1 a.dunfey 1.1 // ===================================================================
2 // Title: User-Security Accounts
3 // $State: Preliminary $
4 // $Date: 2005/01/14 14:11:18 $
5 // $Source: /home/dmtf2/dotorg/var/cvs/repositories/dev/Schema/MOF/User_Account.mof,v $
6 // $Revision: 1.6 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 a.dunfey 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 a.dunfey 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes related to
49 // Accounts.
50 //
51 // The object classes below are listed in an order that
52 // avoids forward references. Required objects, defined
53 // by other working groups, are omitted.
54 // ===================================================================
55 // Change Log for v2.9 Company Review:
56 // CR1503 - Deprecate AccountIdentity, SecurityServiceForSystem,
57 // ManagesAccountOnSystem, and ServiceUsesSecurityService
58 //
59 // Change Log for v2.8 Final
60 // CR1218 - Accepted AccountIdentity and the deprecation of
61 // UsersAccount
62 // as Final
63 // CR1235 - Added Descriptions to the properties of ManagesAccount and
64 a.dunfey 1.1 // SecurityServiceUsesAccount / Accepted Account's Description
65 // change as Final
66 //
67 // Change Log for v2.8 Preliminary
68 // CR1013 - Related the Account class with Identity, changed Account's
69 // Description, added AccountIdentity and deprecated
70 // UsersAccount
71 //
72 // Change Log for v2.7 - None
73 // ===================================================================
74
75 #pragma Locale ("en_US")
76
77
78 // ==================================================================
79 // Account
80 // ==================================================================
81 [Version ( "2.8.0" ), Description (
82 "CIM_Account is the information held by a SecurityService to "
83 "track identity and privileges managed by that service. Common "
84 "examples of an Account are the entries in a UNIX /etc/passwd "
85 a.dunfey 1.1 "file. Several kinds of security services use various "
86 "information from those entries - the /bin/login program uses "
87 "the account name ('root') and hashed password to authenticate "
88 "users, and the file service, for instance, uses the UserID "
89 "field ('0') and GroupID field ('0') to record ownership and "
90 "determine access control privileges on files in the file "
91 "system. This class is defined so as to incorporate "
92 "commonly-used LDAP attributes to permit implementations to "
93 "easily derive this information from LDAP-accessible "
94 "directories. \n"
95 "\n"
96 "The semantics of Account overlap with that of the class, "
97 "CIM_Identity. However, aspects of Account - such as its "
98 "specific tie to a System - are valuable and have been widely "
99 "implemented. For this reason, the Account and Identity classes "
100 "are associated using a subclass of LogicalIdentity "
101 "(AccountIdentity), instead of deprecating the Account class in "
102 "the CIM Schema. When an Account has been authenticated, the "
103 "corresponding Identity's TrustEstablished Boolean would be set "
104 "to TRUE. Then, the Identity class can be used as defined for "
105 "authorization purposes.")]
106 a.dunfey 1.1 class CIM_Account : CIM_LogicalElement {
107
108 [Key, Propagated ( "CIM_System.CreationClassName" ),
109 Description (
110 "The scoping System's CCN."),
111 MaxLen ( 256 )]
112 string SystemCreationClassName;
113
114 [Key, Propagated ( "CIM_System.Name" ), Description (
115 "The scoping System's Name."),
116 MaxLen ( 256 )]
117 string SystemName;
118
119 [Key, Description (
120 "CreationClassName indicates the name of the class or the "
121 "subclass used in the creation of an instance. When used "
122 "with the other key properties of this class, this property "
123 "allows all instances of this class and its subclasses to be "
124 "uniquely identified."),
125 MaxLen ( 256 )]
126 string CreationClassName;
127 a.dunfey 1.1
128 [Key, Override ( "Name" ), Description (
129 "The Name property defines the label by which the object is "
130 "known. The value of this property may be set to be the same "
131 "as that of the UserID property or, in the case of an "
132 "LDAP-derived instance, the Name property value may be set "
133 "to the distinguishedName of the LDAP-accessed object "
134 "instance."),
135 MaxLen ( 1024 )]
136 string Name;
137
138 [Description (
139 "UserID is the value used by the SecurityService to "
140 "represent identity. For an authentication service, the "
141 "UserID may be the name of the user, or for an authorization "
142 "service the value which serves as a handle to a mapping of "
143 "the identity."),
144 MaxLen ( 256 )]
145 string UserID;
146
147 [Description (
148 a.dunfey 1.1 "In the case of an LDAP-derived instance, the ObjectClass "
149 "property value(s) may be set to the objectClass attribute "
150 "values.")]
151 string ObjectClass[];
152
153 [Description (
154 "The Descriptions property values may contain human-readable "
155 "descriptions of the object. In the case of an LDAP-derived "
156 "instance, the description attribute may have multiple "
157 "values that, therefore, cannot be placed in the inherited "
158 "Description property."),
159 MaxLen ( 1024 )]
160 string Descriptions[];
161
162 [Description (
163 "Based on RFC1274, the host name of the system(s) for which "
164 "the account applies. The host name may be a fully-qualified "
165 "DNS name or it may be an unqualified host name.")]
166 string Host[];
167
168 [Description (
169 a.dunfey 1.1 "This property contains the name of a locality, such as a "
170 "city, county or other geographic region.")]
171 string LocalityName[];
172
173 [Required, Description (
174 "The name of the organization related to the account.")]
175 string OrganizationName[];
176
177 [Description (
178 "The name of an organizational unit related to the account.")]
179 string OU[];
180
181 [Description (
182 "In the case of an LDAP-derived instance, the SeeAlso "
183 "property specifies distinguished name of other Directory "
184 "objects which may be other aspects (in some sense) of the "
185 "same real world object.")]
186 string SeeAlso[];
187
188 [Description (
189 "Based on inetOrgPerson and for directory compatibility, the "
190 a.dunfey 1.1 "UserCertificate property may be used to specify a public "
191 "key certificate for the person."),
192 OctetString]
193 string UserCertificate[];
194
195 [Description (
196 "In the case of an LDAP-derived instance, the UserPassword "
197 "property may contain an encrypted password used to access "
198 "the person's resources in a directory."),
199 OctetString]
200 string UserPassword[];
201 };
202
203
204 // ==================================================================
205 // AccountIdentity
206 // ==================================================================
207 [Association, Deprecated { "CIM_ConcreteIdentity" },
208 Version ( "2.8.1000" ), Description (
209 "CIM_AccountIdentity relates a system Account with the Identity "
210 "that is established. Since Account also carries Identity "
211 a.dunfey 1.1 "semantics, the LogicalIdentity association is defined as the "
212 "superclass of this association. This association does not add "
213 "any constraints or semantics to ConcreteIdentity. As a result, "
214 "it is deprecated.")]
215 class CIM_AccountIdentity : CIM_LogicalIdentity {
216
217 [Deprecated { "CIM_ConcreteIdentity.SystemElement" },
218 Override ( "SystemElement" ), Description (
219 "The Account that establishes Identity.")]
220 CIM_Account REF SystemElement;
221
222 [Deprecated { "CIM_ConcreteIdentity.SameElement" },
223 Override ( "SameElement" ), Description (
224 "The Identity established by the Account.")]
225 CIM_Identity REF SameElement;
226 };
227
228
229 // ===================================================================
230 // AccountOnSystem
231 // ===================================================================
232 a.dunfey 1.1 [Association, Aggregation, Version ( "2.6.0" ), Description (
233 "A system (e.g., ApplicationSystem, ComputerSystem, "
234 "AdminDomain) aggregates Accounts and scopes the uniqueness of "
235 "the Account names (i.e., userids).")]
236 class CIM_AccountOnSystem : CIM_SystemComponent {
237
238 [Aggregate, Override ( "GroupComponent" ), Min ( 1 ), Max ( 1 ),
239 Description (
240 "The aggregating system also provides name scoping for the "
241 "Account.")]
242 CIM_System REF GroupComponent;
243
244 [Override ( "PartComponent" ), Weak, Description (
245 "The subordinate Account.")]
246 CIM_Account REF PartComponent;
247 };
248
249
250 // ===================================================================
251 // UsersAccount
252 // ===================================================================
253 a.dunfey 1.1 [Association, Deprecated { "CIM_AccountIdentity" },
254 Version ( "2.8.0" ), Description (
255 "This relationship associates UsersAccess with the Accounts "
256 "with which they're able to interact. This association is "
257 "deprecated in lieu of AccountIdentity, which defines similar "
258 "semantics. This was done since the UsersAccess reference in "
259 "UsersAccount has been deprecated and replaced by the more "
260 "specific semantics of CIM_Identity.")]
261 class CIM_UsersAccount : CIM_Dependency {
262
263 [Deprecated { "CIM_AccountIdentity.SystemElement" },
264 Override ( "Antecedent" ), Description (
265 "The user's Account.")]
266 CIM_Account REF Antecedent;
267
268 [Deprecated { "CIM_AccountIdentity.SameElement" },
269 Override ( "Dependent" ), Description (
270 "The User as identified by their UsersAccess instance.")]
271 CIM_UsersAccess REF Dependent;
272 };
273
274 a.dunfey 1.1
275 // ===================================================================
276 // AccountMapsToAccount
277 // ===================================================================
278 [Association, Version ( "2.6.0" ), Description (
279 "This relationship may be used to associate an Account used by "
280 "an AuthenticationService to an Account used for Authorization. "
281 "For instance, this mapping occurs naturally in the UNIX "
282 "/etc/passwd file, where the AuthenticationService Account "
283 "('root') is mapped to the AuthorizationService Account ('0'). "
284 "The two are separate accounts, as evidenced by the ability to "
285 "have another AuthenticationService Account which ALSO maps to "
286 "the AuthorizationService Account ('0') without ambiguity. This "
287 "association may be used for other account mappings as well "
288 "such as for coordinating single signon for multiple accounts "
289 "for the same user.")]
290 class CIM_AccountMapsToAccount : CIM_Dependency {
291
292 [Override ( "Antecedent" ), Description (
293 "An Account.")]
294 CIM_Account REF Antecedent;
295 a.dunfey 1.1
296 [Override ( "Dependent" ), Description (
297 "A related Account.")]
298 CIM_Account REF Dependent;
299 };
300
301
302 // ===================================================================
303 // SecurityServiceUsesAccount
304 // ===================================================================
305 [Association, Version ( "2.6.0" ), Description (
306 "This relationship associates SecurityService instances to the "
307 "Accounts they use in the course of their work.")]
308 class CIM_SecurityServiceUsesAccount : CIM_Dependency {
309
310 [Override ( "Antecedent" ), Description (
311 "Account used by the SecurityService.")]
312 CIM_Account REF Antecedent;
313
314 [Override ( "Dependent" ), Description (
315 "The Service using the Account.")]
316 a.dunfey 1.1 CIM_SecurityService REF Dependent;
317 };
318
319
320 // ==================================================================
321 // AccountManagementService
322 // ==================================================================
323 [Version ( "2.6.0" ), Description (
324 "CIM_AccountManagementService creates, manages, and if "
325 "necessary destroys Accounts on behalf of other "
326 "SecuritySerices.")]
327 class CIM_AccountManagementService : CIM_SecurityService {
328 };
329
330
331 // ===================================================================
332 // ManagesAccount
333 // ===================================================================
334 [Association, Version ( "2.6.0" ), Description (
335 "This relationship associates the AccountManagement security "
336 "service to the Accounts for which it is responsible.")]
337 a.dunfey 1.1 class CIM_ManagesAccount : CIM_Dependency {
338
339 [Override ( "Antecedent" ), Description (
340 "The account management service.")]
341 CIM_AccountManagementService REF Antecedent;
342
343 [Override ( "Dependent" ), Description (
344 "An account managed by the service.")]
345 CIM_Account REF Dependent;
346 };
347
348 // ===================================================================
349 // ManagesAccountOnSystem
350 // ===================================================================
351 [Association, Deprecated { "CIM_ServiceAvailableToElement" },
352 Version ( "2.8.1000" ), Description (
353 "The CIM_ManagesAccountOnSystem provides the association "
354 "between a System and the AccountManagementService that manages "
355 "accounts for that system. This association does not add any "
356 "constraints or semantics to ServiceAvailableToElement. As a "
357 "result, it is deprecated.")]
358 a.dunfey 1.1 class CIM_ManagesAccountOnSystem : CIM_SecurityServiceForSystem {
359
360 [Deprecated { "CIM_ServiceAvailableToElement.ServiceProvided" },
361 Override ( "Antecedent" ), Description (
362 "An AccountManagementService that manages accounts for the "
363 "system.")]
364 CIM_AccountManagementService REF Antecedent;
365
366 [Deprecated { "CIM_ServiceAvailableToElement.UserOfService" },
367 Override ( "Dependent" ), Description (
368 "The system that is dependent on the "
369 "AccountManagementService.")]
370 CIM_System REF Dependent;
371 };
372
373
374 // ===================================================================
375 // end of file
376 // ===================================================================
|