using biometric "
262 "information for authentication.")]
263 CIM_UsersAccess REF Dependent;
264 };
265
266
267 // ===================================================================
268 // PublicPrivateKeyPair
269 // ===================================================================
270 [Association, Deprecated { "CIM_AuthenticationCondition" },
271 Version ( "2.8.0" ), Description (
272 "This relationship associates a PublicKeyCertificate with the "
273 "Principal who has the PrivateKey used with the PublicKey. The "
274 karl 1.1 "PrivateKey is not modeled, since it is not a data element that "
275 "ever SHOULD be accessible via management applications, other "
276 "than key recovery services, which are outside our scope. \n"
277 "\n"
278 "Since the UsersAccess class and this association's superclass "
279 "are deprecated, this association is also deprecated. There is "
280 "no need to have a special subclass for public-private "
281 "credentials. This is especially true since the properties of "
282 "the association describe aspects of the certificate and its "
283 "handling. The latter is currently out of scope for the model.")]
284 class CIM_PublicPrivateKeyPair : CIM_UsersCredential {
285
286 [Deprecated { "CIM_AuthenticationCondition" },
287 Override ( "Antecedent" ), Description (
288 "The public key certificate.")]
289 CIM_PublicKeyCertificate REF Antecedent;
290
291 [Deprecated { "CIM_Identity" }, Override ( "Dependent" ),
292 Description (
293 "The Principal holding the private key (that corresponds to "
294 "the public key.")]
295 karl 1.1 CIM_UsersAccess REF Dependent;
296
297 [Deprecated { "No value" }, Description (
298 "The Certificate may be used for signature only or for "
299 "confidentiality as well as signature."),
300 ValueMap { "0", "1" },
301 Values { "SignOnly", "ConfidentialityOrSignature" }]
302 uint16 Use;
303
304 [Deprecated { "No value" }, Description (
305 "Indicates if the certificate canNOT be repudiated.")]
306 boolean NonRepudiation;
307
308 [Deprecated { "No value" }, Description (
309 "Indicates if the certificate can be backed up.")]
310 boolean BackedUp;
311
312 [Deprecated { "No value" }, Description (
313 "The repository in which the certificate is backed up.")]
314 string Repository;
315 };
316 karl 1.1
317
318 // ===================================================================
319 // end of file
320 // ===================================================================
|
Return to
User_UsersAccess.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIMPrelim29