00001 #ifndef _SECURITY_LEVEL_2_IDL
00002 #define _SECURITY_LEVEL_2_IDL
00003
00009 #include <SecurityLevel1.idl>
00010
00011 #pragma prefix "omg.org"
00012
00013 module SecurityLevel2
00014 {
00015
00016
00017 local interface PrincipalAuthenticator;
00018 local interface Credentials;
00019 local interface Current;
00020
00021 local interface PrincipalAuthenticator
00022 {
00023 Security::AuthenticationMethodList get_supported_authen_methods
00024 (in Security::MechanismType mechanism);
00025
00026 Security::AuthenticationStatus authenticate
00027 (
00028 in Security::AuthenticationMethod method,
00029 in Security::MechanismType mechanism,
00030 in Security::SecurityName security_name,
00031 in any auth_data,
00032 in Security::AttributeList privileges,
00033 out Credentials creds,
00034 out any continuation_data,
00035 out any auth_specific_data
00036 );
00037
00038 Security::AuthenticationStatus continue_authentication
00039 (
00040 in any response_data,
00041 in Credentials creds,
00042 out any continuation_data,
00043 out any auth_specific_data
00044 );
00045 };
00046
00047 local interface Credentials
00048 {
00049 Credentials copy ();
00050 void destroy ();
00051
00052 readonly attribute Security::InvocationCredentialsType credentials_type;
00053 readonly attribute Security::AuthenticationStatus authentication_state;
00054 readonly attribute Security::MechanismType mechanism;
00055 attribute Security::AssociationOptions accepting_options_supported;
00056 attribute Security::AssociationOptions accepting_options_required;
00057 attribute Security::AssociationOptions invocation_options_supported;
00058 attribute Security::AssociationOptions invocation_options_required;
00059
00060 boolean get_security_feature
00061 (
00062 in Security::CommunicationDirection direction,
00063 in Security::SecurityFeature feature
00064 );
00065 boolean set_attributes
00066 (
00067 in Security::AttributeList requested_attributes,
00068 out Security::AttributeList actual_attributes
00069 );
00070 Security::AttributeList get_attributes
00071 (in Security::AttributeTypeList attributes);
00072 boolean is_valid (out Security::UtcT expiry_time);
00073 boolean refresh (in any refresh_data);
00074 };
00075
00076 typedef sequence <Credentials> CredentialsList;
00077
00078 local interface ReceivedCredentials : Credentials
00079 {
00080 readonly attribute Credentials accepting_credentials;
00081 readonly attribute Security::AssociationOptions association_options_used;
00082 readonly attribute Security::DelegationState delegation_state;
00083 readonly attribute Security::DelegationMode delegation_mode;
00084 };
00085
00086 local interface TargetCredentials : Credentials
00087 {
00088 readonly attribute Credentials initiating_credentials;
00089 readonly attribute Security::AssociationOptions association_options_used;
00090 };
00091
00092 interface RequiredRights
00093 {
00094 void get_required_rights
00095 (
00096 in Object obj,
00097 in CORBA::Identifier operation_name,
00098 in CORBA::RepositoryId interface_name,
00099 out Security::RightsList rights,
00100 out Security::RightsCombinator rights_combinator
00101 );
00102
00103 void set_required_rights
00104 (
00105 in CORBA::Identifier operation_name,
00106 in CORBA::RepositoryId interface_name,
00107 in Security::RightsList rights,
00108 in Security::RightsCombinator rights_combinator
00109 );
00110 };
00111
00112 local interface AuditChannel
00113 {
00114 void audit_write
00115 (
00116 in Security::AuditEventType event_type,
00117 in CredentialsList creds,
00118 in Security::UtcT time,
00119 in Security::SelectorValueList descriptors,
00120 in any event_specific_data
00121 );
00122
00123 readonly attribute Security::AuditChannelId audit_channel_id;
00124 };
00125
00126 local interface AuditDecision
00127 {
00128 boolean audit_needed
00129 (
00130 in Security::AuditEventType event_type,
00131 in Security::SelectorValueList value_list
00132 );
00133
00134 readonly attribute AuditChannel audit_channel;
00135 };
00136
00137 local interface AccessDecision
00138 {
00139 boolean access_allowed
00140 (
00141 in SecurityLevel2::CredentialsList cred_list,
00142 in Object target,
00143 in CORBA::Identifier operation_name,
00144 in CORBA::Identifier target_interface_name
00145 );
00146 };
00147
00148 local interface QOPPolicy : CORBA::Policy
00149 {
00150 readonly attribute Security::QOP qop;
00151 };
00152
00153 local interface MechanismPolicy : CORBA::Policy
00154 {
00155 readonly attribute Security::MechanismTypeList mechanisms;
00156 };
00157
00158 local interface InvocationCredentialsPolicy : CORBA::Policy
00159 {
00160 readonly attribute CredentialsList creds;
00161 };
00162
00163 local interface EstablishTrustPolicy : CORBA::Policy
00164 {
00165 readonly attribute Security::EstablishTrust trust;
00166 };
00167
00168 local interface DelegationDirectivePolicy : CORBA::Policy
00169 {
00170 readonly attribute Security::DelegationDirective delegation_directive;
00171 };
00172
00173 local interface SecurityManager
00174 {
00175 readonly attribute Security::MechandOptionsList supported_mechanisms;
00176 readonly attribute CredentialsList own_credentials;
00177 readonly attribute RequiredRights required_rights_object;
00178 readonly attribute PrincipalAuthenticator principal_authenticator;
00179 readonly attribute AccessDecision access_decision;
00180 readonly attribute AuditDecision audit_decision;
00181
00182 TargetCredentials get_target_credentials (in Object obj_ref);
00183 void remove_own_credentials (in Credentials creds);
00184 CORBA::Policy get_security_policy (in CORBA::PolicyType policy_type);
00185 };
00186
00187 local interface Current : SecurityLevel1::Current
00188 {
00189 readonly attribute ReceivedCredentials received_credentials;
00190 };
00191 };
00192
00193 #endif