88 lines
4.9 KiB
Plaintext
88 lines
4.9 KiB
Plaintext
// Copyright (c) 2008 DMTF. All rights reserved.
|
|
[Version ( "2.19.0" ),
|
|
UMLPackagePath ( "CIM::User::Identity" ),
|
|
Description (
|
|
"An instance of an Identity represents a ManagedElement that "
|
|
"acts as a security principal within the scope in which it is "
|
|
"defined and authenticated. (Note that the Identity\'s scope is "
|
|
"specified using the association, CIM_IdentityContext.) "
|
|
"ManagedElements with Identities can be OrganizationalEntities, "
|
|
"Services, Systems, etc. The ManagedElement \'behind\' an "
|
|
"Identity is described using the AssignedIdentity association. \n"
|
|
"\n"
|
|
"Within a given security context, an Identity may be imparted a "
|
|
"level of trust, usually based on its credentials. A trust "
|
|
"level is defined using the CIM_SecuritySensitivity class, and "
|
|
"associated with Identity using CIM_ElementSecuritySensitivity. "
|
|
"Whether an Identity is currently authenticated is evaluated by "
|
|
"checking the CurrentlyAuthenticated boolean property. This "
|
|
"property is set and cleared by the security infrastructure, "
|
|
"and should only be readable within the management "
|
|
"infrastructure. The conditions which must be met/authenticated "
|
|
"in order for an Identity\'s CurrentlyAuthenticated Boolean to "
|
|
"be TRUE are defined using a subclass of PolicyCondition - "
|
|
"AuthenticationCondition. The inheritance tree for "
|
|
"AuthenticationCondition is defined in the CIM Policy Model. \n"
|
|
"\n"
|
|
"Subclasses of Identity may include specific information "
|
|
"related to a given AuthenticationService or authority (such as "
|
|
"a security token or computer hardware port/communication "
|
|
"details) that more specifically determine the authenticity of "
|
|
"the Identity. An instance of Identity may be persisted even "
|
|
"though it is not CurrentlyAuthenticated, in order to maintain "
|
|
"static relationships to Roles, associations to accounting "
|
|
"information, and policy data defining authentication "
|
|
"requirements. Note however, when an Identity is not "
|
|
"authenticated (CurrentlyAuthenticated = FALSE), then "
|
|
"Privileges or rights SHOULD NOT be authorized. The lifetime, "
|
|
"validity, and propagation of the Identity is dependent on a "
|
|
"security infrastructure\'s policies." )]
|
|
class CIM_Identity : CIM_ManagedElement {
|
|
|
|
[Key, Override ( "InstanceID" ),
|
|
Description (
|
|
"Within the scope of the instantiating Namespace, "
|
|
"InstanceID opaquely and uniquely identifies an instance "
|
|
"of this class. In order to ensure uniqueness within the "
|
|
"NameSpace, the value of InstanceID SHOULD be constructed "
|
|
"using the following \'preferred\' algorithm: \n"
|
|
"<OrgID>:<LocalID> \n"
|
|
"Where <OrgID> and <LocalID> are separated by a colon "
|
|
"\':\', and where <OrgID> MUST include a copyrighted, "
|
|
"trademarked or otherwise unique name that is owned by "
|
|
"the business entity creating/defining the InstanceID, or "
|
|
"is a registered ID that is assigned to the business "
|
|
"entity by a recognized global authority. (This is "
|
|
"similar to the <Schema Name>_<Class Name> structure of "
|
|
"Schema class names.) In addition, to ensure uniqueness "
|
|
"<OrgID> MUST NOT contain a colon (\':\'). When using "
|
|
"this algorithm, the first colon to appear in InstanceID "
|
|
"MUST appear between <OrgID> and <LocalID>. \n"
|
|
"<LocalID> is chosen by the business entity and SHOULD "
|
|
"not be re-used to identify different underlying "
|
|
"(real-world) elements. If the above \'preferred\' "
|
|
"algorithm is not used, the defining entity MUST assure "
|
|
"that the resultant InstanceID is not re-used across any "
|
|
"InstanceIDs produced by this or other providers for this "
|
|
"instance\'s NameSpace. \n"
|
|
"For DMTF defined instances, the \'preferred\' algorithm "
|
|
"MUST be used with the <OrgID> set to \'CIM\'." )]
|
|
string InstanceID;
|
|
|
|
[Description (
|
|
"Boolean indicating whether this Identity has been "
|
|
"authenticated, and is currently known within the scope "
|
|
"of an AuthenticationService or authority. By default, "
|
|
"authenticity SHOULD NOT be assumed. This property is set "
|
|
"and cleared by the security infrastructure, and should "
|
|
"only be readable within the management infrastructure. "
|
|
"Note that its value, alone, may not be sufficient to "
|
|
"determine authentication/ authorization, in that "
|
|
"properties of an Identity subclass (such as a security "
|
|
"token or computer hardware port/ communication details) "
|
|
"may be required by the security infrastructure." )]
|
|
boolean CurrentlyAuthenticated = false;
|
|
|
|
|
|
};
|