00001 #ifndef _SECURITY_REPLACEABLE_IDL_ 00002 #define _SECURITY_REPLACEABLE_IDL_ 00003 00004 #include <SecurityLevel2.idl> 00005 00006 #pragma prefix "omg.org" 00007 00008 module SecurityReplaceable 00009 { 00010 local interface SecurityContext; 00011 local interface ClientSecurityContext; 00012 local interface ServerSecurityContext; 00013 00014 local interface Vault 00015 { 00016 Security::AuthenticationMethodList get_supported_authen_methods 00017 (in Security::MechanismType mechanism); 00018 00019 readonly attribute Security::OIDList supported_mech_oids; 00020 00021 Security::AuthenticationStatus acquire_credentials 00022 ( 00023 in Security::AuthenticationMethod method, 00024 in Security::MechanismType mechanism, 00025 in Security::SecurityName security_name, 00026 in any auth_data, 00027 in Security::AttributeList privileges, 00028 out SecurityLevel2::Credentials creds, 00029 out any continuation_data, 00030 out any auth_specific_data 00031 ); 00032 00033 Security::AuthenticationStatus continue_credentials_acquisition 00034 ( 00035 in any response_data, 00036 in SecurityLevel2::Credentials creds, 00037 out any continuation_data, 00038 out any auth_specific_data 00039 ); 00040 00041 #ifndef VISIBROKER50 00042 #ifndef VISIBROKER51 00043 #ifndef VISIBROKER52 00044 #ifndef VISIBROKER60 00045 IOP::TaggedComponentSeq create_ior_components 00046 (in SecurityLevel2::Credentials creds_list); 00047 #endif 00048 #endif 00049 #endif 00050 #endif 00051 00052 Security::AssociationStatus init_security_context 00053 ( 00054 in SecurityLevel2::Credentials creds, 00055 in Security::SecurityName target_security_name, 00056 in Object target, 00057 in Security::DelegationMode delegation_mode, 00058 in Security::OptionsDirectionPairList association_options, 00059 in Security::MechanismType mechanism, 00060 in Security::Opaque comp_data, 00061 in Security::ChannelBindings chan_binding, 00062 out Security::OpaqueBuffer security_token, 00063 out ClientSecurityContext security_context 00064 ); 00065 00066 Security::AssociationStatus accept_security_context 00067 ( 00068 in SecurityLevel2::CredentialsList creds_list, 00069 in Security::ChannelBindings chan_bindings, 00070 in Security::OpaqueBuffer in_token, 00071 out Security::OpaqueBuffer out_token, 00072 out ServerSecurityContext security_context 00073 ); 00074 00075 Security::MechandOptionsList get_supported_mechs (); 00076 }; 00077 00078 local interface SecurityContext 00079 { 00080 readonly attribute Security::SecurityContextType context_type; 00081 readonly attribute Security::SecurityContextState context_state; 00082 readonly attribute Security::MechanismType mechanism; 00083 readonly attribute boolean supports_refresh; 00084 readonly attribute Security::ChannelBindings chan_binding; 00085 readonly attribute SecurityLevel2::ReceivedCredentials received_credentials; 00086 00087 Security::AssociationStatus continue_security_context 00088 ( 00089 in Security::OpaqueBuffer in_token, 00090 out Security::OpaqueBuffer out_token 00091 ); 00092 00093 void protect_message 00094 ( 00095 in Security::OpaqueBuffer message, 00096 in Security::QOP qop, 00097 out Security::OpaqueBuffer text_buffer, 00098 out Security::OpaqueBuffer token 00099 ); 00100 00101 boolean reclaim_message 00102 ( 00103 in Security::OpaqueBuffer text_buffer, 00104 in Security::OpaqueBuffer token, 00105 out Security::QOP qop, 00106 out Security::OpaqueBuffer message 00107 ); 00108 00109 boolean is_valid (out Security::UtcT expiry_time); 00110 boolean refresh_security_context 00111 ( 00112 in any refresh_data, 00113 out Security::OpaqueBuffer out_token 00114 ); 00115 boolean process_refresh_token (in Security::OpaqueBuffer refresh_token); 00116 boolean discard_security_context 00117 ( 00118 in Security::Opaque discard_data, 00119 out Security::OpaqueBuffer out_token 00120 ); 00121 boolean process_discard_token (in Security::OpaqueBuffer discard_token); 00122 }; 00123 00124 local interface ClientSecurityContext : SecurityContext 00125 { 00126 readonly attribute Security::AssociationOptions association_options_used; 00127 readonly attribute Security::DelegationMode delegation_mode; 00128 readonly attribute Security::Opaque comp_data; 00129 readonly attribute SecurityLevel2::Credentials client_credentials; 00130 readonly attribute Security::AssociationOptions server_options_supported; 00131 readonly attribute Security::AssociationOptions server_options_required; 00132 readonly attribute Security::Opaque server_security_name; 00133 }; 00134 00135 local interface ServerSecurityContext : SecurityContext 00136 { 00137 readonly attribute Security::AssociationOptions association_options_used; 00138 readonly attribute Security::DelegationMode delegation_mode; 00139 readonly attribute SecurityLevel2::Credentials server_credentials; 00140 readonly attribute Security::AssociationOptions server_options_supported; 00141 readonly attribute Security::AssociationOptions server_options_required; 00142 readonly attribute Security::Opaque server_security_name; 00143 }; 00144 00145 interface RequiredRights 00146 { 00147 void get_required_rights 00148 ( 00149 in CORBA::Identifier operation_name, 00150 in CORBA::RepositoryId interface_name, 00151 out Security::RightsList rights, 00152 out Security::RightsCombinator rights_combinator 00153 ); 00154 00155 void set_required_rights 00156 ( 00157 in CORBA::Identifier operation_name, 00158 in CORBA::RepositoryId interface_name, 00159 in Security::RightsList rights, 00160 in Security::RightsCombinator rights_combinator 00161 ); 00162 }; 00163 00164 local interface AuditChannel 00165 { 00166 void audit_write 00167 ( 00168 in Security::AuditEventType event_type, 00169 in SecurityLevel2::CredentialsList creds_list, 00170 in Security::UtcT time, 00171 in Security::SelectorValueList descriptors, 00172 in Security::Opaque event_specific_data 00173 ); 00174 00175 readonly attribute Security::AuditChannelId audit_channel_id; 00176 }; 00177 00178 local interface AuditDecision 00179 { 00180 boolean audit_needed 00181 ( 00182 in Security::AuditEventType event_type, 00183 in Security::SelectorValueList value_list 00184 ); 00185 00186 readonly attribute AuditChannel audit_channel; 00187 }; 00188 00189 local interface AccessDecision 00190 { 00191 boolean access_allowed 00192 ( 00193 in SecurityLevel2::CredentialsList cred_list, 00194 in CORBA::Identifier operation_name, 00195 in CORBA::Identifier target_interface_name 00196 ); 00197 }; 00198 }; 00199 00200 #endif