Main Page   Namespace List   Class Hierarchy   Alphabetical List   Compound List   File List   Namespace Members   Compound Members  

CSI.idl

Go to the documentation of this file.
00001 #ifndef _CSI_IDL_
00002 #define _CSI_IDL_
00003 
00004 #pragma prefix "omg.org"
00005 
00006 module CSI
00007 {
00008     // The OMG VMCID; same value as CORBA::OMGVMCID. Do not change ever.
00009 
00010     const unsigned long OMGVMCID = 0x4F4D0;
00011 
00012     // An X509CertificateChain contains an ASN.1 BER encoded SEQUENCE 
00013     // [1..MAX] OF X.509 certificates encapsulated in a sequence of octets. The
00014     // subject's certificate shall come first in the list. Each following 
00015     // certificate shall directly certify the one preceding it. The ASN.1
00016     // representation of Certificate is as defined in [IETF RFC 2459].
00017 
00018     typedef sequence <octet> X509CertificateChain; 
00019 
00020     // an X.501 type name or Distinguished Name encapsulated in a sequence of
00021     // octets containing the ASN.1 encoding.
00022 
00023     typedef sequence <octet> X501DistinguishedName;
00024 
00025     // UTF-8 Encoding of String
00026 
00027     typedef sequence <octet> UTF8String;
00028 
00029     // ASN.1 Encoding of an OBJECT IDENTIFIER
00030 
00031     typedef sequence <octet> OID;
00032 
00033     typedef sequence <OID> OIDList;
00034 
00035     // A sequence of octets containing a GSStoken. Initial context tokens are
00036     // ASN.1 encoded as defined in [IETF RFC 2743] Section 3.1, 
00037     // "Mechanism-Independent token Format", pp. 81-82. Initial context tokens
00038     // contain an ASN.1 tag followed by a token length, a mechanism identifier,
00039     // and a mechanism-specific token (i.e. a GSSUP::InitialContextToken). The
00040     // encoding of all other GSS tokens (e.g. error tokens and final context
00041     // tokens) is mechanism dependent.
00042 
00043     typedef sequence <octet> GSSToken;
00044 
00045     // An encoding of a GSS Mechanism-Independent Exported Name Object as
00046     // defined in [IETF RFC 2743] Section 3.2, "GSS Mechanism-Independent
00047     // Exported Name Object Format," p. 84.
00048 
00049     typedef sequence <octet> GSS_NT_ExportedName;
00050 
00051     typedef sequence <GSS_NT_ExportedName> GSS_NT_ExportedNameList;
00052 
00053     // The MsgType enumeration defines the complete set of service context
00054     // message types used by the CSI context management protocols, including
00055     // those message types pertaining only to the stateful application of the 
00056     // protocols (to insure proper alignment of the identifiers between
00057     // stateless and stateful implementations). Specifically, the 
00058     // MTMessageInContext is not sent by stateless clients (although it may
00059     // be received by stateless targets).
00060 
00061     typedef short MsgType;
00062       
00063     const MsgType MTEstablishContext = 0;
00064     const MsgType MTCompleteEstablishContext = 1;      
00065     const MsgType MTContextError = 4; 
00066     const MsgType MTMessageInContext = 5;
00067 
00068     // The ContextId type is used carry session identifiers. A stateless 
00069     // application of the service context protocol is indicated by a session
00070     // identifier value of 0.
00071 
00072     typedef unsigned long long ContextId;
00073 
00074     // The AuthorizationElementType defines the contents and encoding of
00075     // the_element field of the AuthorizationElement.
00076 
00077     // The high order 20-bits of each AuthorizationElementType constant
00078     // shall contain the Vendor Minor Codeset ID (VMCID) of the
00079     // organization that defined the element type. The low order 12 bits
00080     // shall contain the organization-scoped element type identifier. The
00081     // high-order 20 bits of all element types defined by the OMG shall
00082     // contain the VMCID allocated to the OMG (that is, 0x4F4D0).
00083       
00084     typedef unsigned long AuthorizationElementType;
00085 
00086     // An AuthorizationElementType of X509AttributeCertChain indicates that 
00087     // the_element field of the AuthorizationElement contains an ASN.1 BER
00088     // SEQUENCE composed of an (X.509) AttributeCertificate followed by a
00089     // SEQUENCE OF (X.509) Certificate. The two-part SEQUENCE is encapsulated
00090     // in an octet stream. The chain of identity certificates is provided
00091     // to certify the attribute certificate. Each certificate in the chain 
00092     // shall directly certify the one preceding it. The first certificate
00093     // in the chain shall certify the attribute certificate. The ASN.1
00094     // representation of (X.509) Certificate is as defined in [IETF RFC 2459].
00095     // The ASN.1 representation of (X.509) AtributeCertificate is as defined
00096     // in [IETF ID PKIXAC].  
00097 
00098     const AuthorizationElementType X509AttributeCertChain = OMGVMCID | 1;
00099 
00100     typedef sequence <octet> AuthorizationElementContents;
00101 
00102     // The AuthorizationElement contains one element of an authorization token.
00103     // Each element of an authorization token is logically a PAC.
00104 
00105     struct AuthorizationElement
00106     {
00107         AuthorizationElementType   the_type;
00108         AuthorizationElementContents   the_element;
00109     };
00110 
00111     // The AuthorizationToken is made up of a sequence of 
00112     // AuthorizationElements
00113 
00114     typedef sequence <AuthorizationElement> AuthorizationToken;
00115       
00116     typedef unsigned long IdentityTokenType;
00117 
00118     // Additional standard identity token types shall only be defined by the
00119     // OMG. All IdentityTokenType constants shall be a power of 2.
00120 
00121     const IdentityTokenType ITTAbsent = 0;      
00122     const IdentityTokenType ITTAnonymous = 1;
00123     const IdentityTokenType ITTPrincipalName = 2;
00124     const IdentityTokenType ITTX509CertChain = 4;
00125     const IdentityTokenType ITTDistinguishedName = 8;
00126 
00127     typedef sequence <octet> IdentityExtension;
00128       
00129     union IdentityToken switch (IdentityTokenType)
00130     {
00131         case ITTAbsent: boolean absent;
00132         case ITTAnonymous: boolean anonymous;
00133         case ITTPrincipalName: GSS_NT_ExportedName principal_name;
00134         case ITTX509CertChain: X509CertificateChain certificate_chain;
00135         case ITTDistinguishedName: X501DistinguishedName dn;
00136         default: IdentityExtension id;
00137     };
00138 
00139     struct EstablishContext
00140     {
00141         ContextId client_context_id;
00142         AuthorizationToken authorization_token;
00143         IdentityToken identity_token;
00144         GSSToken client_authentication_token;
00145     };
00146       
00147     struct CompleteEstablishContext
00148     {
00149         ContextId client_context_id;
00150         boolean context_stateful;
00151         GSSToken final_context_token;
00152     };
00153 
00154     struct ContextError
00155     {
00156         ContextId client_context_id;
00157         long major_status;
00158         long minor_status;
00159         GSSToken error_token;
00160     };
00161 
00162     // Not sent by stateless clients. If received by a stateless server, a
00163     // ContextError message should be returned, indicating the session does
00164     // not exist.
00165       
00166     struct MessageInContext
00167     {
00168         ContextId client_context_id;
00169         boolean discard_context;
00170     };
00171       
00172     union SASContextBody switch (MsgType)
00173     {
00174         case MTEstablishContext: EstablishContext establish_msg;
00175         case MTCompleteEstablishContext: CompleteEstablishContext complete_msg;
00176         case MTContextError: ContextError error_msg;
00177         case MTMessageInContext: MessageInContext in_context_msg;
00178     };
00179 
00180     // The following type represents the string representation of an ASN.1
00181     // OBJECT IDENTIFIER (OID). OIDs are represented by the string "oid:"
00182     // followed by the integer base 10 representation of the OID separated
00183     // by dots. For example, the OID corresponding to the OMG is represented
00184     // as: "oid:2.23.130"     
00185 
00186     typedef string StringOID;
00187 
00188     // The GSS Object Identifier for the KRB5 mechanism is:
00189     // { iso(1) member-body(2) United States(840) mit(113554) infosys(1)
00190     // gssapi(2) krb5(2) }
00191 
00192     const StringOID KRB5MechOID = "oid:1.2.840.113554.1.2.2";
00193 
00194     // The GSS Object Identifier for name objects of the Mechanism-idependent
00195     // Exported Name Object type is:
00196     // { iso(1) org(3) dod(6) internet(1) security(5) nametypes(6)
00197     // gss-api-exported-name(4) }
00198 
00199     const StringOID GSS_NT_Export_Name_OID = "oid:1.3.6.1.5.6.4";
00200 
00201     // The GSS Object Identifier for the scoped-username name form is:
00202     // { iso-itu-t (2) international-organization (23) omg (130) security (1)
00203     // naming (2) scoped-username(1) }
00204 
00205     const StringOID GSS_NT_Scoped_Username_OID = "oid:2.23.130.1.2.1";
00206 
00207 }; // CSI
00208 
00209 #endif