00001
00002
00003
00004
00005
00006 #ifndef _SECURITY_LEVEL_2_IDL_
00007 #define _SECURITY_LEVEL_2_IDL_
00008
00009 #include <orbsvcs/SecurityLevel1.idl>
00010
00011 #pragma prefix "omg.org"
00012
00013 module SecurityLevel2 {
00014
00015 # pragma version SecurityLevel2 1.8
00016
00017
00018 local interface PrincipalAuthenticator;
00019 local interface Credentials;
00020 local interface Current;
00021
00022
00023 local interface PrincipalAuthenticator {
00024 # pragma version PrincipalAuthenticator 1.8
00025
00026 Security::AuthenticationMethodList
00027 get_supported_authen_methods(
00028 in Security::MechanismType mechanism
00029 );
00030
00031 Security::AuthenticationStatus authenticate (
00032 in Security::AuthenticationMethod method,
00033 in Security::MechanismType mechanism,
00034 in Security::SecurityName security_name,
00035 in any auth_data,
00036 in Security::AttributeList privileges,
00037 out Credentials creds,
00038 out any continuation_data,
00039 out any auth_specific_data
00040 );
00041
00042 Security::AuthenticationStatus continue_authentication (
00043 in any response_data,
00044 in Credentials creds,
00045 out any continuation_data,
00046 out any auth_specific_data
00047 );
00048 };
00049
00050
00051
00052 local interface Credentials {
00053 # pragma version Credentials 1.8
00054
00055 Credentials copy ();
00056
00057 void destroy();
00058
00059 readonly attribute Security::InvocationCredentialsType
00060 credentials_type;
00061
00062 readonly attribute Security::AuthenticationStatus
00063 authentication_state;
00064
00065 readonly attribute Security::MechanismType mechanism;
00066
00067 attribute Security::AssociationOptions
00068 accepting_options_supported;
00069
00070 attribute Security::AssociationOptions
00071 accepting_options_required;
00072
00073 attribute Security::AssociationOptions
00074 invocation_options_supported;
00075
00076 attribute Security::AssociationOptions
00077 invocation_options_required;
00078
00079 boolean get_security_feature (
00080 in Security::CommunicationDirection direction,
00081 in Security::SecurityFeature feature
00082 );
00083
00084 boolean set_attributes (
00085 in Security::AttributeList requested_attributes,
00086 out Security::AttributeList actual_attributes
00087 );
00088
00089 Security::AttributeList get_attributes (
00090 in Security::AttributeTypeList attributes
00091 );
00092
00093 boolean is_valid (out Security::UtcT expiry_time);
00094
00095 boolean refresh (in any refresh_data);
00096
00097 };
00098
00099 typedef sequence <Credentials> CredentialsList;
00100
00101 local interface ReceivedCredentials : Credentials {
00102
00103 # pragma version ReceivedCredentials 1.8
00104
00105 readonly attribute Credentials accepting_credentials;
00106
00107 readonly attribute Security::AssociationOptions
00108 association_options_used;
00109
00110 readonly attribute Security::DelegationState delegation_state;
00111
00112 readonly attribute Security::DelegationMode delegation_mode;
00113
00114 };
00115
00116 local interface TargetCredentials : Credentials {
00117
00118 # pragma version TargetCredentials 1.8
00119
00120 readonly attribute Credentials initiating_credentials;
00121
00122 readonly attribute Security::AssociationOptions
00123 association_options_used;
00124
00125 };
00126
00127
00128 interface RequiredRights {
00129
00130 void get_required_rights(
00131 in Object obj,
00132 in CORBA::Identifier operation_name,
00133 in CORBA::RepositoryId interface_name,
00134 out Security::RightsList rights,
00135 out Security::RightsCombinator rights_combinator
00136 );
00137
00138 void set_required_rights(
00139 in CORBA::Identifier operation_name,
00140 in CORBA::RepositoryId interface_name,
00141 in Security::RightsList rights,
00142 in Security::RightsCombinator rights_combinator
00143 );
00144 };
00145
00146
00147
00148 local interface AuditChannel {
00149
00150 # pragma version AuditChannel 1.8
00151
00152 void audit_write (
00153 in Security::AuditEventType event_type,
00154 in CredentialsList creds,
00155 in Security::UtcT time,
00156 in Security::SelectorValueList descriptors,
00157 in any event_specific_data
00158 );
00159
00160 readonly attribute Security::AuditChannelId audit_channel_id;
00161
00162 };
00163
00164
00165
00166 local interface AuditDecision {
00167
00168 # pragma version AuditDecision 1.8
00169
00170 boolean audit_needed (
00171 in Security::AuditEventType event_type,
00172 in Security::SelectorValueList value_list
00173 );
00174
00175 readonly attribute AuditChannel audit_channel;
00176
00177 };
00178
00179
00180 local interface AccessDecision {
00181
00182 # pragma version AccessDecision 1.8
00183
00184 boolean access_allowed (
00185 in SecurityLevel2::CredentialsList cred_list,
00186 in Object target,
00187 in CORBA::Identifier operation_name,
00188 in CORBA::Identifier target_interface_name
00189 );
00190 };
00191
00192
00193
00194
00195 local interface QOPPolicy : CORBA::Policy {
00196 # pragma version QOPPolicy 1.8
00197 readonly attribute Security::QOP qop;
00198
00199 };
00200
00201 local interface MechanismPolicy : CORBA::Policy {
00202 # pragma version MechanismPolicy 1.8
00203 readonly attribute Security::MechanismTypeList mechanisms;
00204 };
00205
00206 local interface InvocationCredentialsPolicy : CORBA::Policy {
00207 # pragma version InvocationCredentialsPolicy 1.8
00208 readonly attribute CredentialsList creds;
00209 };
00210
00211 local interface EstablishTrustPolicy : CORBA::Policy {
00212 # pragma version EstablishTrustPolicy 1.8
00213 readonly attribute Security::EstablishTrust trust;
00214 };
00215
00216 local interface DelegationDirectivePolicy : CORBA::Policy {
00217 # pragma version DelegationDirectivePolicy 1.8
00218 readonly attribute Security::DelegationDirective delegation_directive;
00219 };
00220
00221 local interface SecurityManager {
00222
00223 # pragma version SecurityManager 1.8
00224
00225
00226
00227 readonly attribute Security::MechandOptionsList
00228 supported_mechanisms;
00229
00230 readonly attribute CredentialsList own_credentials;
00231
00232 readonly attribute RequiredRights
00233 required_rights_object;
00234
00235 readonly attribute PrincipalAuthenticator
00236 principal_authenticator;
00237
00238 readonly attribute AccessDecision
00239 access_decision;
00240
00241 readonly attribute AuditDecision
00242 audit_decision;
00243
00244 TargetCredentials get_target_credentials (
00245 in Object obj_ref
00246 );
00247
00248 void remove_own_credentials(
00249 in Credentials creds
00250 );
00251
00252 CORBA::Policy get_security_policy (
00253 in CORBA::PolicyType policy_type
00254 );
00255 };
00256
00257
00258
00259
00260 local interface Current : SecurityLevel1::Current {
00261
00262 # pragma version Current 1.8
00263
00264
00265
00266 readonly attribute ReceivedCredentials received_credentials;
00267
00268 };
00269
00270 };
00271
00272 #pragma prefix ""
00273
00274 #endif