Main Page   Namespace List   Class Hierarchy   Alphabetical List   Compound List   File List   Namespace Members   Compound Members  

Security.idl

Go to the documentation of this file.
00001 #ifndef _SECURITY_IDL_
00002 #define _SECURITY_IDL_
00003 
00009 #include <orbdefs.idl>
00010 
00011 #include <TimeBase.idl>
00012 
00013 #pragma prefix "omg.org"
00014 
00015 #ifdef ORBACUS41
00016 module CORBA
00017 {
00018    typedef unsigned long ServiceOption;
00019    typedef unsigned long ServiceDetailType;
00020 };
00021 #endif
00022 
00023 module Security
00024 {
00025    typedef string SecurityName;
00026    typedef sequence <octet> Opaque;
00027 
00028    // Constant declarations for Security Service Options
00029 
00030    const CORBA::ServiceOption SecurityLevel1 = 1;
00031    const CORBA::ServiceOption SecurityLevel2 = 2;
00032    const CORBA::ServiceOption NonRepudiation = 3;
00033    const CORBA::ServiceOption SecurityORBServiceReady = 4;
00034    const CORBA::ServiceOption SecurityServiceReady = 5;
00035    const CORBA::ServiceOption ReplaceORBServices = 6;
00036    const CORBA::ServiceOption ReplaceSecurityServices = 7;
00037    const CORBA::ServiceOption StandardSecureInteroperability = 8;
00038    const CORBA::ServiceOption DCESecureInteroperability = 9;
00039 
00040    // Service options for Common Secure Interoperability
00041 
00042    const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
00043    const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
00044    const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;
00045 
00046    // Security mech types supported for secure association
00047 
00048    const CORBA::ServiceDetailType SecurityMechanismType = 1;
00049 
00050    // Privilege types supported in standard access policy
00051 
00052    const CORBA::ServiceDetailType SecurityAttribute = 2;
00053 
00054    // Extensible families for standard data types
00055 
00056    struct ExtensibleFamily
00057    {
00058       unsigned short family_definer;
00059       unsigned short family;
00060    };
00061 
00062    typedef sequence<octet> OID;
00063    typedef sequence<OID> OIDList;
00064 
00065    // Security attributes
00066 
00067    typedef unsigned long SecurityAttributeType;
00068 
00069    // Other attributes; family = 0
00070 
00071    const SecurityAttributeType AuditId = 1;
00072    const SecurityAttributeType AccountingId = 2;
00073    const SecurityAttributeType NonRepudiationId = 3;
00074 
00075    // Privilege attributes; family = 1
00076 
00077    const SecurityAttributeType _Public = 1;
00078    const SecurityAttributeType AccessId = 2;
00079    const SecurityAttributeType PrimaryGroupId = 3;
00080    const SecurityAttributeType GroupId = 4;
00081    const SecurityAttributeType Role = 5;
00082    const SecurityAttributeType AttributeSet = 6;
00083    const SecurityAttributeType Clearance = 7;
00084    const SecurityAttributeType Capability = 8;
00085 
00086    struct AttributeType
00087    {
00088       ExtensibleFamily attribute_family;
00089       SecurityAttributeType attribute_type;
00090    };
00091    typedef sequence<AttributeType> AttributeTypeList;
00092 
00093    struct SecAttribute
00094    {
00095       AttributeType attribute_type;
00096       OID defining_authority;
00097       Opaque value;
00098       // the value of this attribute can be
00099       // interpreted only with knowledge of type
00100    };
00101    typedef sequence <SecAttribute> AttributeList;
00102 
00103    // Authentication return status
00104 
00105    enum AuthenticationStatus
00106    {
00107       SecAuthSuccess,
00108       SecAuthFailure,
00109       SecAuthContinue,
00110       SecAuthExpired
00111    };
00112 
00113    // Association return status
00114 
00115    enum AssociationStatus
00116    {
00117       SecAssocSuccess,
00118       SecAssocFailure,
00119       SecAssocContinue
00120    };
00121 
00122    // Authentication method
00123 
00124    typedef unsigned long AuthenticationMethod;
00125    typedef sequence<AuthenticationMethod> AuthenticationMethodList;
00126 
00127    // Credential types
00128 
00129    enum InvocationCredentialsType
00130    {
00131       SecOwnCredentials,
00132       SecReceivedCredentials,
00133       SecTargetCredentials
00134    };
00135 
00136    // Declarations related to Rights
00137 
00138    struct Right
00139    {
00140       ExtensibleFamily rights_family;
00141       string the_right;
00142    };
00143    typedef sequence <Right> RightsList;
00144 
00145    enum RightsCombinator
00146    {
00147       SecAllRights,
00148       SecAnyRight
00149    };
00150 
00151    // Delegation related
00152 
00153    enum DelegationState
00154    {
00155       SecInitiator,
00156       SecDelegate
00157    };
00158 
00159    enum DelegationDirective
00160    {
00161       Delegate,
00162       NoDelegate
00163    };
00164 
00165    // Pick up from TimeBase
00166 
00167    typedef TimeBase::UtcT UtcT;
00168    typedef TimeBase::IntervalT IntervalT;
00169    typedef TimeBase::TimeT TimeT;
00170 
00171    // Security features available on credentials
00172 
00173    enum SecurityFeature
00174    {
00175       SecNoDelegation,
00176       SecSimpleDelegation,
00177       SecCompositeDelegation,
00178       SecNoProtection,
00179       SecIntegrity,
00180       SecConfidentiality,
00181       SecIntegrityAndConfidentiality,
00182       SecDetectReplay,
00183       SecDetectMisordering,
00184       SecEstablishTrustInTarget,
00185       SecEstablishTrustInClient
00186    };
00187 
00188    // Quality of protection which can be specified
00189    // for an object reference and used to protect messages
00190 
00191    enum QOP
00192    {
00193       SecQOPNoProtection,
00194       SecQOPIntegrity,
00195       SecQOPConfidentiality,
00196       SecQOPIntegrityAndConfidentiality
00197    };
00198 
00199    // Type of SecurityContext
00200 
00201    enum SecurityContextType
00202    {
00203       SecClientSecurityContext,
00204       SecServerSecurityContext
00205    };
00206 
00207    // Operational State of a Security Context
00208 
00209    enum SecurityContextState
00210    {
00211       SecContextInitialized,
00212       SecContextContinued,
00213       SecContextClientEstablished,
00214       SecContextEstablished,
00215       SecContextEstablishExpired,
00216       SecContextExpired,
00217       SecContextInvalid
00218    };
00219 
00220    struct ChannelBindings
00221    {
00222       unsigned long initiator_addrtype;
00223       sequence<octet> initiator_address;
00224       unsigned long acceptor_addrtype;
00225       sequence<octet> acceptor_address;
00226       sequence<octet> application_data;
00227    };
00228 
00229    // For use with SecurityReplaceable
00230 
00231    struct OpaqueBuffer
00232    {
00233       Opaque buffer;
00234       unsigned long startpos;
00235       unsigned long endpos;
00236 
00237       // startpos <= endpos
00238       // OpaqueBuffer is said to be empty if startpos == endpos
00239    };
00240 
00241    // Association options which can be administered
00242    // on secure invocation policy and used to
00243    // initialize security context
00244 
00245    typedef unsigned short AssociationOptions;
00246 
00247    const AssociationOptions NoProtection = 1;
00248    const AssociationOptions Integrity = 2;
00249    const AssociationOptions Confidentiality = 4;
00250    const AssociationOptions DetectReplay = 8;
00251    const AssociationOptions DetectMisordering = 16;
00252    const AssociationOptions EstablishTrustInTarget = 32;
00253    const AssociationOptions EstablishTrustInClient = 64;
00254    const AssociationOptions NoDelegation = 128;
00255    const AssociationOptions SimpleDelegation = 256;
00256    const AssociationOptions CompositeDelegation = 512;
00257 
00258    // Flag to indicate whether association options being
00259    // administered are the 'required' or 'supported' set
00260 
00261    enum RequiresSupports
00262    {
00263       SecRequires,
00264       SecSupports
00265    };
00266 
00267    // Direction of communication for which
00268    // secure invocation policy applies
00269 
00270    enum CommunicationDirection
00271    {
00272       SecDirectionBoth,
00273       SecDirectionRequest,
00274       SecDirectionReply
00275    };
00276 
00277    // Security association mechanism type
00278 
00279    typedef string MechanismType;
00280    typedef sequence<MechanismType> MechanismTypeList;
00281 
00282    // AssociationOptions-Direction pair
00283 
00284    struct OptionsDirectionPair
00285    {
00286       AssociationOptions options;
00287       CommunicationDirection direction;
00288    };
00289    typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;
00290 
00291    // Delegation mode which can be administered
00292 
00293    enum DelegationMode
00294    {
00295       SecDelModeNoDelegation, // i.e. use own credentials
00296       SecDelModeSimpleDelegation, // delegate received credentials
00297       SecDelModeCompositeDelegation // delegate both;
00298    };
00299 
00300    // Association options supported by a given mech type
00301 
00302    struct MechandOptions
00303    {
00304       MechanismType mechanism_type;
00305       AssociationOptions options_supported;
00306    };
00307    typedef sequence <MechandOptions> MechandOptionsList;
00308 
00309    // Attribute of the SecurityLevel2::EstablishTrustPolicy
00310 
00311    struct EstablishTrust
00312    {
00313       boolean trust_in_client;
00314       boolean trust_in_target;
00315    };
00316 
00317    // Audit
00318 
00319    typedef unsigned long AuditChannelId;
00320    typedef unsigned short EventType;
00321 
00322    const EventType AuditAll = 0;
00323    const EventType AuditPrincipalAuth = 1;
00324    const EventType AuditSessionAuth = 2;
00325    const EventType AuditAuthorization = 3;
00326    const EventType AuditInvocation = 4;
00327    const EventType AuditSecEnvChange = 5;
00328    const EventType AuditPolicyChange = 6;
00329    const EventType AuditObjectCreation = 7;
00330    const EventType AuditObjectDestruction = 8;
00331    const EventType AuditNonRepudiation = 9;
00332 
00333    enum DayOfTheWeek
00334    {
00335       Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
00336    };
00337 
00338    enum AuditCombinator
00339    {
00340       SecAllSelectors,
00341       SecAnySelector
00342    };
00343 
00344    struct AuditEventType
00345    {
00346       ExtensibleFamily event_family;
00347       EventType event_type;
00348    };
00349    typedef sequence <AuditEventType> AuditEventTypeList;
00350 
00351    typedef unsigned long SelectorType;
00352 
00353    const SelectorType InterfaceName = 1;
00354    const SelectorType ObjectRef = 2;
00355    const SelectorType Operation = 3;
00356    const SelectorType Initiator = 4;
00357    const SelectorType SuccessFailure = 5;
00358    const SelectorType Time = 6;
00359    const SelectorType DayOfWeek = 7;
00360 
00361    // values defined for audit_needed and audit_write are:
00362    // InterfaceName: CORBA::RepositoryId
00363    // ObjectRef: object reference
00364    // Operation: op_name
00365    // Initiator: Credentials
00366    // SuccessFailure: boolean
00367    // Time: utc time on audit_write; time picked up from
00368    // environment in audit_needed if required
00369    // DayOfWeek: DayOfTheWeek
00370 
00371    struct SelectorValue
00372    {
00373       SelectorType selector;
00374       any value;
00375    };
00376    typedef sequence <SelectorValue> SelectorValueList;
00377 
00378    // Constant declaration for valid Security Policy Types
00379 
00380    // General administrative policies
00381 
00382    const CORBA::PolicyType SecClientInvocationAccess = 1;
00383    const CORBA::PolicyType SecTargetInvocationAccess = 2;
00384    const CORBA::PolicyType SecApplicationAccess = 3;
00385    const CORBA::PolicyType SecClientInvocationAudit = 4;
00386    const CORBA::PolicyType SecTargetInvocationAudit = 5;
00387    const CORBA::PolicyType SecApplicationAudit = 6;
00388    const CORBA::PolicyType SecDelegation = 7;
00389    const CORBA::PolicyType SecClientSecureInvocation = 8;
00390    const CORBA::PolicyType SecTargetSecureInvocation = 9;
00391    const CORBA::PolicyType SecNonRepudiation = 10;
00392 
00393    // Policies used to control attributes of a binding to a target
00394 
00395    const CORBA::PolicyType SecMechanismsPolicy = 12;
00396    const CORBA::PolicyType SecInvocationCredentialsPolicy = 13;
00397    const CORBA::PolicyType SecFeaturePolicy = 14; // obsolete
00398    const CORBA::PolicyType SecQOPPolicy = 15;
00399    const CORBA::PolicyType SecDelegationDirectivePolicy = 38;
00400    const CORBA::PolicyType SecEstablishTrustPolicy = 39;
00401 };
00402 
00403 #endif