1 a.dunfey 1.1 // ===================================================================
2 // Title: Policy Model
3 // $State: Preliminary $
4 // $Date: 2005/01/13 22:22:48 $
5 // $Source: /home/dmtf2/dotorg/var/cvs/repositories/dev/Schema/MOF/CIM_Policy.mof,v $
6 // $Revision: 1.9 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 a.dunfey 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 a.dunfey 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The Policy Model provides a framework for specifying
47 // configuration and operational information in a scalable
48 // way using rules composed of conditions and actions.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // CIM V2.9 Changes (Preliminary)
55 // DMTFCR1491 -
56 // Fix definition of MethodAction.InstMethodCallName
57 // DMTFCR1342 -
58 // Provides a PrivilegePropagationRule in support of the
59 // Change/ShowAccess methods.
60 // DMTFCR1337 -
61 // AuthorizationRule is the corollary to AuthenticationRule
62 // DMTFCR1303 -
63 // Add match 'all' to the CIM_PolicySet.PolicyDecisionStrategy
64 a.dunfey 1.1 // DMTFCR1393 -
65 // Define QueryConditions and Actions, removing any dependency
66 // on query result
67 // implementation
68 //
69 // CIM V2.8 Changes (Final)
70 // DMTFCR1213 -
71 // Keep Experimental for 2.8.1000
72 // PolicyRoleCollection.ActivatePolicySet(),
73 // PolicyRoleCollection.DeactivatePolicySet()
74 // PolicySetInRoleCollection
75 // DMTFCR1212 -
76 // Remove the property, FilterEvaluation, from
77 // PacketFilterCondition. It specifies whether the filters
78 // are applied at ingress, egress or both, but this is
79 // already defined by the FilterList.Direction property.
80 // Property to be taken Final, and the class Version qualifier
81 // to be updated to "2.8.0": PolicyAction.DoActionLogging
82 // Classes to be promoted to FINAL status and their Version
83 // qualifiers set to "2.8.0": PacketFilterCondition,
84 // NetworkPacketAction, RejectConnectionAction,
85 a.dunfey 1.1 // FilterOfPacketCondition (ties the FilterList to the
86 // PacketFilterCondition), AcceptCredentialFrom
87 // DMTFCR1211 -
88 // Delete the class, ChallengeQuestionAuthentication,
89 // since it is just a kind of SharedSecret.
90 // Add "identifier" properties to DocumentAuthentication,
91 // PhysicalCredentialAuthentication and
92 // BiometricAuthentication.
93 // Classes to be promoted to FINAL status, and their Version
94 // qualifiers updated to "2.8.0":
95 //
96 // CIM V2.8 Changes (Company Review)
97 // DMTFCR1104 -Replace the class definition of
98 // AuthenticationCondition
99 // Add the following class defintions:
100 // SharedSecretAuthentication, AccountAuthentication,
101 // BiometricAuthentication, NetworkingIDAuthentication,
102 // PublicPrivateKeyAuthentication, KerberosAuthentication,
103 // DocumentAuthentication, ChallengeQuestionAuthentication
104 // (Deleted in Final),
105 // and PhysicalCredentialAuthentication
106 a.dunfey 1.1 // DMTFCR1105 - Generalize the SACondition class (from the Networks)
107 // to be PacketFilterCondition and defined here in Policy.
108 // Add FilterOfPacketCondition and AcceptCredentialFrom
109 // class definitions.
110 // Move FilterOfPacketCondition to Network_IPsecPolicy to
111 // avoid a forward reference.
112 // DMTFCR1106 - Add DoActionLogging property to PolicyAction
113 // Add NetworkPacketAction class definition
114 // Add RejectConnectionAction class definition
115 // DMTFCR1128 - Change subclassing of PolicyInSystem from
116 // Dependency to HostedDependency.
117 //
118 // CIM V2.8 Changes
119 // DMTFCR1057 - Explicit declaration of PolicySets that apply to
120 // ManagedElements, via PolicyRoleCollections
121 // DMTFCR1058 - Activate/deactivate PolicySets which match a
122 // particular PolicyRole on a particular ManagedElement
123 // DMTFCR1060 - Add AuthenticationCondition and AuthenticationRule
124 // subclasses of PolicyCondition/PolicyRule
125 //
126 // CIM V2.7 Changes
127 a.dunfey 1.1 // DMTFCR985 - Promote Deprecations to V2.7 Final
128 // DMTFCR960 - Remove Weak Qualifier from PolicyRoleCollection and
129 // derive from SystemSpecificCollection instead of Collection
130 // DMTFCR930 - Implementation Experience with the Policy 2.7 Model
131 // - Move PolicyRule.Enabled to PolicySet.Enabled
132 // - Move PolicyTimePeriodCondition up to PolicySet and
133 // make clear how to specify global time period with respect
134 // a given time zone
135 // - Deprecate policy role combinations
136 // - Add Unconditional to PolicyRule.ConditionListType
137 // - Deprecate PolicyRule.Mandatory
138 // CIMCR914 - Added propagated keys in PolicyRoleCollection
139 // CIMCR906 - Add text to PolicySetComponent's Description and the
140 // class' Priority property to indicate that the values
141 // of Priority must be unique
142 // With promotion of Component to ManagedElement,
143 // added CIM_Component as superclass of CIM_PolicyComponent
144 // (there is no other change to the semantics or syntax)
145 // CIMCR625 - Add CompoundPolicyCondition as PolicyCondition
146 // subclass
147 // - Add PolicyConditionStructure abstract aggregation as a
148 a.dunfey 1.1 // subclass of PolicyComponent
149 // - Change derivation of PolicyConditionInPolicyRule from
150 // PolicyComponent to PolicyConditionStructure and move
151 // GroupNumber and ConditionNegated properties up to parent
152 // class
153 // - Add PolicyConditionInPolicyCondition aggregation as a
154 // subclass of PolicyConditionStructure
155 // - Add PolicyRoleCollection as Collection subclass
156 // - Add ElementInPolicyRoleCollection as MemberOfCollection
157 // subclass
158 // - Add PolicyRoleCollectionInSystem as Dependency subclass
159 //
160 // CIM V2.6 Changes
161 // CIMCR614 - Add CompoundPolicyAction
162 // - Add CompoundPolicyAction as a subclass of PolicyAction
163 // - Add PolicyActionStructure abstract aggregation as a
164 // subclass of PolicyComponent
165 // - Change derivation of PolicyActionInPolicyRule from
166 // PolicyComponent to PolicyActionStructure and, thus,
167 // move ActionOrder property up to parent class
168 // - Add PolicyActionInPolicyAction aggregation as a
169 a.dunfey 1.1 // subclass of PolicyActionStructure
170 // CIMCR597a - PCIMe updates
171 // - Edit Policy description
172 // - Add PolicySet & derive PolicyGroup & PolicyRule
173 // - Deprecate PolicyRule.Priority for
174 // PolicySetComponent.Priority
175 // - Remove PolicyRule.PolicyRoles (it's in PolicySet)
176 // - Add PolicyRule.ExecutionStrategy
177 // - Deprecate PolicyRepository & replace with
178 // ReusablePolicyContainer
179 // - Add PolicySetInSystem
180 // - Add PolicySetComponent & deprecate ...InPolicyGroup
181 // & derive PolicyGroupInSystem & PolicyRuleInSystem
182 // - Add ContainedDomain (to Core)
183 // & deprecate PolicyRepositoryInPolicyRepository
184 // - Add ReusablePolicy & deprecate ...InPolicyRepository
185 // ==================================================================
186
187 #pragma Locale ("en-US")
188
189
190 a.dunfey 1.1 // ==================================================================
191 // Compile prerequisite: Core, Network and User MOFs
192 // Network MOF is needed for FilterList, and the User MOF for
193 // CredentialManagementService
194 // ==================================================================
195
196
197 // ==================================================================
198 // Policy
199 // ==================================================================
200 [Abstract, Version ( "2.6.0" ), Description (
201 "An abstract class defining the common properties of the policy "
202 "managed elements derived from CIM_Policy. The subclasses are "
203 "used to create rules and groups of rules that work together to "
204 "form a coherent set of policies within an administrative "
205 "domain or set of domains.")]
206 class CIM_Policy : CIM_ManagedElement {
207
208 [Description (
209 "A user-friendly name of this policy-related object.")]
210 string CommonName;
211 a.dunfey 1.1
212 [Description (
213 "An array of keywords for characterizing / categorizing "
214 "policy objects. Keywords are of one of two types: \n"
215 "- Keywords defined in this and other MOFs, or in DMTF white "
216 "papers. These keywords provide a vendor- independent, "
217 "installation-independent way of characterizing policy "
218 "objects. \n"
219 "- Installation-dependent keywords for characterizing policy "
220 "objects. Examples include 'Engineering', 'Billing', and "
221 "'Review in December 2000'. \n"
222 "This MOF defines the following keywords: 'UNKNOWN', "
223 "'CONFIGURATION', 'USAGE', 'SECURITY', 'SERVICE', "
224 "'MOTIVATIONAL', 'INSTALLATION', and 'EVENT'. These concepts "
225 "are self-explanatory and are further discussed in the "
226 "SLA/Policy White Paper. One additional keyword is defined: "
227 "'POLICY'. The role of this keyword is to identify "
228 "policy-related instances that may not be otherwise "
229 "identifiable, in some implementations. The keyword 'POLICY' "
230 "is NOT mutually exclusive of the other keywords specified "
231 "above.")]
232 a.dunfey 1.1 string PolicyKeywords[];
233 };
234
235
236 // ==================================================================
237 // PolicySet
238 // ==================================================================
239 [Abstract, Version ( "2.8.0" ), Description (
240 "PolicySet is an abstract class that represents a set of "
241 "policies that form a coherent set. The set of contained "
242 "policies has a common decision strategy and a common set of "
243 "policy roles (defined via the PolicySetInRole Collection "
244 "association). Subclasses include PolicyGroup and PolicyRule.")]
245 class CIM_PolicySet : CIM_Policy {
246 [Description (
247 "PolicyDecisionStrategy defines the evaluation method used "
248 "for policies contained in the PolicySet. There are two "
249 "values currently defined: \n"
250 "- 'First Matching' (1) executes the actions of the first "
251 "rule whose conditions evaluate to TRUE. The concept of "
252 "'first' is determined by examining the priority of the rule "
253 a.dunfey 1.1 "within the policy set (i.e., by examining the property, "
254 "PolicySetComponent.Priority). Note that this ordering "
255 "property MUST be maintained when processing the "
256 "PolicyDecisionStrategy. \n"
257 "- 'All' (2) executes the actions of ALL rules whose "
258 "conditions evaluate to TRUE, in the set. As noted above, "
259 "the order of processing of the rules is defined by the "
260 "property, PolicySetComponent.Priority (and within a rule, "
261 "the ordering of the actions is defined by the property, "
262 "PolicyActionStructure.ActionOrder). Note that when this "
263 "strategy is defined, processing MUST be completed of ALL "
264 "rules whose conditions evaluate to TRUE, regardless of "
265 "errors in the execution of the rule actions."),
266 ValueMap { "1", "2" },
267 Values { "First Matching", "All" }]
268 uint16 PolicyDecisionStrategy;
269
270 [Deprecated { "CIM_PolicySetInRoleCollection" }, Description (
271 "The PolicyRoles property represents the roles associated "
272 "with a PolicySet. All contained PolicySet instances inherit "
273 "the values of the PolicyRoles of the aggregating PolicySet "
274 a.dunfey 1.1 "but the values are not copied. A contained PolicySet "
275 "instance may, however, add additional PolicyRoles to those "
276 "it inherits from its aggregating PolicySet(s). Each value "
277 "in PolicyRoles multi-valued property represents a role for "
278 "which the PolicySet applies, i.e., the PolicySet should be "
279 "used by any enforcement point that assumes any of the "
280 "listed PolicyRoles values. \n"
281 "\n"
282 "Although not officially designated as 'role combinations', "
283 "multiple roles may be specified using the form: \n"
284 "<RoleName>[&&<RoleName>]* \n"
285 "where the individual role names appear in alphabetical "
286 "order (according to the collating sequence for UCS-2). "
287 "Implementations may treat PolicyRoles values that are "
288 "specified as 'role combinations' as simple strings. \n"
289 "\n"
290 "This property is deprecated in lieu of the use of an "
291 "association, CIM_PolicySetInRoleCollection. The latter is a "
292 "more explicit and less error-prone approach to modeling "
293 "that a PolicySet has one or more PolicyRoles.")]
294 string PolicyRoles[];
295 a.dunfey 1.1
296 [Description (
297 "Indicates whether this PolicySet is administratively "
298 "enabled, administratively disabled, or enabled for debug. "
299 "The \"EnabledForDebug\" property value is deprecated and, "
300 "when it or any value not understood by the receiver is "
301 "specified, the receiving enforcement point treats the "
302 "PolicySet as \"Disabled\". To determine if a PolicySet is "
303 "\"Enabled\", the containment hierarchy specified by the "
304 "PolicySetComponent aggregation is examined and the Enabled "
305 "property values of the hierarchy are ANDed together. Thus, "
306 "for example, everything aggregated by a PolicyGroup may be "
307 "disabled by setting the Enabled property in the PolicyGroup "
308 "instance to \"Disabled\" without changing the Enabled "
309 "property values of any of the aggregated instances. The "
310 "default value is 1 (\"Enabled\")."),
311 ValueMap { "1", "2", "3" },
312 Values { "Enabled", "Disabled", "Enabled For Debug" }]
313 uint16 Enabled = 1;
314 };
315
316 a.dunfey 1.1
317 // ==================================================================
318 // PolicyGroup
319 // ==================================================================
320 [Version ( "2.6.0" ), Description (
321 "An aggregation of PolicySet instances (PolicyGroups and/or "
322 "PolicyRules) that have the same decision strategy and inherit "
323 "policy roles. PolicyGroup instances are defined and named "
324 "relative to the CIM_System that provides their context.")]
325 class CIM_PolicyGroup : CIM_PolicySet {
326
327 [Key, Propagated ( "CIM_System.CreationClassName" ),
328 Description (
329 "The scoping System's CreationClassName."),
330 MaxLen ( 256 )]
331 string SystemCreationClassName;
332
333 [Key, Propagated ( "CIM_System.Name" ), Description (
334 "The scoping System's Name."),
335 MaxLen ( 256 )]
336 string SystemName;
337 a.dunfey 1.1
338 [Key, Description (
339 "CreationClassName indicates the name of the class or the "
340 "subclass used in the creation of an instance. When used "
341 "with the other key properties of this class, this property "
342 "allows all instances of this class and its subclasses to be "
343 "uniquely identified."),
344 MaxLen ( 256 )]
345 string CreationClassName;
346
347 [Key, Description (
348 "A user-friendly name of this PolicyGroup."),
349 MaxLen ( 256 )]
350 string PolicyGroupName;
351 };
352
353
354 // ==================================================================
355 // PolicyRule
356 // ==================================================================
357 [Version ( "2.7.0" ), Description (
358 a.dunfey 1.1 "The central class used for representing the 'If Condition then "
359 "Action' semantics of a policy rule. A PolicyRule condition, in "
360 "the most general sense, is represented as either an ORed set "
361 "of ANDed conditions (Disjunctive Normal Form, or DNF) or an "
362 "ANDed set of ORed conditions (Conjunctive Normal Form, or "
363 "CNF). Individual conditions may either be negated (NOT C) or "
364 "unnegated (C). The actions specified by a PolicyRule are to be "
365 "performed if and only if the PolicyRule condition (whether it "
366 "is represented in DNF or CNF) evaluates to TRUE. \n"
367 "\n"
368 "The conditions and actions associated with a PolicyRule are "
369 "modeled, respectively, with subclasses of PolicyCondition and "
370 "PolicyAction. These condition and action objects are tied to "
371 "instances of PolicyRule by the PolicyConditionInPolicyRule and "
372 "PolicyActionInPolicyRule aggregations. \n"
373 "\n"
374 "A PolicyRule may also be associated with one or more policy "
375 "time periods, indicating the schedule according to which the "
376 "policy rule is active and inactive. In this case it is the "
377 "PolicySetValidityPeriod aggregation that provides this "
378 "linkage. \n"
379 a.dunfey 1.1 "\n"
380 "The PolicyRule class uses the property ConditionListType, to "
381 "indicate whether the conditions for the rule are in DNF "
382 "(disjunctive normal form), CNF (conjunctive normal form) or, "
383 "in the case of a rule with no conditions, as an "
384 "UnconditionalRule. The PolicyConditionInPolicyRule aggregation "
385 "contains two additional properties to complete the "
386 "representation of the Rule's conditional expression. The first "
387 "of these properties is an integer to partition the referenced "
388 "PolicyConditions into one or more groups, and the second is a "
389 "Boolean to indicate whether a referenced Condition is negated. "
390 "An example shows how ConditionListType and these two "
391 "additional properties provide a unique representation of a set "
392 "of PolicyConditions in either DNF or CNF. \n"
393 "\n"
394 "Suppose we have a PolicyRule that aggregates five "
395 "PolicyConditions C1 through C5, with the following values in "
396 "the properties of the five PolicyConditionInPolicyRule "
397 "associations: \n"
398 "C1: GroupNumber = 1, ConditionNegated = FALSE \n"
399 "C2: GroupNumber = 1, ConditionNegated = TRUE \n"
400 a.dunfey 1.1 "C3: GroupNumber = 1, ConditionNegated = FALSE \n"
401 "C4: GroupNumber = 2, ConditionNegated = FALSE \n"
402 "C5: GroupNumber = 2, ConditionNegated = FALSE \n"
403 "\n"
404 "If ConditionListType = DNF, then the overall condition for the "
405 "PolicyRule is: \n"
406 "(C1 AND (NOT C2) AND C3) OR (C4 AND C5) \n"
407 "\n"
408 "On the other hand, if ConditionListType = CNF, then the "
409 "overall condition for the PolicyRule is: \n"
410 "(C1 OR (NOT C2) OR C3) AND (C4 OR C5) \n"
411 "\n"
412 "In both cases, there is an unambiguous specification of the "
413 "overall condition that is tested to determine whether to "
414 "perform the PolicyActions associated with the PolicyRule. \n"
415 "\n"
416 "PolicyRule instances may also be used to aggregate other "
417 "PolicyRules and/or PolicyGroups. When used in this way to "
418 "implement nested rules, the conditions of the aggregating rule "
419 "apply to the subordinate rules as well. However, any side "
420 "effects of condition evaluation or the execution of actions "
421 a.dunfey 1.1 "MUST NOT affect the result of the evaluation of other "
422 "conditions evaluated by the rule engine in the same evaluation "
423 "pass. That is, an implementation of a rule engine MAY evaluate "
424 "all conditions in any order before applying the priority and "
425 "determining which actions are to be executed.")]
426 class CIM_PolicyRule : CIM_PolicySet {
427
428 [Key, Propagated ( "CIM_System.CreationClassName" ),
429 Description (
430 "The scoping System's CreationClassName."),
431 MaxLen ( 256 )]
432 string SystemCreationClassName;
433
434 [Key, Propagated ( "CIM_System.Name" ), Description (
435 "The scoping System's Name."),
436 MaxLen ( 256 )]
437 string SystemName;
438
439 [Key, Description (
440 "CreationClassName indicates the name of the class or the "
441 "subclass used in the creation of an instance. When used "
442 a.dunfey 1.1 "with the other key properties of this class, this property "
443 "allows all instances of this class and its subclasses to be "
444 "uniquely identified."),
445 MaxLen ( 256 )]
446 string CreationClassName;
447
448 [Key, Description (
449 "A user-friendly name of this PolicyRule."),
450 MaxLen ( 256 )]
451 string PolicyRuleName;
452
453 [Description (
454 "Indicates whether the list of PolicyConditions associated "
455 "with this PolicyRule is in disjunctive normal form (DNF), "
456 "conjunctive normal form (CNF), or has no conditions (i.e., "
457 "is an UnconditionalRule) and is automatically evaluated to "
458 "\"True.\" The default value is 1 (\"DNF\")."),
459 ValueMap { "0", "1", "2" },
460 Values { "Unconditional Rule", "DNF", "CNF" }]
461 uint16 ConditionListType = 1;
462
463 a.dunfey 1.1 [Description (
464 "A free-form string that can be used to provide guidelines "
465 "on how this PolicyRule should be used.")]
466 string RuleUsage;
467
468 [Deprecated { "CIM_PolicySetComponent.Priority" }, Description (
469 "PolicyRule.Priority is deprecated and replaced by providing "
470 "the priority for a rule (and a group) in the context of the "
471 "aggregating PolicySet instead of the priority being used "
472 "for all aggregating PolicySet instances. Thus, the "
473 "assignment of priority values is much simpler. \n"
474 "\n"
475 "A non-negative integer for prioritizing this Policy Rule "
476 "relative to other Rules. A larger value indicates a higher "
477 "priority. The default value is 0.")]
478 uint16 Priority=0;
479
480 [Deprecated { "No Value" }, Description (
481 "A flag indicating that the evaluation of the Policy "
482 "Conditions and execution of PolicyActions (if the "
483 "Conditions evaluate to TRUE) is required. The evaluation of "
484 a.dunfey 1.1 "a PolicyRule MUST be attempted if the Mandatory property "
485 "value is TRUE. If the Mandatory property is FALSE, then the "
486 "evaluation of the Rule is 'best effort' and MAY be ignored.")]
487 boolean Mandatory;
488
489 [Description (
490 "This property gives a policy administrator a way of "
491 "specifying how the ordering of the PolicyActions associated "
492 "with this PolicyRule is to be interpreted. Three values are "
493 "supported: \n"
494 "o mandatory(1): Do the actions in the indicated order, or "
495 "don't do them at all. \n"
496 "o recommended(2): Do the actions in the indicated order if "
497 "you can, but if you can't do them in this order, do them in "
498 "another order if you can. \n"
499 "o dontCare(3): Do them -- I don't care about the order. \n"
500 "The default value is 3 (\"DontCare\")."),
501 ValueMap { "1", "2", "3" },
502 Values { "Mandatory", "Recommended", "Dont Care" }]
503 uint16 SequencedActions = 3;
504
505 a.dunfey 1.1 [Description (
506 "ExecutionStrategy defines the strategy to be used in "
507 "executing the sequenced actions aggregated by this "
508 "PolicyRule. There are three execution strategies: \n"
509 "\n"
510 "Do Until Success - execute actions according to predefined "
511 "order, until successful execution of a single action. \n"
512 "Do All - execute ALL actions which are part of the modeled "
513 "set, according to their predefined order. Continue doing "
514 "this, even if one or more of the actions fails. \n"
515 "Do Until Failure - execute actions according to predefined "
516 "order, until the first failure in execution of an action "
517 "instance."),
518 ValueMap { "1", "2", "3" },
519 Values { "Do Until Success", "Do All", "Do Until Failure" }]
520 uint16 ExecutionStrategy;
521 };
522
523
524 // ==================================================================
525 // AuthenticationRule
526 a.dunfey 1.1 // ==================================================================
527 [Version ( "2.8.0" ), Description (
528 "A class representing a company's and/or administrator's "
529 "authentication requirements for a CIM_Identity. The "
530 "PolicyConditions collected by an instance of "
531 "AuthenticationRule describe the various requirements under "
532 "which a CIM_Identity's CurrentlyAuthenticated Boolean is set "
533 "to TRUE. Note that the CIM_Identities which are authenticated "
534 "are tied to the Rule by the association, PolicySet "
535 "AppliesToElement. \n"
536 "\n"
537 "At this time, there are no actions associated with this "
538 "PolicyRule. This is because the actions are implicit. When the "
539 "conditions of the rule are met, then the "
540 "CurrentlyAuthenticated Boolean properties of the associated "
541 "instances of CIM_Identity are set to TRUE.")]
542 class CIM_AuthenticationRule : CIM_PolicyRule {
543 };
544
545
546 // ==================================================================
547 a.dunfey 1.1 // ReusablePolicyContainer
548 // ==================================================================
549 [Version ( "2.6.0" ), Description (
550 "A class representing an administratively defined container for "
551 "reusable policy-related information. This class does not "
552 "introduce any additional properties beyond those in its "
553 "superclass AdminDomain. It does, however, participate in a "
554 "unique association for containing policy elements. \n"
555 "\n"
556 "An instance of this class uses the NameFormat value "
557 "\"ReusablePolicyContainer\".")]
558 class CIM_ReusablePolicyContainer : CIM_AdminDomain {
559 };
560
561
562 // ==================================================================
563 // PolicyRepository *** deprecated
564 // ==================================================================
565 [Deprecated { "CIM_ReusablePolicyContainer" }, Version ( "2.7.0" ),
566 Description (
567 "The term 'PolicyRepository' has been confusing to both "
568 a.dunfey 1.1 "developers and users of the model. The replacement class name "
569 "describes model element properly and is less likely to be "
570 "confused with a data repository. \n"
571 "\n"
572 "A class representing an administratively defined container for "
573 "reusable policy-related information. This class does not "
574 "introduce any additional properties beyond those in its "
575 "superclass AdminDomain. It does, however, participate in a "
576 "number of unique associations. \n"
577 "\n"
578 "An instance of this class uses the NameFormat value "
579 "\"PolicyRepository\".")]
580 class CIM_PolicyRepository : CIM_AdminDomain {
581 };
582
583
584 // ==================================================================
585 // PolicyCondition
586 // ==================================================================
587 [Abstract, Version ( "2.6.0" ), Description (
588 "A class representing a rule-specific or reusable policy "
589 a.dunfey 1.1 "condition to be evaluated in conjunction with a Policy Rule. "
590 "Since all operational details of a PolicyCondition are "
591 "provided in subclasses of this object, this class is abstract.")]
592 class CIM_PolicyCondition : CIM_Policy {
593
594 [Key, Description (
595 "The name of the class or the subclass used in the creation "
596 "of the System object in whose scope this PolicyCondition is "
597 "defined. \n"
598 "\n"
599 "This property helps to identify the System object in whose "
600 "scope this instance of PolicyCondition exists. For a "
601 "rule-specific PolicyCondition, this is the System in whose "
602 "context the PolicyRule is defined. For a reusable "
603 "PolicyCondition, this is the instance of PolicyRepository "
604 "(which is a subclass of System) that holds the Condition. \n"
605 "\n"
606 "Note that this property, and the analogous property "
607 "SystemName, do not represent propagated keys from an "
608 "instance of the class System. Instead, they are properties "
609 "defined in the context of this class, which repeat the "
610 a.dunfey 1.1 "values from the instance of System to which this "
611 "PolicyCondition is related, either directly via the "
612 "PolicyConditionInPolicyRepository association or indirectly "
613 "via the PolicyConditionInPolicyRule aggregation."),
614 MaxLen ( 256 )]
615 string SystemCreationClassName;
616
617 [Key, Description (
618 "The name of the System object in whose scope this "
619 "PolicyCondition is defined. \n"
620 "\n"
621 "This property completes the identification of the System "
622 "object in whose scope this instance of PolicyCondition "
623 "exists. For a rule-specific PolicyCondition, this is the "
624 "System in whose context the PolicyRule is defined. For a "
625 "reusable PolicyCondition, this is the instance of "
626 "PolicyRepository (which is a subclass of System) that holds "
627 "the Condition."),
628 MaxLen ( 256 )]
629 string SystemName;
630
631 a.dunfey 1.1 [Key, Description (
632 "For a rule-specific PolicyCondition, the CreationClassName "
633 "of the PolicyRule object with which this Condition is "
634 "associated. For a reusable Policy Condition, a special "
635 "value, 'NO RULE', should be used to indicate that this "
636 "Condition is reusable and not associated with a single "
637 "PolicyRule."),
638 MaxLen ( 256 )]
639 string PolicyRuleCreationClassName;
640
641 [Key, Description (
642 "For a rule-specific PolicyCondition, the name of the "
643 "PolicyRule object with which this Condition is associated. "
644 "For a reusable PolicyCondition, a special value, 'NO RULE', "
645 "should be used to indicate that this Condition is reusable "
646 "and not associated with a single PolicyRule."),
647 MaxLen ( 256 )]
648 string PolicyRuleName;
649
650 [Key, Description (
651 "CreationClassName indicates the name of the class or the "
652 a.dunfey 1.1 "subclass used in the creation of an instance. When used "
653 "with the other key properties of this class, this property "
654 "allows all instances of this class and its subclasses to be "
655 "uniquely identified."),
656 MaxLen ( 256 )]
657 string CreationClassName;
658
659 [Key, Description (
660 "A user-friendly name of this PolicyCondition."),
661 MaxLen ( 256 )]
662 string PolicyConditionName;
663 };
664
665
666 // ==================================================================
667 // PolicyTimePeriodCondition
668 // ==================================================================
669 [Version ( "2.7.0" ), Description (
670 "This class provides a means of representing the time periods "
671 "during which a PolicySet is valid, i.e., active. At all times "
672 "that fall outside these time periods, the PolicySet has no "
673 a.dunfey 1.1 "effect. A PolicySet is treated as valid at ALL times, if it "
674 "does not specify a PolicyTimePeriodCondition. \n"
675 "\n"
676 "In some cases a Policy Consumer may need to perform certain "
677 "setup / cleanup actions when a PolicySet becomes active / "
678 "inactive. For example, sessions that were established while a "
679 "PolicySet was active might need to be taken down when the "
680 "PolicySet becomes inactive. In other cases, however, such "
681 "sessions might be left up. In this case, the effect of "
682 "deactivating the PolicySet would just be to prevent the "
683 "establishment of new sessions. \n"
684 "\n"
685 "Setup / cleanup behaviors on validity period transitions are "
686 "not currently addressed by the Policy Model, and must be "
687 "specified in 'guideline' documents or via subclasses of "
688 "CIM_PolicySet, CIM_PolicyTimePeriod Condition or other "
689 "concrete subclasses of CIM_Policy. If such behaviors need to "
690 "be under the control of the policy administrator, then a "
691 "mechanism to allow this control must also be specified in the "
692 "subclasses. \n"
693 "\n"
694 a.dunfey 1.1 "PolicyTimePeriodCondition is defined as a subclass of "
695 "PolicyCondition. This is to allow the inclusion of time-based "
696 "criteria in the AND/OR condition definitions for a PolicyRule. "
697 "\n\n"
698 "Instances of this class may have up to five properties "
699 "identifying time periods at different levels. The values of "
700 "all the properties present in an instance are ANDed together "
701 "to determine the validity period(s) for the instance. For "
702 "example, an instance with an overall validity range of January "
703 "1, 2000 through December 31, 2000; a month mask that selects "
704 "March and April; a day-of-the-week mask that selects Fridays; "
705 "and a time of day range of 0800 through 1600 would be "
706 "represented using the following time periods: \n"
707 "Friday, March 5, 2000, from 0800 through 1600; \n"
708 "Friday, March 12, 2000, from 0800 through 1600; \n"
709 "Friday, March 19, 2000, from 0800 through 1600; \n"
710 "Friday, March 26, 2000, from 0800 through 1600; \n"
711 "Friday, April 2, 2000, from 0800 through 1600; \n"
712 "Friday, April 9, 2000, from 0800 through 1600; \n"
713 "Friday, April 16, 2000, from 0800 through 1600; \n"
714 "Friday, April 23, 2000, from 0800 through 1600; \n"
715 a.dunfey 1.1 "Friday, April 30, 2000, from 0800 through 1600. \n"
716 "\n"
717 "Properties not present in an instance of "
718 "PolicyTimePeriodCondition are implicitly treated as having "
719 "their value 'always enabled'. Thus, in the example above, the "
720 "day-of-the-month mask is not present, and so the validity "
721 "period for the instance implicitly includes a day-of-the-month "
722 "mask that selects all days of the month. If this 'missing "
723 "property' rule is applied to its fullest, we see that there is "
724 "a second way to indicate that a PolicySet is always enabled: "
725 "associate with it an instance of PolicyTimePeriodCondition "
726 "whose only properties with specific values are its key "
727 "properties.")]
728 class CIM_PolicyTimePeriodCondition : CIM_PolicyCondition {
729
730 [Description (
731 "This property identifies an overall range of calendar dates "
732 "and times over which a PolicySet is valid. It is formatted "
733 "as a string representing a start date and time, in which "
734 "the character 'T' indicates the beginning of the time "
735 "portion, followed by the solidus character '/', followed by "
736 a.dunfey 1.1 "a similar string representing an end date and time. The "
737 "first date indicates the beginning of the range, while the "
738 "second date indicates the end. Thus, the second date and "
739 "time must be later than the first. Date/times are expressed "
740 "as substrings of the form yyyymmddThhmmss. For example: \n"
741 "20000101T080000/20000131T120000 defines \n"
742 "January 1, 2000, 0800 through January 31, 2000, noon \n"
743 "\n"
744 "There are also two special cases in which one of the "
745 "date/time strings is replaced with a special string defined "
746 "in RFC 2445. \n"
747 "o If the first date/time is replaced with the string "
748 "'THISANDPRIOR', then the property indicates that a "
749 "PolicySet is valid [from now] until the date/time that "
750 "appears after the '/'. \n"
751 "o If the second date/time is replaced with the string "
752 "'THISANDFUTURE', then the property indicates that a "
753 "PolicySet becomes valid on the date/time that appears "
754 "before the '/', and remains valid from that point on."),
755 ModelCorrespondence {
756 "CIM_PolicyTimePeriodCondition.MonthOfYearMask",
757 a.dunfey 1.1 "CIM_PolicyTimePeriodCondition.DayOfMonthMask",
758 "CIM_PolicyTimePeriodCondition.DayOfWeekMask",
759 "CIM_PolicyTimePeriodCondition.TimeOfDayMask",
760 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
761 string TimePeriod;
762
763 [Description (
764 "The purpose of this property is to refine the valid time "
765 "period that is defined by the TimePeriod property, by "
766 "explicitly specifying in which months the PolicySet is "
767 "valid. These properties work together, with the TimePeriod "
768 "used to specify the overall time period in which the "
769 "PolicySet is valid, and the MonthOfYearMask used to pick "
770 "out the months during which the PolicySet is valid. \n"
771 "\n"
772 "This property is formatted as an octet string, structured "
773 "as follows: \n"
774 "o a 4-octet length field, indicating the length of the "
775 "entire octet string; this field is always set to 0x00000006 "
776 "for this property; \n"
777 "o a 2-octet field consisting of 12 bits identifying the 12 "
778 a.dunfey 1.1 "months of the year, beginning with January and ending with "
779 "December, followed by 4 bits that are always set to '0'. "
780 "For each month, the value '1' indicates that the policy is "
781 "valid for that month, and the value '0' indicates that it "
782 "is not valid. \n"
783 "\n"
784 "The value 0x000000060830, for example, indicates that a "
785 "PolicySet is valid only in the months May, November, and "
786 "December. \n"
787 "\n"
788 "If a value for this property is not provided, then the "
789 "PolicySet is treated as valid for all twelve months, and "
790 "only restricted by its TimePeriod property value and the "
791 "other Mask properties."),
792 OctetString,
793 ModelCorrespondence {
794 "CIM_PolicyTimePeriodCondition.TimePeriod",
795 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
796 uint8 MonthOfYearMask[];
797
798 [Description (
799 a.dunfey 1.1 "The purpose of this property is to refine the valid time "
800 "period that is defined by the TimePeriod property, by "
801 "explicitly specifying in which days of the month the "
802 "PolicySet is valid. These properties work together, with "
803 "the TimePeriod used to specify the overall time period in "
804 "which the PolicySet is valid, and the DayOfMonthMask used "
805 "to pick out the days of the month during which the "
806 "PolicySet is valid. \n"
807 "\n"
808 "This property is formatted as an octet string, structured "
809 "as follows: \n"
810 "o a 4-octet length field, indicating the length of the "
811 "entire octet string; this field is always set to 0x0000000C "
812 "for this property; \n"
813 "o an 8-octet field consisting of 31 bits identifying the "
814 "days of the month counting from the beginning, followed by "
815 "31 more bits identifying the days of the month counting "
816 "from the end, followed by 2 bits that are always set to "
817 "'0'. For each day, the value '1' indicates that the "
818 "PolicySet is valid for that day, and the value '0' "
819 "indicates that it is not valid. \n"
820 a.dunfey 1.1 "\n"
821 "The value 0x0000000C8000000100000000, for example, "
822 "indicates that a PolicySet is valid on the first and last "
823 "days of the month. \n"
824 "\n"
825 "For months with fewer than 31 days, the digits "
826 "corresponding to days that the months do not have (counting "
827 "in both directions) are ignored. \n"
828 "\n"
829 "If a value for this property is not provided, then the "
830 "PolicySet is treated as valid for all days of the month, "
831 "and only restricted by its TimePeriod property value and "
832 "the other Mask properties."),
833 OctetString,
834 ModelCorrespondence {
835 "CIM_PolicyTimePeriodCondition.TimePeriod",
836 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
837 uint8 DayOfMonthMask[];
838
839 [Description (
840 "The purpose of this property is to refine the valid time "
841 a.dunfey 1.1 "period that is defined by the TimePeriod property, by "
842 "explicitly specifying in which days of the week the "
843 "PolicySet is valid. These properties work together, with "
844 "the TimePeriod used to specify the overall time period in "
845 "which the PolicySet is valid, and the DayOfWeekMask used to "
846 "pick out the days of the week during which the PolicySet is "
847 "valid. \n"
848 "\n"
849 "This property is formatted as an octet string, structured "
850 "as follows: \n"
851 "o a 4-octet length field, indicating the length of the "
852 "entire octet string; this field is always set to 0x00000005 "
853 "for this property; \n"
854 "o a 1-octet field consisting of 7 bits identifying the 7 "
855 "days of the week, beginning with Sunday and ending with "
856 "Saturday, followed by 1 bit that is always set to '0'. For "
857 "each day of the week, the value '1' indicates that the "
858 "PolicySet is valid for that day, and the value '0' "
859 "indicates that it is not valid. \n"
860 "\n"
861 "The value 0x000000057C, for example, indicates that a "
862 a.dunfey 1.1 "PolicySet is valid Monday through Friday. \n"
863 "\n"
864 "If a value for this property is not provided, then the "
865 "PolicySet is treated as valid for all days of the week, and "
866 "only restricted by its TimePeriod property value and the "
867 "other Mask properties."),
868 OctetString,
869 ModelCorrespondence {
870 "CIM_PolicyTimePeriodCondition.TimePeriod",
871 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
872 uint8 DayOfWeekMask[];
873
874 [Description (
875 "The purpose of this property is to refine the valid time "
876 "period that is defined by the TimePeriod property, by "
877 "explicitly specifying a range of times in a day during "
878 "which the PolicySet is valid. These properties work "
879 "together, with the TimePeriod used to specify the overall "
880 "time period in which the PolicySet is valid, and the "
881 "TimeOfDayMask used to pick out the range of time periods in "
882 "a given day of during which the PolicySet is valid. \n"
883 a.dunfey 1.1 "\n"
884 "This property is formatted in the style of RFC 2445: a time "
885 "string beginning with the character 'T', followed by the "
886 "solidus character '/', followed by a second time string. "
887 "The first time indicates the beginning of the range, while "
888 "the second time indicates the end. Times are expressed as "
889 "substrings of the form 'Thhmmss'. \n"
890 "\n"
891 "The second substring always identifies a later time than "
892 "the first substring. To allow for ranges that span "
893 "midnight, however, the value of the second string may be "
894 "smaller than the value of the first substring. Thus, "
895 "'T080000/T210000' identifies the range from 0800 until "
896 "2100, while 'T210000/T080000' identifies the range from "
897 "2100 until 0800 of the following day. \n"
898 "\n"
899 "When a range spans midnight, it by definition includes "
900 "parts of two successive days. When one of these days is "
901 "also selected by either the MonthOfYearMask, "
902 "DayOfMonthMask, and/or DayOfWeekMask, but the other day is "
903 "not, then the PolicySet is active only during the portion "
904 a.dunfey 1.1 "of the range that falls on the selected day. For example, "
905 "if the range extends from 2100 until 0800, and the day of "
906 "week mask selects Monday and Tuesday, then the PolicySet is "
907 "active during the following three intervals: \n"
908 "From midnight Sunday until 0800 Monday; \n"
909 "From 2100 Monday until 0800 Tuesday; \n"
910 "From 2100 Tuesday until 23:59:59 Tuesday. \n"
911 "\n"
912 "If a value for this property is not provided, then the "
913 "PolicySet is treated as valid for all hours of the day, and "
914 "only restricted by its TimePeriod property value and the "
915 "other Mask properties."),
916 ModelCorrespondence {
917 "CIM_PolicyTimePeriodCondition.TimePeriod",
918 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
919 string TimeOfDayMask;
920
921 [Description (
922 "This property indicates whether the times represented in "
923 "the TimePeriod property and in the various Mask properties "
924 "represent local times or UTC times. There is no provision "
925 a.dunfey 1.1 "for mixing of local times and UTC times: the value of this "
926 "property applies to all of the other time-related "
927 "properties. TimePeriods are synchronized worldwide by using "
928 "the enumeration value 'UTCTime'. If the goal is to "
929 "synchronize worldwide on a particular local time (such as "
930 "0300 - 0500 in New York), then if the TimePeriod property "
931 "spans a Daylight Savings Time transition in New York, it "
932 "will be necessary to create multiple instances of "
933 "PolicyTimePeriodCondition, one based on the offset UTC-0500 "
934 "for the part of each year when standard time is used in New "
935 "York, and one based on the offset UTC-0400 for the part of "
936 "each year when Daylight Savings Time is used there."),
937 ValueMap { "1", "2" },
938 Values { "Local Time", "UTC Time" },
939 ModelCorrespondence {
940 "CIM_PolicyTimePeriodCondition.TimePeriod",
941 "CIM_PolicyTimePeriodCondition.MonthOfYearMask",
942 "CIM_PolicyTimePeriodCondition.DayOfMonthMask",
943 "CIM_PolicyTimePeriodCondition.DayOfWeekMask",
944 "CIM_PolicyTimePeriodCondition.TimeOfDayMask" }]
945 uint16 LocalOrUtcTime;
946 a.dunfey 1.1 };
947
948
949 // ==================================================================
950 // CompoundPolicyCondition
951 // ==================================================================
952 [Version ( "2.7.0" ), Description (
953 "CompoundPolicyCondition is used to represent compound "
954 "conditions formed by aggregating simpler policy conditions. "
955 "Compound conditions are constructed by associating subordinate "
956 "condition terms together using the "
957 "PolicyConditionInPolicyCondition aggregation.")]
958 class CIM_CompoundPolicyCondition : CIM_PolicyCondition {
959
960 [Description (
961 "Indicates whether the list of CompoundPolicyConditions "
962 "associated with this PolicyRule is in disjunctive normal "
963 "form (DNF) or conjunctive normal form (CNF). The default "
964 "value is 1 (\"DNF\")."),
965 ValueMap { "1", "2" },
966 Values { "DNF", "CNF" }]
967 a.dunfey 1.1 uint16 ConditionListType;
968 };
969
970 // ====================================================================
971 // QueryCondition
972 // ====================================================================
973 [Experimental, Version ( "2.8.1000" ), Description (
974 "QueryCondition defines the criteria for generating a set of "
975 "query results that are accessible to other QueryConditions or "
976 "MethodActions of the same PolicyRule. If there are no results "
977 "returned from the query, then the Condition evaluates to "
978 "false; otherwise, true. \n"
979 "\n"
980 "QueryConditions are assumed to be constantly evaluated "
981 "whenever precursor PolicyConditions are met. Actual "
982 "implementations may evaluate conditions dynamically, via "
983 "polling, or via other means. \n"
984 "\n"
985 "QueryCondition instances are viewed as clients of query. The "
986 "QueryCondition implementation takes the query results and "
987 "makes them available by the name specified in QueryResultName "
988 a.dunfey 1.1 "to the FROM clause in the Query property of other "
989 "QueryConditions or MethodActions. (The details of how this is "
990 "accomplished are implementation dependent.) These results are "
991 "not available via CIM Operations, do not create lifecycle "
992 "indications, and do not persist beyond a single evaluation of "
993 "the associated PolicyRule.")]
994 class CIM_QueryCondition : CIM_PolicyCondition {
995
996 [Required, Description (
997 "In the context of the associated PolicyRule, "
998 "QueryResultName defines a unique alias for the query "
999 "results that MAY be used in subsequent QueryConditions or "
1000 "MethodActions of the same PolicyRule. This string is "
1001 "treated as a class name, in a query statement."),
1002 ModelCorrespondence { "CIM_QueryCondition.Query",
1003 "CIM_MethodAction.Query" }]
1004 string QueryResultName;
1005
1006 [Required, Description (
1007 "A query expression that MAY be evaluated and that defines "
1008 "the query results that MAY be generated. Note that the "
1009 a.dunfey 1.1 "query's FROM clause MAY reference any class, including "
1010 "those named by the QueryResultName of other QueryCondition "
1011 "instances associated to the same PolicyRule."),
1012 ModelCorrespondence { "CIM_QueryCondition.QueryLanguage",
1013 "CIM_QueryCondition.QueryResultName" }]
1014 string Query;
1015
1016 [Required, Description (
1017 "The language in which the Query string is expressed."),
1018 ValueMap { "2", "..", "0x8000.." },
1019 Values { "CQL", "DMTF Reserved", "Vendor Reserved" },
1020 ModelCorrespondence { "CIM_QueryCondition.Query" }]
1021 uint16 QueryLanguage = 2;
1022
1023 [Required, Description (
1024 "If Trigger = true, and with the exception of any "
1025 "PolicyTimePeriodConditions, PolicyConditions of this Policy "
1026 "are not evaluated until this 'triggering' condition query "
1027 "is true. There MUST be no more than one QueryCondition with "
1028 "Trigger = true associated with a particular Policy.")]
1029 boolean Trigger = false;
1030 a.dunfey 1.1 };
1031
1032 // ==================================================================
1033 // AuthenticationCondition
1034 // ==================================================================
1035 [Abstract, Version ( "2.8.0" ), Description (
1036 "An abstract class whose subclasses describe one of a company's "
1037 "and/or administrator's credential requirements, and/or other "
1038 "information that should be authenticated in order to "
1039 "establish/trust a CIM_Identity. The PolicyConditions collected "
1040 "by an instance of AuthenticationRule describe the various "
1041 "requirements under which a CIM_Identity's "
1042 "CurrentlyAuthenticated Boolean is set to TRUE. Note that the "
1043 "CIM_Identities which are authenticated are specified through "
1044 "the AuthenticationRule, using the PolicySet AppliesToElement "
1045 "association.")]
1046 class CIM_AuthenticationCondition : CIM_PolicyCondition {
1047 };
1048
1049
1050 // ==================================================================
1051 a.dunfey 1.1 // SharedSecretAuthentication
1052 // ==================================================================
1053 [Version ( "2.8.0" ), Description (
1054 "A class describing a company's and/or administrator's "
1055 "credential requirements that should be authenticated in order "
1056 "to establish/trust a CIM_Identity. This class defines a "
1057 "specific identity whose shared secret should be authenticated.")]
1058 class CIM_SharedSecretAuthentication : CIM_AuthenticationCondition {
1059
1060 [Description (
1061 "String defining the principal's ID whose secret is "
1062 "authenticated.")]
1063 string IDOfPrincipal;
1064
1065 [Description (
1066 "String defining a hostname, URI or service/application "
1067 "name. It defines the specific system or service which "
1068 "provides the context for the shared secret.")]
1069 string ContextOfSecret;
1070 };
1071
1072 a.dunfey 1.1
1073 // ==================================================================
1074 // AccountAuthentication
1075 // ==================================================================
1076 [Version ( "2.8.0" ), Description (
1077 "A class describing a company's and/or administrator's "
1078 "credential requirements that should be authenticated in order "
1079 "to establish/trust a CIM_Identity. This class defines a "
1080 "specific identity whose account credentials should be "
1081 "authenticated.")]
1082 class CIM_AccountAuthentication : CIM_AuthenticationCondition {
1083
1084 [Description (
1085 "String defining the account's ID which is authenticated.")]
1086 string AccountID;
1087
1088 [Description (
1089 "String defining a hostname, URI or other information "
1090 "identifying the system where the Account resides.")]
1091 string AccountContext;
1092 };
1093 a.dunfey 1.1
1094
1095 // ==================================================================
1096 // BiometricAuthentication
1097 // ==================================================================
1098 [Version ( "2.8.0" ), Description (
1099 "A class describing a company's and/or administrator's "
1100 "credential requirements that should be authenticated in order "
1101 "to establish/trust a CIM_Identity. This class defines specific "
1102 "biometric data that should be authenticated.")]
1103 class CIM_BiometricAuthentication : CIM_AuthenticationCondition {
1104
1105 [Description (
1106 "Integer enumeration identifying the biometric data that "
1107 "should be authenticated."),
1108 ValueMap { "1", "2", "3", "4", "5", "6","7", "8" },
1109 Values { "Other", "Facial", "Retina", "Mark", "Finger", "Voice",
1110 "DNA-RNA", "EEG" },
1111 ModelCorrespondence {
1112 "CIM_BiometricAuthentication.OtherBiometric" }]
1113 uint16 TypeOfBiometric;
1114 a.dunfey 1.1
1115 [Description (
1116 "String specifying the biometric when the TypeOfBiometric "
1117 "property is set to 1, \"Other\"."),
1118 ModelCorrespondence {
1119 "CIM_BiometricAuthentication.TypeOfBiometric" }]
1120 string OtherBiometric;
1121
1122 [Description (
1123 "String defining a specific biometric code, which may be "
1124 "validated by the security infrastructure. If this property "
1125 "is left blank, it is the responsibility of the "
1126 "infrastructure to verify the biometric (which MUST be of a "
1127 "type specified by the TypeOfBiometric property).")]
1128 string PersonalIdentifier;
1129 };
1130
1131
1132 // ==================================================================
1133 // NetworkingIDAuthentication
1134 // ==================================================================
1135 a.dunfey 1.1 [Version ( "2.8.0" ), Description (
1136 "A class describing a company's and/or administrator's "
1137 "credential requirements that should be authenticated in order "
1138 "to establish/trust a CIM_Identity. This class specifies that a "
1139 "networking ID or address should be verified.")]
1140 class CIM_NetworkingIDAuthentication : CIM_AuthenticationCondition {
1141
1142 [Description (
1143 "A string defining the specific type/subclass of "
1144 "CIM_Identity which specifies the networking information. "
1145 "For example, CIM_StorageHardwareID would be entered in this "
1146 "property to identify that a 'known' port should be "
1147 "observed.")]
1148 string NetworkingIdentityClassName;
1149 };
1150
1151
1152 // ==================================================================
1153 // PublicPrivateKeyAuthentication
1154 // ==================================================================
1155 [Version ( "2.8.0" ), Description (
1156 a.dunfey 1.1 "A class describing a company's and/or administrator's "
1157 "credential requirements that should be authenticated in order "
1158 "to establish/trust a CIM_Identity. This class defines the "
1159 "specific public/private key pair that should be authenticated.")]
1160 class CIM_PublicPrivateKeyAuthentication : CIM_AuthenticationCondition {
1161
1162 [Description (
1163 "Boolean indicating whether the key pair is self-issued "
1164 "(TRUE) or issued by a Certificate Authority (FALSE).")]
1165 boolean SelfIssuedKey;
1166
1167 [Description (
1168 "String holding the user's (distinguished) name.")]
1169 string DistinguishedName;
1170
1171 [Description (
1172 "String holding the public key data.")]
1173 string PublicKey;
1174 };
1175
1176
1177 a.dunfey 1.1 // ==================================================================
1178 // KerberosAuthentication
1179 // ==================================================================
1180 [Version ( "2.8.0" ), Description (
1181 "A class describing a company's and/or administrator's "
1182 "credential requirements that should be authenticated in order "
1183 "to establish/trust a CIM_Identity. This class defines a user "
1184 "whose Kerberos ticket should be authenticated.")]
1185 class CIM_KerberosAuthentication : CIM_AuthenticationCondition {
1186
1187 [Description (
1188 "String holding the user name for which the ticket is "
1189 "issued.")]
1190 string UserName;
1191 };
1192
1193
1194 // ==================================================================
1195 // DocumentAuthentication
1196 // ==================================================================
1197 [Version ( "2.8.0" ), Description (
1198 a.dunfey 1.1 "A class describing a company's and/or administrator's "
1199 "credential requirements that should be authenticated in order "
1200 "to establish/trust a CIM_Identity. This class defines the "
1201 "specific document that should be authenticated.")]
1202 class CIM_DocumentAuthentication : CIM_AuthenticationCondition {
1203
1204 [Description (
1205 "Integer enumeration identifying the document that should be "
1206 "authenticated."),
1207 ValueMap { "1", "2", "3", "4", "5", "6","7" },
1208 Values { "Other", "Passport", "Birth Certificate",
1209 "Credit Card", "Drivers License", "Membership Card",
1210 "Social Security Card" },
1211 ModelCorrespondence { "CIM_DocumentAuthentication.OtherDocument"
1212 }]
1213 uint16 TypeOfDocument;
1214
1215 [Description (
1216 "String specifying the document when the TypeOfDocument "
1217 "property is set to 1, \"Other\"."),
1218 ModelCorrespondence {
1219 a.dunfey 1.1 "CIM_DocumentAuthentication.TypeOfDocument" }]
1220 string OtherDocument;
1221
1222 [Description (
1223 "String defining a particular document which may be used in "
1224 "the authentication process for example, a specific driver's "
1225 "license or passport number. If left blank, then any valid "
1226 "document matching the category specified by the "
1227 "TypeOfDocument property, can be accepted.")]
1228 string DocumentIdentifier;
1229 };
1230
1231
1232 // ==================================================================
1233 // PhysicalCredentialAuthentication
1234 // ==================================================================
1235 [Version ( "2.8.0" ), Description (
1236 "A class describing a company's and/or administrator's "
1237 "credential requirements that should be authenticated in order "
1238 "to establish/trust a CIM_Identity. This class defines the "
1239 "specific type of physical credential that should be "
1240 a.dunfey 1.1 "authenticated.")]
1241 class CIM_PhysicalCredentialAuthentication : CIM_AuthenticationCondition {
1242
1243 [Description (
1244 "Integer enumeration identifying the credential that should "
1245 "be authenticated."),
1246 ValueMap { "1", "2", "3", "4" },
1247 Values { "Other", "Magnetic Stripe Card", "Smart Card",
1248 "Password Generator Card" },
1249 ModelCorrespondence {
1250 "CIM_PhysicalCredentialAuthentication.OtherCredential" }]
1251 uint16 TypeOfCredential;
1252
1253 [Description (
1254 "String specifying the credential when the TypeOfCredential "
1255 "property is set to 1, \"Other\"."),
1256 ModelCorrespondence {
1257 "CIM_PhysicalCredentialAuthentication.TypeOfCredential" }]
1258 string OtherCredential;
1259
1260 [Description (
1261 a.dunfey 1.1 "String defining a character or binary sequence, which is "
1262 "built into the physical credential to identify it. If left "
1263 "blank, it is the responsibility of the security "
1264 "infrastructure to verify that a valid credential (of the "
1265 "specified type) has been used.")]
1266 string PhysicalIdentifier;
1267 };
1268
1269 // ==================================================================
1270 // AuthorizationRule
1271 // ==================================================================
1272 [Experimental, Version ( "2.8.1000" ), Description (
1273 "A class representing a company's and/or administrator's rules "
1274 "with respect to authorizing Identities (subjects), for access "
1275 "of target elements, based on associated Privileges/Roles. This "
1276 "includes dynamically permitting and denying access, statically "
1277 "adding or removing Identities (i.e., Subjects) and Targets "
1278 "to/from Roles via the MemberOfCollection and "
1279 "RoleLimitedToTarget associations, and adding or removing "
1280 "AuthorizedSubject and AuthorizedTarget associations when "
1281 "AuthorizedPrivilege classes are implemented. \n"
1282 a.dunfey 1.1 "\n"
1283 "Explaining this in more detail: If a request is made to access "
1284 "a target element associated to this AuthorizationRule via "
1285 "AuthorizationRuleAppliesToTarget, the rights to execute the "
1286 "request are verified by searching for matching Privilege "
1287 "instances and an associated Identity that is tied to the "
1288 "requestor. An Identity is associated to the rule using "
1289 "AuthorizationRuleAppliesToSubject. The associations of "
1290 "Privileges to an AuthorizationRule are either individually "
1291 "using AuthorizationRuleAppliesToPrivilege, or via collection "
1292 "into a Role class (where the Role is associated to the rule "
1293 "using AuthorizationRuleAppliesToRole). If the Identity's "
1294 "CurrentlyAuthorized property is TRUE and a corresponding "
1295 "'granting' Privilege is defined, then the request for access "
1296 "is authorized. If any of the preceding conditions do not hold, "
1297 "then the request is denied. \n"
1298 "\n"
1299 "Note that the evaluation of the AuthorizationRule's conditions "
1300 "MAY result in the 'static' instantiation of associations to "
1301 "AuthorizedPrivilege or Role - that are then traversed to "
1302 "determine access. Targets MAY be statically associated to "
1303 a.dunfey 1.1 "Privileges or Roles using the AuthorizedTarget and "
1304 "RoleLimitedToTarget relationships, respectively. Identities "
1305 "MAY be statically associated to Privileges or Roles using the "
1306 "AuthorizedSubject and MemberOfCollection relationships, "
1307 "respectively.")]
1308 class CIM_AuthorizationRule : CIM_PolicyRule {
1309 };
1310
1311 // ==================================================================
1312 // PrivilegePropagationRule
1313 // ==================================================================
1314 [Experimental, Version ( "2.8.1000" ), Description (
1315 "A class representing a company's and/or administrator's rules "
1316 "with respect to propagating Privileges across Subjects (i.e., "
1317 "delegation) or Targets. The Subjects/ Targets are identified "
1318 "within the PolicyConditions and PolicyActions, and/or using "
1319 "the association, PolicySetAppliesToElement. An example of a "
1320 "Privilege PropagationRule is the propagation of privileges "
1321 "granted to access a directory that then applies to all the "
1322 "files within the directory.")]
1323 class CIM_PrivilegePropagationRule : CIM_PolicyRule {
1324 a.dunfey 1.1 };
1325
1326
1327
1328 // ==================================================================
1329 // VendorPolicyCondition
1330 // ==================================================================
1331 [Version ( "2.6.0" ), Description (
1332 "A class that provides a general extension mechanism for "
1333 "representing PolicyConditions that have not been modeled with "
1334 "specific properties. Instead, the two properties Constraint "
1335 "and ConstraintEncoding are used to define the content and "
1336 "format of the Condition, as explained below. \n"
1337 "\n"
1338 "As its name suggests, VendorPolicyCondition is intended for "
1339 "vendor-specific extensions to the Policy Core Information "
1340 "Model. Standardized extensions are not expected to use this "
1341 "class.")]
1342 class CIM_VendorPolicyCondition : CIM_PolicyCondition {
1343
1344 [Description (
1345 a.dunfey 1.1 "This property provides a general extension mechanism for "
1346 "representing PolicyConditions that have not been modeled "
1347 "with specific properties. The format of the octet strings "
1348 "in the array is left unspecified in this definition. It is "
1349 "determined by the OID value stored in the property "
1350 "ConstraintEncoding. Since ConstraintEncoding is "
1351 "single-valued, all the values of Constraint share the same "
1352 "format and semantics."),
1353 OctetString,
1354 ModelCorrespondence {
1355 "CIM_VendorPolicyCondition.ConstraintEncoding" }]
1356 string Constraint[];
1357
1358 [Description (
1359 "An OID encoded as a string, identifying the format and "
1360 "semantics for this instance's Constraint property."),
1361 ModelCorrespondence { "CIM_VendorPolicyCondition.Constraint" }]
1362 string ConstraintEncoding;
1363 };
1364
1365
1366 a.dunfey 1.1 // ==================================================================
1367 // PacketFilterCondition
1368 // ==================================================================
1369 [Version ( "2.8.0" ), Description (
1370 "PacketFilterCondition specifies packet selection criteria (via "
1371 "association to FilterLists) for firewall policies, IPsec "
1372 "policies and similar uses. It is used as an anchor point to "
1373 "associate various types of filters with policy rules via the "
1374 "FilterOfPacketCondition association. By definition, policy "
1375 "rules that aggregate PacketFilterCondition are assumed to "
1376 "operate against every packet received and/or transmitted from "
1377 "an ingress and/or egress point. (Whether policy condition "
1378 "evaluation occurs at ingress or egress is specified by the "
1379 "Direction property in the associated FilterList.) "
1380 "PacketFilterCondition MAY also be used to define the specific "
1381 "CredentialManagementService that validates the credentials "
1382 "carried in a packet. This is accomplished using the "
1383 "association, AcceptCredentialFrom. \n"
1384 "\n"
1385 "Associated objects (such as FilterListsor Credential "
1386 "ManagementServices) represent components of the condition that "
1387 a.dunfey 1.1 "MAY or MAY NOT apply at a given rule evaluation. For example, "
1388 "an AcceptCredentialFrom evaluation is only performed when a "
1389 "credential is available to be evaluated and compared against "
1390 "the list of trusted credential management services. Similarly, "
1391 "a PeerIDPayloadFilterEntry MAY only be evaluated when an ID "
1392 "payload is available for checking. Condition components that "
1393 "do not have applicability at rule evaluation time, MUST be "
1394 "evaluated to TRUE."),
1395 MappingStrings { "IPSP Policy Model.IETF|SACondition" }]
1396 class CIM_PacketFilterCondition : CIM_PolicyCondition {
1397
1398 };
1399
1400 // ==================================================================
1401 // PolicyAction
1402 // ==================================================================
1403 [Abstract, Version ( "2.8.0" ), Description (
1404 "A class representing a rule-specific or reusable policy action "
1405 "to be performed if the PolicyConditions for a Policy Rule "
1406 "evaluate to TRUE. Since all operational details of a "
1407 "PolicyAction are provided in subclasses of this object, this "
1408 a.dunfey 1.1 "class is abstract.")]
1409 class CIM_PolicyAction : CIM_Policy {
1410
1411 [Key, Description (
1412 "The name of the class or the subclass used in the creation "
1413 "of the System object in whose scope this PolicyAction is "
1414 "defined. \n"
1415 "\n"
1416 "This property helps to identify the System object in whose "
1417 "scope this instance of PolicyAction exists. For a "
1418 "rule-specific PolicyAction, this is the System in whose "
1419 "context the PolicyRule is defined. For a reusable "
1420 "PolicyAction, this is the instance of PolicyRepository "
1421 "(which is a subclass of System) that holds the Action. \n"
1422 "\n"
1423 "Note that this property, and the analogous property "
1424 "SystemName, do not represent propagated keys from an "
1425 "instance of the class System. Instead, they are properties "
1426 "defined in the context of this class, which repeat the "
1427 "values from the instance of System to which this "
1428 "PolicyAction is related, either directly via the "
1429 a.dunfey 1.1 "PolicyActionInPolicyRepository association or indirectly "
1430 "via the PolicyActionInPolicyRule aggregation."),
1431 MaxLen ( 256 )]
1432 string SystemCreationClassName;
1433
1434 [Key, Description (
1435 "The name of the System object in whose scope this "
1436 "PolicyAction is defined. \n"
1437 "\n"
1438 "This property completes the identification of the System "
1439 "object in whose scope this instance of PolicyAction exists. "
1440 "For a rule-specific PolicyAction, this is the System in "
1441 "whose context the PolicyRule is defined. For a reusable "
1442 "PolicyAction, this is the instance of PolicyRepository "
1443 "(which is a subclass of System) that holds the Action."),
1444 MaxLen ( 256 )]
1445 string SystemName;
1446
1447 [Key, Description (
1448 "For a rule-specific PolicyAction, the CreationClassName of "
1449 "the PolicyRule object with which this Action is associated. "
1450 a.dunfey 1.1 "For a reusable PolicyAction, a special value, 'NO RULE', "
1451 "should be used to indicate that this Action is reusable and "
1452 "not associated with a single PolicyRule."),
1453 MaxLen ( 256 )]
1454 string PolicyRuleCreationClassName;
1455
1456 [Key, Description (
1457 "For a rule-specific PolicyAction, the name of the "
1458 "PolicyRule object with which this Action is associated. For "
1459 "a reusable PolicyAction, a special value, 'NO RULE', should "
1460 "be used to indicate that this Action is reusable and not "
1461 "associated with a single PolicyRule."),
1462 MaxLen ( 256 )]
1463 string PolicyRuleName;
1464
1465 [Key, Description (
1466 "CreationClassName indicates the name of the class or the "
1467 "subclass used in the creation of an instance. When used "
1468 "with the other key properties of this class, this property "
1469 "allows all instances of this class and its subclasses to be "
1470 "uniquely identified."),
1471 a.dunfey 1.1 MaxLen ( 256 )]
1472 string CreationClassName;
1473
1474 [Key, Description (
1475 "A user-friendly name of this PolicyAction."),
1476 MaxLen ( 256 )]
1477 string PolicyActionName;
1478
1479 [Description (
1480 "DoActionLogging causes a log message to be generated when "
1481 "the action is performed.")]
1482 boolean DoActionLogging;
1483 };
1484
1485 // ====================================================================
1486 // MethodAction
1487 // ====================================================================
1488 [Experimental, Version ( "2.8.1000" ), Description (
1489 "MethodAction is a PolicyAction that MAY invoke methods as "
1490 "defined by a query. If there are no results returned from the "
1491 "query, then no methods are called, otherwise each query result "
1492 a.dunfey 1.1 "row defines the method to call and its parameters. The called "
1493 "method MAY be either an intrinsic method of a CIM Namespace or "
1494 "an extrinsic method of a CIM_ManagedElement. \n"
1495 "\n"
1496 "In order to correlate between methods called by this "
1497 "MethodAction and any other invoked Methods, InstMethodCall "
1498 "indications MAY be created for the method calls that result "
1499 "from this MethodAction. These indications are named by the "
1500 "value in the InstMethodCallName property. These indications "
1501 "MUST be produced if that InstMethodCallName value is included "
1502 "in the FROM clause of the query of some other MethodAction "
1503 "instance within the same PolicyRule. (The details of how this "
1504 "is accomplished are implementation dependent.) \n"
1505 "\n"
1506 "The input parameters to the method are defined by the query "
1507 "and MAY be fixed values defined by literals or MAY be defined "
1508 "by reference to one or more properties of classes named in the "
1509 "FROM clause of the query. The referenced objects MAY be those "
1510 "produced by QueryConditions or MethodActions instances "
1511 "associated to the same PolicyRule instance.")]
1512 class CIM_MethodAction : CIM_PolicyAction {
1513 a.dunfey 1.1
1514 [Required, Description (
1515 "In the context of the associated PolicyRule, "
1516 "InstMethodCallName defines a unique name for the "
1517 "InstMethodCall instances that result from the methods "
1518 "invoked as a result of evaluating the Query string. This "
1519 "name MAY be used in subsequent MethodActions of the same "
1520 "PolicyRule to identify the set of InstMethodCall instances "
1521 "that result from evaluation of this MethodAction in the "
1522 "context of its PolicyRule. This string is treated as a "
1523 "class name, in a query statement."),
1524 ModelCorrespondence { "CIM_MethodAction.Query" }]
1525 string InstMethodCallName;
1526
1527 [Required, Description (
1528 "A query expression that defines the method to invoke and "
1529 "its input parameters. These are defined by the first and "
1530 "subsequent select-list entries in the Query string's "
1531 "select-criteria. The FROM clause MAY reference any object, "
1532 "including those named by the QueryResultName and "
1533 "MethodCallName produced by QueryConditions or MethodActions "
1534 a.dunfey 1.1 "of the same PolicyRule. \n"
1535 "\n"
1536 "Note that both intrinsic and extrinsic methods MAY be "
1537 "called. The first select-list entry MUST be an object Path "
1538 "to a method. For consistency it SHOULD be called "
1539 "MethodName. However, if there is a conflict with existing "
1540 "parameter names, it MAY be called something else. The "
1541 "remaining select list entries are not positional and MUST "
1542 "use the name of the corresponding method parameter."),
1543 ModelCorrespondence { "CIM_MethodAction.InstMethodCallName",
1544 "CIM_MethodAction.QueryLanguage" }]
1545 string Query;
1546
1547 [Required, Description (
1548 "The language in which the Query string is expressed."),
1549 ValueMap { "2", "..", "0x8000.." },
1550 Values { "CQL", "DMTF Reserved", "Vendor Reserved" },
1551 ModelCorrespondence { "CIM_MethodAction.Query" }]
1552 uint16 QueryLanguage = 2;
1553
1554 };
1555 a.dunfey 1.1
1556
1557 // ==================================================================
1558 // VendorPolicyAction
1559 // ==================================================================
1560 [Version ( "2.6.0" ), Description (
1561 "A class that provides a general extension mechanism for "
1562 "representing PolicyActions that have not been modeled with "
1563 "specific properties. Instead, the two properties ActionData "
1564 "and ActionEncoding are used to define the content and format "
1565 "of the Action, as explained below. \n"
1566 "\n"
1567 "As its name suggests, VendorPolicyAction is intended for "
1568 "vendor-specific extensions to the Policy Core Information "
1569 "Model. Standardized extensions are not expected to use this "
1570 "class.")]
1571 class CIM_VendorPolicyAction : CIM_PolicyAction {
1572
1573 [Description (
1574 "This property provides a general extension mechanism for "
1575 "representing PolicyActions that have not been modeled with "
1576 a.dunfey 1.1 "specific properties. The format of the octet strings in the "
1577 "array is left unspecified in this definition. It is "
1578 "determined by the OID value stored in the property "
1579 "ActionEncoding. Since ActionEncoding is single-valued, all "
1580 "the values of ActionData share the same format and "
1581 "semantics."),
1582 OctetString,
1583 ModelCorrespondence { "CIM_VendorPolicyAction.ActionEncoding" }]
1584 string ActionData[];
1585
1586 [Description (
1587 "An OID encoded as a string, identifying the format and "
1588 "semantics for this instance's ActionData property."),
1589 ModelCorrespondence { "CIM_VendorPolicyAction.ActionData" }]
1590 string ActionEncoding;
1591 };
1592
1593
1594 // ==================================================================
1595 // CompoundPolicyAction
1596 // ==================================================================
1597 a.dunfey 1.1 [Version ( "2.6.0" ), Description (
1598 "CompoundPolicyAction is used to represent an expression "
1599 "consisting of an ordered sequence of action terms. Each action "
1600 "term is represented as a subclass of the PolicyAction class. "
1601 "Compound actions are constructed by associating dependent "
1602 "action terms together using the PolicyActionInPolicyAction "
1603 "aggregation.")]
1604 class CIM_CompoundPolicyAction : CIM_PolicyAction {
1605
1606 [Description (
1607 "This property gives a policy administrator a way of "
1608 "specifying how the ordering of the PolicyActions associated "
1609 "with this PolicyRule is to be interpreted. Three values are "
1610 "supported: \n"
1611 "o mandatory(1): Do the actions in the indicated order, or "
1612 "don't do them at all. \n"
1613 "o recommended(2): Do the actions in the indicated order if "
1614 "you can, but if you can't do them in this order, do them in "
1615 "another order if you can. \n"
1616 "o dontCare(3): Do them -- I don't care about the order. \n"
1617 "The default value is 3 (\"DontCare\")."),
1618 a.dunfey 1.1 ValueMap { "1", "2", "3" },
1619 Values { "Mandatory", "Recommended", "Dont Care" }]
1620 uint16 SequencedActions=3;
1621
1622 [Description (
1623 "ExecutionStrategy defines the strategy to be used in "
1624 "executing the sequenced actions aggregated by this "
1625 "CompoundPolicyAction. There are three execution strategies: "
1626 "\n\n"
1627 "Do Until Success - execute actions according to predefined "
1628 "order, until successful execution of a single action. \n"
1629 "Do All - execute ALL actions which are part of the modeled "
1630 "set, according to their predefined order. Continue doing "
1631 "this, even if one or more of the actions fails. \n"
1632 "Do Until Failure - execute actions according to predefined "
1633 "order, until the first failure in execution of an action "
1634 "instance. \n"
1635 "The default value is 2 (\"Do All\")."),
1636 ValueMap { "1", "2", "3" },
1637 Values { "Do Until Success", "Do All", "Do Until Failure" }]
1638 uint16 ExecutionStrategy=2;
1639 a.dunfey 1.1 };
1640
1641
1642 // ==================================================================
1643 // NetworkPacketAction
1644 // ==================================================================
1645 [Version ( "2.8.0" ), Description (
1646 "NetworkPacketAction standardizes different processing options "
1647 "that can be taken at the network packet level. The specific "
1648 "action is defined in the PacketAction enumerated property. "
1649 "Note that this property can be used in conjunction with other "
1650 "actions aggregated into a Rule, to fully define its effects. "
1651 "For example, when aggregated with the SAStaticAction class, "
1652 "NetworkPacketAction indicates whether a specific packet will "
1653 "be encrypted, bypassed or discarded for the lifetime of the "
1654 "Security Association.")]
1655 class CIM_NetworkPacketAction : CIM_PolicyAction {
1656
1657 [Description (
1658 "A network packet can be processed, bypassed for processing "
1659 "(i.e., allowed to continue without further processing, such "
1660 a.dunfey 1.1 "as being forwarded in the clear versus being encrypted), or "
1661 "discarded. This enumeration indicates how a packet should "
1662 "be handled if a PolicyRule's PolicyConditions evaluate to "
1663 "TRUE."),
1664 ValueMap { "1", "2", "3", "4" },
1665 Values { "Other", "Processed", "Bypassed", "Discarded" },
1666 MappingStrings { "IPSP Policy Model.IETF|IPsecBypassAction",
1667 "IPSP Policy Model.IETF|IPsecDiscardAction" },
1668 ModelCorrespondence { "CIM_NetworkPacketAction.OtherAction" }]
1669 uint16 PacketAction;
1670
1671 [Description (
1672 "Description of the action when the value 1 (\"Other\") is "
1673 "specified for the property, PacketAction."),
1674 ModelCorrespondence { "CIM_NetworkPacketAction.PacketAction" }]
1675 string OtherAction;
1676 };
1677
1678
1679 // ==================================================================
1680 // RejectConnectionAction
1681 a.dunfey 1.1 // ==================================================================
1682 [Version ( "2.8.0" ), Description (
1683 "RejectConnectionAction is used to cause a connection or its "
1684 "negotiation to be terminated. For example, it can be used in "
1685 "conjunction with an address filter on UDP port 500 to reduce "
1686 "Denial of Service vulnerability. As another example, it can be "
1687 "specified as a low priority rule to explicitly define the "
1688 "default action for IKE key exchange negotiations - i.e., if "
1689 "the higher priority rules are not satisfied, then reject the "
1690 "connection negotiation."),
1691 MappingStrings { "IPSP Policy Model.IETF|IKERejectAction" }]
1692 class CIM_RejectConnectionAction : CIM_PolicyAction {
1693 };
1694
1695
1696 // ==================================================================
1697 // PolicyRoleCollection
1698 // ==================================================================
1699 [Version ( "2.8.0" ), Description (
1700 "PolicyRoleCollection is used to represent a collection of "
1701 "ManagedElements that share a common policy role, and the "
1702 a.dunfey 1.1 "PolicySets that CAN BE applied to those elements. (Note that "
1703 "the PolicySets that are CURRENTLY applied are indicated via "
1704 "instances of the association, PolicySetAppliesToElement.) The "
1705 "PolicyRoleCollection always exists in the context of a System, "
1706 "specified using the PolicyRoleCollectionInSystem aggregation. "
1707 "The value of the PolicyRole property in this class specifies "
1708 "the role. It is defined as a free-form string. ManagedElements "
1709 "that share the role defined in this collection are aggregated "
1710 "into the Collection via the ElementInPolicyRoleCollection "
1711 "association.")]
1712 class CIM_PolicyRoleCollection : CIM_SystemSpecificCollection {
1713
1714 [Required, Description (
1715 "The PolicyRole name for the PolicySets and other "
1716 "ManagedElements that are identified and aggregated by the "
1717 "Collection. Note that the aggregated PolicySets define the "
1718 "rules and groups of rules that may be applied to the "
1719 "associated ManagedElements. \n"
1720 "\n"
1721 "Although not officially designated as 'role combinations', "
1722 "multiple roles may be specified using the form: \n"
1723 a.dunfey 1.1 "<RoleName>[&&<RoleName>]* \n"
1724 "where the individual role names appear in alphabetical "
1725 "order (according to the collating sequence for UCS-2). "
1726 "Implementations may treat PolicyRole values that are "
1727 "specified as 'role combinations' as simple strings.")]
1728 string PolicyRole;
1729
1730 [Description (
1731 "Activates/applies the PolicySets aggregated into this "
1732 "Collection to the specified ManagedElement. The "
1733 "ManagedElement MUST be a member of the Collection, "
1734 "associated via ElementInPolicyRoleCollection. The result of "
1735 "this method, if it is successfully executed, is that the "
1736 "aggregated PolicySets are deployed and enforced for the "
1737 "Element. This is reflected by the instantiation of the "
1738 "PolicySetAppliesToElement association between the named "
1739 "Element and each PolicySet."),
1740 ValueMap { "0", "1", "2", "3", "4", "..", "0x8000.." },
1741 Values { "Success", "Not Supported", "Unknown", "Timeout",
1742 "Failed", "DMTF Reserved", "Vendor Specific" }]
1743 uint32 ActivatePolicySet(
1744 a.dunfey 1.1
1745 [IN, Description (
1746 "The ManagedElement to which the aggregated PolicySets of "
1747 "this Collection are applied.")]
1748 CIM_ManagedElement REF Element);
1749
1750 [Description (
1751 "Deactivates the aggregated PolicySets for the specified "
1752 "ManagedElement. The result of this method, if it is "
1753 "successfully executed, is that the aggregated PolicySets "
1754 "are NOT enforced for the Element. This is reflected by the "
1755 "removal of the PolicySetAppliesToElement association "
1756 "between the named Element and each PolicySet. If a "
1757 "PolicySet is not currently enforced for the ManagedElement, "
1758 "then this method has no effect for that Set."),
1759 ValueMap { "0", "1", "2", "3", "4", "..", "0x8000..0xFFFF" },
1760 Values { "Success", "Not Supported", "Unknown", "Timeout",
1761 "Failed", "DMTF Reserved", "Vendor Specific" }]
1762 uint32 DeactivatePolicySet(
1763 [IN, Description (
1764 "The ManagedElement to which the aggregated PolicySets of "
1765 a.dunfey 1.1 "this Collection MUST NOT apply.")]
1766 CIM_ManagedElement REF Element);
1767 };
1768
1769
1770 // ==================================================================
1771 // === Association classes ===
1772 // ==================================================================
1773
1774
1775 // ==================================================================
1776 // PolicyComponent
1777 // ==================================================================
1778 [Association, Abstract, Aggregation, Version ( "2.6.0" ),
1779 Description (
1780 "CIM_PolicyComponent is a generic association used to establish "
1781 "'part of' relationships between the subclasses of CIM_Policy. "
1782 "For example, the PolicyConditionInPolicyRule association "
1783 "defines that PolicyConditions are part of a PolicyRule.")]
1784 class CIM_PolicyComponent : CIM_Component {
1785
1786 a.dunfey 1.1 [Aggregate, Override ( "GroupComponent" ), Description (
1787 "The parent Policy in the association.")]
1788 CIM_Policy REF GroupComponent;
1789
1790 [Override ( "PartComponent" ), Description (
1791 "The child/part Policy in the association.")]
1792 CIM_Policy REF PartComponent;
1793 };
1794
1795
1796 // ==================================================================
1797 // PolicyInSystem
1798 // ==================================================================
1799 [Association, Abstract, Version ( "2.8.0" ), Description (
1800 "CIM_PolicyInSystem is a generic association used to establish "
1801 "dependency relationships between Policies and the Systems that "
1802 "host them. These Systems may be ComputerSystems where Policies "
1803 "are 'running' or they may be Policy Repositories where "
1804 "Policies are stored. This relationship is similar to the "
1805 "concept of CIM_Services being dependent on CIM_Systems as "
1806 "defined by the HostedService association. \n"
1807 a.dunfey 1.1 "\n"
1808 "Cardinality is Max (1) for the Antecedent/System reference "
1809 "since Policies can only be hosted in at most one System "
1810 "context. Some subclasses of the association will further "
1811 "refine this definition to make the Policies Weak to Systems. "
1812 "Other subclasses of PolicyInSystem will define an optional "
1813 "hosting relationship. Examples of each of these are the "
1814 "PolicyRuleInSystem and PolicyConditionIn PolicyRepository "
1815 "associations, respectively.")]
1816 class CIM_PolicyInSystem : CIM_HostedDependency {
1817
1818 [Override ( "Antecedent" ), Max ( 1 ), Description (
1819 "The hosting System.")]
1820 CIM_System REF Antecedent;
1821
1822 [Override ( "Dependent" ), Description (
1823 "The hosted Policy.")]
1824 CIM_Policy REF Dependent;
1825 };
1826
1827
1828 a.dunfey 1.1 // ==================================================================
1829 // PolicySetInSystem
1830 // ==================================================================
1831 [Association, Abstract, Version ( "2.6.0" ), Description (
1832 "PolicySetInSystem is an abstract association class that "
1833 "represents a relationship between a System and a PolicySet "
1834 "used in the administrative scope of that system (e.g., "
1835 "AdminDomain, ComputerSystem). The Priority property is used to "
1836 "assign a relative priority to a PolicySet within the "
1837 "administrative scope in contexts where it is not a component "
1838 "of another PolicySet.")]
1839 class CIM_PolicySetInSystem : CIM_PolicyInSystem {
1840
1841 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
1842 "The System in whose scope a PolicySet is defined.")]
1843 CIM_System REF Antecedent;
1844
1845 [Override ( "Dependent" ), Description (
1846 "A PolicySet named within the scope of a System.")]
1847 CIM_PolicySet REF Dependent;
1848
1849 a.dunfey 1.1 [Description (
1850 "The Priority property is used to specify the relative "
1851 "priority of the referenced PolicySet when there are more "
1852 "than one PolicySet instances applied to a managed resource "
1853 "that are not PolicySetComponents and, therefore, have no "
1854 "other relative priority defined. The priority is a "
1855 "non-negative integer; a larger value indicates a higher "
1856 "priority.")]
1857 uint16 Priority;
1858 };
1859
1860
1861 // ==================================================================
1862 // PolicyGroupInSystem
1863 // ==================================================================
1864 [Association, Version ( "2.6.0" ), Description (
1865 "An association that links a PolicyGroup to the System in whose "
1866 "scope the Group is defined.")]
1867 class CIM_PolicyGroupInSystem : CIM_PolicySetInSystem {
1868
1869 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
1870 a.dunfey 1.1 "The System in whose scope a PolicyGroup is defined.")]
1871 CIM_System REF Antecedent;
1872
1873 [Override ( "Dependent" ), Weak, Description (
1874 "A PolicyGroup named within the scope of a System.")]
1875 CIM_PolicyGroup REF Dependent;
1876 };
1877
1878
1879 // ==================================================================
1880 // PolicyRuleInSystem
1881 // ==================================================================
1882 [Association, Version ( "2.6.0" ), Description (
1883 "An association that links a PolicyRule to the System in whose "
1884 "scope the Rule is defined.")]
1885 class CIM_PolicyRuleInSystem : CIM_PolicySetInSystem {
1886
1887 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
1888 "The System in whose scope a PolicyRule is defined.")]
1889 CIM_System REF Antecedent;
1890
1891 a.dunfey 1.1 [Override ( "Dependent" ), Weak, Description (
1892 "A PolicyRule named within the scope of a System.")]
1893 CIM_PolicyRule REF Dependent;
1894 };
1895
1896
1897 // ==================================================================
1898 // PolicySetComponent
1899 // ==================================================================
1900 [Association, Aggregation, Version ( "2.6.0" ), Description (
1901 "PolicySetComponent is a concrete aggregation that collects "
1902 "instances of the subclasses of PolicySet (i.e., PolicyGroups "
1903 "and PolicyRules). Instances are collected in sets that use the "
1904 "same decision strategy. They are prioritized relative to each "
1905 "other, within the set, using the Priority property of this "
1906 "aggregation. \n"
1907 "\n"
1908 "Together, the PolicySet.PolicyDecisionStrategy and PolicySet "
1909 "Component.Priority properties determine the processing for the "
1910 "groups and rules contained in a PolicySet. A larger priority "
1911 "value represents a higher priority. Note that the Priority "
1912 a.dunfey 1.1 "property MUST have a unique value when compared with others "
1913 "defined for the same aggregating PolicySet. Thus, the "
1914 "evaluation of rules within a set is deterministically "
1915 "specified.")]
1916 class CIM_PolicySetComponent : CIM_PolicyComponent {
1917
1918 [Aggregate, Override ( "GroupComponent" ), Description (
1919 "A PolicySet that aggregates other PolicySet instances.")]
1920 CIM_PolicySet REF GroupComponent;
1921
1922 [Override ( "PartComponent" ), Description (
1923 "A PolicySet aggregated into a PolicySet.")]
1924 CIM_PolicySet REF PartComponent;
1925
1926 [Description (
1927 "A non-negative integer for prioritizing this PolicySet "
1928 "component relative to other elements of the same PolicySet. "
1929 "A larger value indicates a higher priority. The Priority "
1930 "property MUST have a unique value when compared with others "
1931 "defined for the same aggregating PolicySet.")]
1932 uint16 Priority;
1933 a.dunfey 1.1 };
1934
1935
1936 // ==================================================================
1937 // PolicyGroupInPolicyGroup *** deprecated
1938 // ==================================================================
1939 [Association, Deprecated { "CIM_PolicySetComponent" }, Aggregation,
1940 Version ( "2.7.0" ), Description (
1941 "PolicySetComponent provides a more general mechanism for "
1942 "aggregating both PolicyGroups and PolicyRules and doing so "
1943 "with the priority value applying only to the aggregated set "
1944 "rather than policy wide. \n"
1945 "\n"
1946 "A relationship that aggregates one or more lower-level "
1947 "PolicyGroups into a higher-level Group. A Policy Group may "
1948 "aggregate PolicyRules and/or other Policy Groups.")]
1949 class CIM_PolicyGroupInPolicyGroup : CIM_PolicyComponent {
1950
1951 [Deprecated { "CIM_PolicySetComponent.GroupComponent" },
1952 Aggregate, Override ( "GroupComponent" ), Description (
1953 "A PolicyGroup that aggregates other Groups.")]
1954 a.dunfey 1.1 CIM_PolicyGroup REF GroupComponent;
1955
1956 [Deprecated { "CIM_PolicySetComponent.PartComponent" },
1957 Override ( "PartComponent" ), Description (
1958 "A PolicyGroup aggregated by another Group.")]
1959 CIM_PolicyGroup REF PartComponent;
1960 };
1961
1962
1963 // ==================================================================
1964 // PolicyRuleInPolicyGroup *** deprecated
1965 // ==================================================================
1966 [Association, Deprecated { "CIM_PolicySetComponent" }, Aggregation,
1967 Version ( "2.7.0" ), Description (
1968 "PolicySetComponent provides a more general mechanism for "
1969 "aggregating both PolicyGroups and PolicyRules and doing so "
1970 "with the priority value applying only to the aggregated set "
1971 "rather than policy wide. \n"
1972 "\n"
1973 "A relationship that aggregates one or more PolicyRules into a "
1974 "PolicyGroup. A PolicyGroup may aggregate PolicyRules and/or "
1975 a.dunfey 1.1 "other PolicyGroups.")]
1976 class CIM_PolicyRuleInPolicyGroup : CIM_PolicyComponent {
1977
1978 [Deprecated { "CIM_PolicySetComponent.GroupComponent" },
1979 Aggregate, Override ( "GroupComponent" ), Description (
1980 "A PolicyGroup that aggregates one or more PolicyRules.")]
1981 CIM_PolicyGroup REF GroupComponent;
1982
1983 [Deprecated { "CIM_PolicySetComponent.PartComponent" },
1984 Override ( "PartComponent" ), Description (
1985 "A PolicyRule aggregated by a PolicyGroup.")]
1986 CIM_PolicyRule REF PartComponent;
1987 };
1988
1989
1990 // ==================================================================
1991 // PolicySetValidityPeriod
1992 // ==================================================================
1993 [Association, Aggregation, Version ( "2.7.0" ), Description (
1994 "The PolicySetValidityPeriod aggregation represents scheduled "
1995 "activation and deactivation of a PolicySet. A PolicySet is "
1996 a.dunfey 1.1 "considered \"active\" if it is both \"Enabled\" and in a valid "
1997 "time period. \n"
1998 "\n"
1999 "If a PolicySet is associated with multiple policy time periods "
2000 "via this association, then the Set is in a valid time period "
2001 "if at least one of the time periods evaluates to TRUE. If a "
2002 "PolicySet is contained in another PolicySet via the "
2003 "PolicySetComponent aggregation (e.g., a PolicyRule in a "
2004 "PolicyGroup), then the contained PolicySet (e.g., PolicyRule) "
2005 "is in a valid period if at least one of the aggregate's "
2006 "PolicyTimePeriodCondition instances evaluates to TRUE and at "
2007 "least one of its own PolicyTimePeriodCondition instances also "
2008 "evalutes to TRUE. (In other words, the "
2009 "PolicyTimePeriodConditions are ORed to determine whether the "
2010 "PolicySet is in a valid time period and then ANDed with the "
2011 "ORed PolicyTimePeriodConditions of each of PolicySet instances "
2012 "in the PolicySetComponent hierarchy to determine if the "
2013 "PolicySet is in a valid time period and, if also \"Enabled\", "
2014 "therefore, active, i.e., the hierachy ANDs the ORed "
2015 "PolicyTimePeriodConditions of the elements of the hierarchy. \n"
2016 "\n"
2017 a.dunfey 1.1 "A Time Period may be aggregated by multiple PolicySets. A Set "
2018 "that does not point to a PolicyTimePeriodCondition via this "
2019 "association, from the point of view of scheduling, is always "
2020 "in a valid time period.")]
2021 class CIM_PolicySetValidityPeriod : CIM_PolicyComponent {
2022
2023 [Aggregate, Override ( "GroupComponent" ), Description (
2024 "This property contains the name of a PolicySet that "
2025 "contains one or more PolicyTimePeriodConditions.")]
2026 CIM_PolicySet REF GroupComponent;
2027
2028 [Override ( "PartComponent" ), Description (
2029 "This property contains the name of a "
2030 "PolicyTimePeriodCondition defining the valid time periods "
2031 "for one or more PolicySets.")]
2032 CIM_PolicyTimePeriodCondition REF PartComponent;
2033 };
2034
2035
2036 // ==================================================================
2037 // PolicyRuleValidityPeriod ** deprecated
2038 a.dunfey 1.1 // ==================================================================
2039 [Association, Deprecated { "CIM_PolicySetValidityPeriod" },
2040 Aggregation, Version ( "2.7.0" ), Description (
2041 "The PolicyRuleValidityPeriod aggregation represents scheduled "
2042 "activation and deactivation of a PolicyRule. If a PolicyRule "
2043 "is associated with multiple policy time periods via this "
2044 "association, then the Rule is active if at least one of the "
2045 "time periods indicates that it is active. (In other words, the "
2046 "PolicyTimePeriodConditions are ORed to determine whether the "
2047 "Rule is active.) A Time Period may be aggregated by multiple "
2048 "PolicyRules. A Rule that does not point to a "
2049 "PolicyTimePeriodCondition via this association is, from the "
2050 "point of view of scheduling, always active. It may, however, "
2051 "be inactive for other reasons. For example, the Rule's Enabled "
2052 "property may be set to \"disabled\" (value=2).")]
2053 class CIM_PolicyRuleValidityPeriod : CIM_PolicyComponent {
2054
2055 [Deprecated { "CIM_PolicySetValidityPeriod.GroupComponent" },
2056 Aggregate, Override ( "GroupComponent" ), Description (
2057 "This property contains the name of a PolicyRule that "
2058 "contains one or more PolicyTimePeriodConditions.")]
2059 a.dunfey 1.1 CIM_PolicyRule REF GroupComponent;
2060
2061 [Deprecated { "CIM_PolicySetValidityPeriod.PartComponent" },
2062 Override ( "PartComponent" ), Description (
2063 "This property contains the name of a "
2064 "PolicyTimePeriodCondition defining the valid time periods "
2065 "for one or more PolicyRules.")]
2066 CIM_PolicyTimePeriodCondition REF PartComponent;
2067 };
2068
2069
2070 // ==================================================================
2071 // PolicyConditionStructure
2072 // ==================================================================
2073 [Association, Abstract, Aggregation, Version ( "2.7.0" ),
2074 Description (
2075 "PolicyConditions may be aggregated into rules and into "
2076 "compound conditions. PolicyConditionStructure is the abstract "
2077 "aggregation class for the structuring of policy conditions. \n"
2078 "\n"
2079 "The Conditions aggregated by a PolicyRule or "
2080 a.dunfey 1.1 "CompoundPolicyCondition are grouped into two levels of lists: "
2081 "either an ORed set of ANDed sets of conditions (DNF, the "
2082 "default) or an ANDed set of ORed sets of conditions (CNF). "
2083 "Individual PolicyConditions in these lists may be negated. The "
2084 "property ConditionListType specifies which of these two "
2085 "grouping schemes applies to a particular PolicyRule or "
2086 "CompoundPolicyCondition instance. \n"
2087 "\n"
2088 "One or more PolicyTimePeriodConditions may be among the "
2089 "conditions associated with a PolicyRule or "
2090 "CompoundPolicyCondition via the PolicyConditionStructure "
2091 "subclass association. In this case, the time periods are "
2092 "simply additional Conditions to be evaluated along with any "
2093 "others that are specified.")]
2094 class CIM_PolicyConditionStructure : CIM_PolicyComponent {
2095
2096 [Aggregate, Override ( "GroupComponent" ), Description (
2097 "This property represents the Policy that contains one or "
2098 "more PolicyConditions.")]
2099 CIM_Policy REF GroupComponent;
2100
2101 a.dunfey 1.1 [Override ( "PartComponent" ), Description (
2102 "This property holds the name of a PolicyCondition contained "
2103 "by one or more PolicyRule or CompoundPolicyCondition "
2104 "instances.")]
2105 CIM_PolicyCondition REF PartComponent;
2106
2107 [Description (
2108 "Unsigned integer indicating the group to which the "
2109 "contained PolicyCondition belongs. This integer segments "
2110 "the Conditions into the ANDed sets (when the "
2111 "ConditionListType is \"DNF\") or, similarly, into the ORed "
2112 "sets (when the ConditionListType is \"CNF\").")]
2113 uint16 GroupNumber;
2114
2115 [Description (
2116 "Indication of whether the contained PolicyCondition is "
2117 "negated. TRUE indicates that the PolicyCondition IS "
2118 "negated, FALSE indicates that it IS NOT negated.")]
2119 boolean ConditionNegated;
2120 };
2121
2122 a.dunfey 1.1
2123 // ==================================================================
2124 // PolicyConditionInPolicyRule
2125 // ==================================================================
2126 [Association, Aggregation, Version ( "2.7.0" ), Description (
2127 "A PolicyRule aggregates zero or more instances of the "
2128 "PolicyCondition class, via the PolicyConditionInPolicyRule "
2129 "association. A Rule that aggregates zero Conditions is not "
2130 "valid; it may, however, be in the process of being defined. "
2131 "Note that a PolicyRule should have no effect until it is "
2132 "valid.")]
2133 class CIM_PolicyConditionInPolicyRule : CIM_PolicyConditionStructure {
2134
2135 [Aggregate, Override ( "GroupComponent" ), Description (
2136 "This property represents the PolicyRule that contains one "
2137 "or more PolicyConditions.")]
2138 CIM_PolicyRule REF GroupComponent;
2139
2140 [Override ( "PartComponent" ), Description (
2141 "This property holds the name of a PolicyCondition contained "
2142 "by one or more PolicyRules.")]
2143 a.dunfey 1.1 CIM_PolicyCondition REF PartComponent;
2144 };
2145
2146
2147 // ==================================================================
2148 // PolicyConditionInPolicyCondition
2149 // ==================================================================
2150 [Association, Aggregation, Version ( "2.7.0" ), Description (
2151 "A CompoundPolicyCondition aggregates zero or more instances of "
2152 "the PolicyCondition class, via the "
2153 "PolicyConditionInPolicyCondition association. A "
2154 "CompoundPolicyCondition that aggregates zero Conditions is not "
2155 "valid; it may, however, be in the process of being defined. "
2156 "Note that a CompoundPolicyCondition should have no effect "
2157 "until it is valid.")]
2158 class CIM_PolicyConditionInPolicyCondition : CIM_PolicyConditionStructure {
2159
2160 [Aggregate, Override ( "GroupComponent" ), Description (
2161 "This property represents the CompoundPolicyCondition that "
2162 "contains one or more PolicyConditions.")]
2163 CIM_CompoundPolicyCondition REF GroupComponent;
2164 a.dunfey 1.1
2165 [Override ( "PartComponent" ), Description (
2166 "This property holds the name of a PolicyCondition contained "
2167 "by one or more PolicyRules.")]
2168 CIM_PolicyCondition REF PartComponent;
2169 };
2170
2171
2172 // ==================================================================
2173 // PolicyActionStructure
2174 // ==================================================================
2175 [Association, Abstract, Aggregation, Version ( "2.6.0" ),
2176 Description (
2177 "PolicyActions may be aggregated into rules and into compound "
2178 "actions. PolicyActionStructure is the abstract aggregation "
2179 "class for the structuring of policy actions.")]
2180 class CIM_PolicyActionStructure : CIM_PolicyComponent {
2181
2182 [Aggregate, Override ( "GroupComponent" ), Description (
2183 "PolicyAction instances may be aggregated into either "
2184 "PolicyRule instances or CompoundPolicyAction instances.")]
2185 a.dunfey 1.1 CIM_Policy REF GroupComponent;
2186
2187 [Override ( "PartComponent" ), Description (
2188 "A PolicyAction aggregated by a PolicyRule or "
2189 "CompoundPolicyAction.")]
2190 CIM_PolicyAction REF PartComponent;
2191
2192 [Description (
2193 "ActionOrder is an unsigned integer 'n' that indicates the "
2194 "relative position of a PolicyAction in the sequence of "
2195 "actions associated with a PolicyRule or "
2196 "CompoundPolicyAction. When 'n' is a positive integer, it "
2197 "indicates a place in the sequence of actions to be "
2198 "performed, with smaller integers indicating earlier "
2199 "positions in the sequence. The special value '0' indicates "
2200 "'don't care'. If two or more PolicyActions have the same "
2201 "non-zero sequence number, they may be performed in any "
2202 "order, but they must all be performed at the appropriate "
2203 "place in the overall action sequence. \n"
2204 "\n"
2205 "A series of examples will make ordering of PolicyActions "
2206 a.dunfey 1.1 "clearer: \n"
2207 "o If all actions have the same sequence number, regardless "
2208 "of whether it is '0' or non-zero, any order is acceptable. "
2209 "\no The values: \n"
2210 "1:ACTION A \n"
2211 "2:ACTION B \n"
2212 "1:ACTION C \n"
2213 "3:ACTION D \n"
2214 "indicate two acceptable orders: A,C,B,D or C,A,B,D, \n"
2215 "since A and C can be performed in either order, but only at "
2216 "the '1' position. \n"
2217 "o The values: \n"
2218 "0:ACTION A \n"
2219 "2:ACTION B \n"
2220 "3:ACTION C \n"
2221 "3:ACTION D \n"
2222 "require that B,C, and D occur either as B,C,D or as B,D,C. "
2223 "Action A may appear at any point relative to B, C, and D. "
2224 "Thus the complete set of acceptable orders is: A,B,C,D; "
2225 "B,A,C,D; B,C,A,D; B,C,D,A; A,B,D,C; B,A,D,C; B,D,A,C; "
2226 "B,D,C,A. \n"
2227 a.dunfey 1.1 "\n"
2228 "Note that the non-zero sequence numbers need not start with "
2229 "'1', and they need not be consecutive. All that matters is "
2230 "their relative magnitude.")]
2231 uint16 ActionOrder;
2232 };
2233
2234
2235 // ==================================================================
2236 // PolicyActionInPolicyRule
2237 // ==================================================================
2238 [Association, Aggregation, Version ( "2.6.0" ), Description (
2239 "A PolicyRule aggregates zero or more instances of the "
2240 "PolicyAction class, via the PolicyActionInPolicyRule "
2241 "association. A Rule that aggregates zero Actions is not "
2242 "valid--it may, however, be in the process of being entered "
2243 "into a PolicyRepository or being defined for a System. "
2244 "Alternately, the actions of the policy may be explicit in the "
2245 "definition of the PolicyRule. Note that a PolicyRule should "
2246 "have no effect until it is valid. \n"
2247 "\n"
2248 a.dunfey 1.1 "The Actions associated with a PolicyRule may be given a "
2249 "required order, a recommended order, or no order at all. For "
2250 "Actions represented as separate objects, the "
2251 "PolicyActionInPolicyRule aggregation can be used to express an "
2252 "order. \n"
2253 "\n"
2254 "This aggregation does not indicate whether a specified action "
2255 "order is required, recommended, or of no significance; the "
2256 "property SequencedActions in the aggregating instance of "
2257 "PolicyRule provides this indication.")]
2258 class CIM_PolicyActionInPolicyRule : CIM_PolicyActionStructure {
2259
2260 [Aggregate, Override ( "GroupComponent" ), Description (
2261 "This property represents the PolicyRule that contains one "
2262 "or more PolicyActions.")]
2263 CIM_PolicyRule REF GroupComponent;
2264
2265 [Override ( "PartComponent" ), Description (
2266 "This property holds the name of a PolicyAction contained by "
2267 "one or more PolicyRules.")]
2268 CIM_PolicyAction REF PartComponent;
2269 a.dunfey 1.1 };
2270
2271
2272 // ==================================================================
2273 // PolicyActionInPolicyAction
2274 // ==================================================================
2275 [Association, Aggregation, Version ( "2.6.0" ), Description (
2276 "PolicyActionInPolicyAction is used to represent the "
2277 "compounding of policy actions into a higher-level policy "
2278 "action.")]
2279 class CIM_PolicyActionInPolicyAction : CIM_PolicyActionStructure {
2280
2281 [Aggregate, Override ( "GroupComponent" ), Description (
2282 "This property represents the CompoundPolicyAction that "
2283 "contains one or more PolicyActions.")]
2284 CIM_CompoundPolicyAction REF GroupComponent;
2285
2286 [Override ( "PartComponent" ), Description (
2287 "This property holds the name of a PolicyAction contained by "
2288 "one or more CompoundPolicyActions.")]
2289 CIM_PolicyAction REF PartComponent;
2290 a.dunfey 1.1 };
2291
2292
2293 // ==================================================================
2294 // PolicyContainerInPolicyContainer
2295 // ==================================================================
2296 [Association, Aggregation, Version ( "2.6.0" ), Description (
2297 "A relationship that aggregates one or more lower-level "
2298 "ReusablePolicyContainer instances into a higher-level "
2299 "ReusablePolicyContainer.")]
2300 class CIM_PolicyContainerInPolicyContainer : CIM_SystemComponent {
2301
2302 [Aggregate, Override ( "GroupComponent" ), Description (
2303 "A ReusablePolicyContainer that aggregates other "
2304 "ReusablePolicyContainers.")]
2305 CIM_ReusablePolicyContainer REF GroupComponent;
2306
2307 [Override ( "PartComponent" ), Description (
2308 "A ReusablePolicyContainer aggregated by another "
2309 "ReusablePolicyContainer.")]
2310 CIM_ReusablePolicyContainer REF PartComponent;
2311 a.dunfey 1.1 };
2312
2313
2314 // ==================================================================
2315 // PolicyRepositoryInPolicyRepository *** deprecated
2316 // ==================================================================
2317 [Association, Deprecated { "CIM_PolicyContainerInPolicyContainer" },
2318 Aggregation, Version ( "2.7.0" ), Description (
2319 "The term 'PolicyRepository' has been confusing to both "
2320 "developers and users of the model. The replacement class name "
2321 "describes model element properly and is less likely to be "
2322 "confused with a data repository. ContainedDomain is a general "
2323 "purpose mechanism for expressing domain hierarchy. \n"
2324 "\n"
2325 "A relationship that aggregates one or more lower-level "
2326 "PolicyRepositories into a higher-level Repository.")]
2327 class CIM_PolicyRepositoryInPolicyRepository : CIM_SystemComponent {
2328
2329 [Deprecated {
2330 "CIM_PolicyContainerInPolicyContainer.GroupComponent" },
2331 Aggregate, Override ( "GroupComponent" ), Description (
2332 a.dunfey 1.1 "A PolicyRepository that aggregates other Repositories.")]
2333 CIM_PolicyRepository REF GroupComponent;
2334
2335 [Deprecated {
2336 "CIM_PolicyContainerInPolicyContainer.PartComponent" },
2337 Override ( "PartComponent" ), Description (
2338 "A PolicyRepository aggregated by another Repository.")]
2339 CIM_PolicyRepository REF PartComponent;
2340 };
2341
2342
2343 // ==================================================================
2344 // ReusablePolicy
2345 // ==================================================================
2346 [Association, Version ( "2.6.0" ), Description (
2347 "The ReusablePolicy association provides for the reuse of any "
2348 "subclass of Policy in a ReusablePolicyContainer.")]
2349 class CIM_ReusablePolicy : CIM_PolicyInSystem {
2350
2351 [Override ( "Antecedent" ), Max ( 1 ), Description (
2352 "This property identifies a ReusablePolicyContainer that "
2353 a.dunfey 1.1 "provides the administrative scope for the reuse of the "
2354 "referenced policy element.")]
2355 CIM_ReusablePolicyContainer REF Antecedent;
2356
2357 [Override ( "Dependent" ), Description (
2358 "A reusable policy element.")]
2359 CIM_Policy REF Dependent;
2360 };
2361
2362
2363 // ==================================================================
2364 // ElementInPolicyRoleCollection
2365 // ==================================================================
2366 [Association, Aggregation, Version ( "2.8.0" ), Description (
2367 "An ElementInPolicyRoleCollection aggregates zero or more "
2368 "ManagedElement subclass instances into a PolicyRoleCollection "
2369 "object, representing a role played by these ManagedElements. "
2370 "This Collection indicates that the aggregated PolicySets "
2371 "(aggregated by CIM_PolicySetInRoleCollection) MAY BE applied "
2372 "to the referenced elements. To indicate that the PolicySets "
2373 "ARE being enforced for the element, use the "
2374 a.dunfey 1.1 "PolicySetAppliesToElement association.")]
2375 class CIM_ElementInPolicyRoleCollection : CIM_MemberOfCollection {
2376
2377 [Aggregate, Override ( "Collection" ), Description (
2378 "The PolicyRoleCollection.")]
2379 CIM_PolicyRoleCollection REF Collection;
2380
2381 [Override ( "Member" ), Description (
2382 "The ManagedElement that plays the role represented by the "
2383 "PolicyRoleCollection.")]
2384 CIM_ManagedElement REF Member;
2385 };
2386
2387
2388 // ==================================================================
2389 // PolicyRoleCollectionInSystem
2390 // ==================================================================
2391 [Association, Version ( "2.7.0" ), Description (
2392 "PolicyRoleCollectionInSystem is an association used to "
2393 "establish a relationship between a collection and an 'owning' "
2394 "System such as an AdminDomain or ComputerSystem.")]
2395 a.dunfey 1.1 class CIM_PolicyRoleCollectionInSystem : CIM_HostedCollection {
2396
2397 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
2398 "The parent system responsible for the collection.")]
2399 CIM_System REF Antecedent;
2400
2401 [Override ( "Dependent" ), Description (
2402 "The Collection.")]
2403 CIM_PolicyRoleCollection REF Dependent;
2404 };
2405
2406
2407 // ==================================================================
2408 // PolicyConditionInPolicyRepository *** deprecated
2409 // ==================================================================
2410 [Association, Deprecated { "CIM_ReusablePolicy" },
2411 Version ( "2.7.0" ), Description (
2412 "The ReusablePolicy association is a more general relationship "
2413 "that incorporates both Conditions and Actions as well as any "
2414 "other policy subclass. \n"
2415 "\n"
2416 a.dunfey 1.1 "This class represents the hosting of reusable PolicyConditions "
2417 "by a PolicyRepository. A reusable Policy Condition is always "
2418 "related to a single PolicyRepository, via this association. \n"
2419 "\n"
2420 "Note, that an instance of PolicyCondition can be either "
2421 "reusable or rule-specific. When the Condition is rule- "
2422 "specific, it shall not be related to any PolicyRepository via "
2423 "the PolicyConditionInPolicyRepository association.")]
2424 class CIM_PolicyConditionInPolicyRepository : CIM_PolicyInSystem {
2425
2426 [Deprecated { "CIM_ReusablePolicy.Antecedent" },
2427 Override ( "Antecedent" ), Max ( 1 ), Description (
2428 "This property identifies a PolicyRepository hosting one or "
2429 "more PolicyConditions. A reusable PolicyCondition is always "
2430 "related to exactly one PolicyRepository via the "
2431 "PolicyConditionInPolicyRepository association. The [0..1] "
2432 "cardinality for this property covers the two types of "
2433 "PolicyConditions: 0 for a rule-specific PolicyCondition, 1 "
2434 "for a reusable one.")]
2435 CIM_PolicyRepository REF Antecedent;
2436
2437 a.dunfey 1.1 [Deprecated { "CIM_ReusablePolicy.Dependent" },
2438 Override ( "Dependent" ), Description (
2439 "This property holds the name of a PolicyCondition hosted in "
2440 "the PolicyRepository.")]
2441 CIM_PolicyCondition REF Dependent;
2442 };
2443
2444
2445 // ==================================================================
2446 // PolicyActionInPolicyRepository *** deprecated
2447 // ==================================================================
2448 [Association, Deprecated { "CIM_ReusablePolicy" },
2449 Version ( "2.7.0" ), Description (
2450 "The ReusablePolicy association is a more general relationship "
2451 "that incorporates both Conditions and Actions as well as any "
2452 "other policy subclass. \n"
2453 "\n"
2454 "This class represents the hosting of reusable PolicyActions by "
2455 "a PolicyRepository. A reusable Policy Action is always related "
2456 "to a single PolicyRepository, via this association. \n"
2457 "\n"
2458 a.dunfey 1.1 "Note, that an instance of PolicyAction can be either reusable "
2459 "or rule-specific. When the Action is rule- specific, it shall "
2460 "not be related to any PolicyRepository via the "
2461 "PolicyActionInPolicyRepository association.")]
2462 class CIM_PolicyActionInPolicyRepository : CIM_PolicyInSystem {
2463
2464 [Deprecated { "CIM_ReusablePolicy.Antecedent" },
2465 Override ( "Antecedent" ), Max ( 1 ), Description (
2466 "This property represents a PolicyRepository hosting one or "
2467 "more PolicyActions. A reusable PolicyAction is always "
2468 "related to exactly one PolicyRepository via the "
2469 "PolicyActionInPolicyRepository association. The [0..1] "
2470 "cardinality for this property covers the two types of "
2471 "PolicyActions: 0 for a rule-specific PolicyAction, 1 for a "
2472 "reusable one.")]
2473 CIM_PolicyRepository REF Antecedent;
2474
2475 [Deprecated { "CIM_ReusablePolicy.Dependent" },
2476 Override ( "Dependent" ), Description (
2477 "This property holds the name of a PolicyAction hosted in "
2478 "the PolicyRepository.")]
2479 a.dunfey 1.1 CIM_PolicyAction REF Dependent;
2480 };
2481
2482
2483 // ==================================================================
2484 // PolicySetInRoleCollection
2485 // ==================================================================
2486 [Association, Aggregation, Version ( "2.8.0" ), Description (
2487 "PolicySetInRoleCollection aggregates zero or more PolicyRules "
2488 "and PolicyGroups (i.e., the subclasses of PolicySet) into a "
2489 "PolicyRoleCollection object, representing a role "
2490 "supported/enforced by the PolicySet.")]
2491 class CIM_PolicySetInRoleCollection : CIM_MemberOfCollection {
2492
2493 [Aggregate, Override ( "Collection" ), Description (
2494 "The PolicyRoleCollection.")]
2495 CIM_PolicyRoleCollection REF Collection;
2496
2497 [Override ( "Member" ), Description (
2498 "The PolicySet that supports/enforces the PolicyRole for the "
2499 "elements in the PolicyRoleCollection.")]
2500 a.dunfey 1.1 CIM_PolicySet REF Member;
2501 };
2502
2503
2504 // ==================================================================
2505 // PolicySetAppliesToElement
2506 // ==================================================================
2507 [Association, Version ( "2.8.0" ), Description (
2508 "PolicySetAppliesToElement makes explicit which PolicySets "
2509 "(i.e., policy rules and groups of rules) ARE CURRENTLY applied "
2510 "to a particular Element. This association indicates that the "
2511 "PolicySets that are appropriate for a ManagedElement "
2512 "(specified using the PolicyRoleCollection aggregation) have "
2513 "actually been deployed in the policy management "
2514 "infrastructure. Note that if the named Element refers to a "
2515 "Collection, then the PolicySet is assumed to be applied to all "
2516 "the members of the Collection.")]
2517 class CIM_PolicySetAppliesToElement {
2518
2519 [Key, Description (
2520 "The PolicyRules and/or groups of rules that are currently "
2521 a.dunfey 1.1 "applied to an Element.")]
2522 CIM_PolicySet REF PolicySet;
2523
2524 [Key, Description (
2525 "The ManagedElement to which the PolicySet applies.")]
2526 CIM_ManagedElement REF ManagedElement;
2527 };
2528
2529
2530 // ==================================================================
2531 // FilterOfPacketCondition
2532 // ==================================================================
2533 [Association, Version ( "2.8.0" ), Description (
2534 "FilterOfPacketCondition associates a network traffic "
2535 "specification (i.e., a FilterList) with a PolicyRule's "
2536 "PacketFilterCondition."),
2537 MappingStrings { "IPSP Policy Model.IETF|FilterOfSACondition" }]
2538 class CIM_FilterOfPacketCondition : CIM_Dependency {
2539
2540 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
2541 "A FilterList describes the traffic selected by the "
2542 a.dunfey 1.1 "PacketFilterCondition. A PacketFilterCondition is "
2543 "associated with one and only one FilterList, but that "
2544 "filter list may aggregate many filter entries."),
2545 MappingStrings { "IPSP Policy Model.IETF|"
2546 "FilterOfSACondition.Antecedent" }]
2547 CIM_FilterList REF Antecedent;
2548
2549 [Override ( "Dependent" ), Description (
2550 "The PacketFilterCondition that uses the FilterList as part "
2551 "of a PolicyRule."),
2552 MappingStrings { "IPSP Policy Model.IETF|"
2553 "FilterOfSACondition.Dependent" }]
2554 CIM_PacketFilterCondition REF Dependent;
2555 };
2556
2557
2558 // ==================================================================
2559 // AcceptCredentialFrom
2560 // ==================================================================
2561 [Association, Version ( "2.8" ), Description (
2562 "This association specifies that a credential management "
2563 a.dunfey 1.1 "service (e.g., CertificateAuthority or Kerberos key "
2564 "distribution service) is to be trusted to certify credentials, "
2565 "presented at the packet level. The association defines an "
2566 "'approved' CredentialManagementService that is used for "
2567 "validation. \n"
2568 "\n"
2569 "The use of this class is best explained via an example: \n"
2570 "If a CertificateAuthority is specified using this association, "
2571 "and a corresponding X509CredentialFilterEntry is also "
2572 "associated with a PacketFilterCondition (via the relationship, "
2573 "FilterOfPacketCondition), then the credential MUST match the "
2574 "FilterEntry data AND be certified by that CA (or one of the "
2575 "CredentialManagementServices in its trust hierarchy). "
2576 "Otherwise, the X509CredentialFilterEntry is deemed not to "
2577 "match. If a credential is certified by a "
2578 "CredentialManagementService associated with the "
2579 "PacketFilterCondition through the AcceptCredentialFrom "
2580 "relationship, but there is no corresponding "
2581 "CredentialFilterEntry, then all credentials from the related "
2582 "service are considered to match."),
2583 MappingStrings { "IPSP Policy Model.IETF|AcceptCredentialFrom" }]
2584 a.dunfey 1.1 class CIM_AcceptCredentialFrom : CIM_Dependency {
2585
2586 [Override ( "Antecedent" ), Description (
2587 "The CredentialManagementService that is issuing the "
2588 "credential to be matched in the PacketFilterCondition."),
2589 MappingStrings { "IPSP Policy "
2590 "Model.IETF|AcceptCredentialFrom.Antecedent" }]
2591 CIM_CredentialManagementService REF Antecedent;
2592
2593 [Override ( "Dependent" ), Description (
2594 "The PacketFilterCondition that associates the "
2595 "CredentialManagementService and any "
2596 "FilterLists/FilterEntries."),
2597 MappingStrings { "IPSP Policy "
2598 "Model.IETF|AcceptCredentialFrom.Dependent" }]
2599 CIM_PacketFilterCondition REF Dependent;
2600 };
2601
2602
2603 // ==================================================================
2604 // AuthorizationRuleAppliesToRole
2605 a.dunfey 1.1 // ==================================================================
2606 [Association, Experimental, Version ( "2.8.1000" ), Description (
2607 "AuthorizationRuleAppliesToRole makes explicit that an "
2608 "AuthorizationRule is CURRENTLY applied to a particular Role. "
2609 "The Role defines the relevant Privileges, since these are "
2610 "collected into the Role via MemberOfCollection.")]
2611 class CIM_AuthorizationRuleAppliesToRole : CIM_PolicySetAppliesToElement {
2612
2613 [Key, Override ( "PolicySet" ), Description (
2614 "The AuthenticationRule that is currently applied to this "
2615 "Role.")]
2616 CIM_AuthorizationRule REF PolicySet;
2617
2618 [Key, Override ( "ManagedElement" ), Description (
2619 "An Role to which this AuthorizationRule applies.")]
2620 CIM_Role REF ManagedElement;
2621 };
2622
2623 // ==================================================================
2624 // AuthorizationRuleAppliesToPrivilege
2625 // ==================================================================
2626 a.dunfey 1.1 [Association, Experimental, Version ( "2.8.1000" ), Description (
2627 "AuthorizationRuleAppliesToRole makes explicit that an "
2628 "AuthorizationRule is CURRENTLY applied to a particular "
2629 "Privilege.")]
2630 class CIM_AuthorizationRuleAppliesToPrivilege : CIM_PolicySetAppliesToElement {
2631
2632 [Key, Override ( "PolicySet" ), Description (
2633 "The AuthenticationRule that is currently applied to this "
2634 "Privilege.")]
2635 CIM_AuthorizationRule REF PolicySet;
2636
2637 [Key, Override ( "ManagedElement" ), Description (
2638 "An Privilege to which this AuthorizationRule applies.")]
2639 CIM_Privilege REF ManagedElement;
2640 };
2641
2642 // ==================================================================
2643 // AuthorizationRuleAppliesToIdentity
2644 // ==================================================================
2645 [Association, Experimental, Version ( "2.8.1000" ), Description (
2646 "AuthorizationRuleAppliesToRole makes explicit that an "
2647 a.dunfey 1.1 "AuthorizationRule is CURRENTLY applied to a particular "
2648 "Identity that is to be considered an authorized subject.")]
2649 class CIM_AuthorizationRuleAppliesToIdentity : CIM_PolicySetAppliesToElement {
2650
2651 [Key, Override ( "PolicySet" ), Description (
2652 "The AuthenticationRule that is currently applied to this "
2653 "Identity.")]
2654 CIM_AuthorizationRule REF PolicySet;
2655
2656 [Key, Override ( "ManagedElement" ), Description (
2657 "An Identity to which this AuthorizationRule applies.")]
2658 CIM_Identity REF ManagedElement;
2659 };
2660
2661 // ==================================================================
2662 // AuthorizationRuleAppliesToTarget
2663 // ==================================================================
2664 [Association, Experimental, Version ( "2.8.1000" ), Description (
2665 "AuthorizationRuleAppliesToRole makes explicit that an "
2666 "AuthorizationRule is CURRENTLY applied to a particular element "
2667 "that is to be considered an authorizated target.")]
2668 a.dunfey 1.1 class CIM_AuthorizationRuleAppliesToTarget : CIM_PolicySetAppliesToElement {
2669
2670 [Key, Override ( "PolicySet" ), Description (
2671 "The AuthenticationRule that is currently applied to the "
2672 "target element.")]
2673 CIM_AuthorizationRule REF PolicySet;
2674
2675 [Key, Override ( "ManagedElement" ), Description (
2676 "A target element to which the AuthorizationRule applies.")]
2677 CIM_ManagedElement REF ManagedElement;
2678 };
2679
2680
2681
2682 // ===================================================================
2683 // end of file
2684 // ===================================================================
2685
|