TAO_Security: SecurityReplaceable.idl Source File

00001 // -*- IDL -*-
00002 //
00003 // SecurityReplaceable.idl,v 1.9 2004/08/16 23:53:12 jtc Exp
00004 
00005 #ifndef _SECURITY_REPLACEABLE_IDL_
00006 #define _SECURITY_REPLACEABLE_IDL_
00007 
00008 #include "orbsvcs/SecurityLevel2.idl"
00009 #include "tao/IOP.pidl"
00010 
00011 #pragma prefix "omg.org"
00012 
00013 module SecurityReplaceable {
00014 
00015 #   pragma version SecurityReplaceable 1.8
00016 
00017   local interface SecurityContext;
00018   local interface ClientSecurityContext;
00019   local interface ServerSecurityContext;
00020 
00021   local interface Vault {
00022 
00023 # pragma version Vault 1.8
00024 
00025     Security::AuthenticationMethodList
00026     get_supported_authen_methods(
00027       in   Security::MechanismType             mechanism
00028     );
00029 
00030     readonly attribute Security::OIDList supported_mech_oids;
00031 
00032     Security::AuthenticationStatus acquire_credentials (
00033       in   Security::AuthenticationMethod      method,
00034       in   Security::MechanismType             mechanism,
00035       in   Security::SecurityName              security_name,
00036       in   any                                 auth_data,
00037       in   Security::AttributeList             privileges,
00038       out  SecurityLevel2::Credentials         creds,
00039       out  any                                 continuation_data,
00040       out  any                                 auth_specific_data
00041     );
00042 
00043     Security::AuthenticationStatus continue_credentials_acquisition (
00044       in   any                                 response_data,
00045       in   SecurityLevel2::Credentials         creds,
00046       out  any                                 continuation_data,
00047       out  any                                 auth_specific_data
00048     );
00049 
00050     IOP::TaggedComponentList create_ior_components(
00051       in   SecurityLevel2::Credentials         creds_list
00052     );
00053 
00054 
00055     Security::AssociationStatus init_security_context (
00056       in   SecurityLevel2::Credentials        creds,
00057       in   Security::SecurityName             target_security_name,
00058       in   Object                             target,
00059       in   Security::DelegationMode           delegation_mode,
00060       in   Security::OptionsDirectionPairList association_options,
00061       in   Security::MechanismType            mechanism,
00062       in   Security::Opaque                   comp_data, //from IOR
00063       in   Security::ChannelBindings          chan_binding,
00064       out  Security::OpaqueBuffer             security_token,
00065       out  ClientSecurityContext              security_context
00066     );
00067 
00068     Security::AssociationStatus accept_security_context (
00069       in   SecurityLevel2::CredentialsList    creds_list,
00070       in   Security::ChannelBindings          chan_bindings,
00071       in   Security::Opaque                   in_token,
00072       out  Security::Opaque                   out_token
00073     );
00074 
00075     Security::MechandOptionsList get_supported_mechs ();
00076 
00077   };
00078 
00079 
00080   local interface SecurityContext {
00081 
00082 #   pragma version SecurityContext 1.8
00083 
00084     readonly attribute Security::SecurityContextType
00085       context_type;
00086 
00087     readonly attribute Security::SecurityContextState
00088       context_state;
00089 
00090     readonly attribute Security::MechanismType
00091       mechanism;
00092 
00093     readonly attribute Security::ChannelBindings chan_binding;
00094 
00095     readonly attribute SecurityLevel2::ReceivedCredentials
00096       received_credentials;
00097 
00098     Security::AssociationStatus continue_security_context (
00099       in   Security::OpaqueBuffer      in_token,
00100       out  Security::OpaqueBuffer      out_token
00101     );
00102 
00103     void protect_message (
00104       in   Security::OpaqueBuffer      message,
00105       in   Security::QOP               qop,
00106       out  Security::OpaqueBuffer      text_buffer,
00107       out  Security::OpaqueBuffer      token
00108     );
00109 
00110     boolean reclaim_message (
00111       in   Security::Opaque            text_buffer,
00112       in   Security::Opaque            token,
00113       out  Security::QOP               qop,
00114       out  Security::Opaque            message
00115     );
00116 
00117     boolean is_valid (
00118       out  Security::UtcT              expiry_time
00119     );
00120 
00121     boolean discard_security_context (
00122       in   Security::Opaque            discard_data,
00123       out  Security::OpaqueBuffer      out_token
00124     );
00125 
00126     boolean process_discard_token (
00127       in   Security::OpaqueBuffer      discard_token
00128     );
00129 
00130   };
00131 
00132   local interface ClientSecurityContext : SecurityContext {
00133 
00134 # pragma version ClientSecurityContext 1.8
00135 
00136     readonly attribute Security::AssociationOptions
00137       association_options_used;
00138 
00139     readonly attribute Security::DelegationMode
00140       delegation_mode;
00141 
00142     readonly attribute Security::Opaque comp_data;
00143 
00144     readonly attribute SecurityLevel2::Credentials
00145       client_credentials;
00146 
00147     readonly attribute Security::AssociationOptions
00148       server_options_supported;
00149 
00150     readonly attribute Security::AssociationOptions
00151       server_options_required;
00152 
00153     readonly attribute Security::Opaque server_security_name;
00154 
00155   };
00156 
00157   local interface ServerSecurityContext : SecurityContext {
00158 
00159 #   pragma version ServerSecurityContext 1.8
00160 
00161     readonly attribute Security::AssociationOptions
00162       association_options_used;
00163 
00164     readonly attribute Security::DelegationMode
00165       delegation_mode;
00166 
00167     readonly attribute SecurityLevel2::Credentials
00168       server_credentials;
00169 
00170     readonly attribute Security::AssociationOptions
00171       server_options_supported;
00172 
00173     readonly attribute Security::AssociationOptions
00174       server_options_required;
00175 
00176     readonly attribute Security::Opaque server_security_name;
00177 
00178   };
00179 
00180   interface RequiredRights {
00181 
00182     void get_required_rights(
00183       in   CORBA::Identifier           operation_name,
00184       in   CORBA::RepositoryId         interface_name,
00185       out  Security::RightsList        rights,
00186       out  Security::RightsCombinator  rights_combinator
00187     );
00188 
00189     void set_required_rights(
00190       in   CORBA::Identifier           operation_name,
00191       in   CORBA::RepositoryId         interface_name,
00192       in   Security::RightsList        rights,
00193       in   Security::RightsCombinator  rights_combinator
00194     );
00195 
00196   };
00197 
00198   local interface AuditChannel {
00199 
00200     void audit_write (
00201       in   Security::AuditEventType        event_type,
00202       in   SecurityLevel2::CredentialsList creds_list,
00203       in   Security::UtcT                  time,
00204       in   Security::SelectorValueList     descriptors,
00205       in   Security::Opaque                event_specific_data
00206     );
00207 
00208     readonly attribute Security::AuditChannelId audit_channel_id;
00209 
00210   };
00211 
00212   local interface AuditDecision {
00213 
00214     boolean audit_needed (
00215       in   Security::AuditEventType        event_type,
00216       in   Security::SelectorValueList     value_list
00217     );
00218 
00219     readonly attribute AuditChannel audit_channel;
00220 
00221   };
00222 
00223   local interface AccessDecision {
00224 
00225     boolean access_allowed (
00226       in   SecurityLevel2::CredentialsList cred_list,
00227       in   CORBA::Identifier               operation_name,
00228       in   CORBA::Identifier               target_interface_name
00229       );
00230 
00231   };
00232 
00233 };
00234 
00235 #pragma prefix ""
00236 
00237 #endif /* _SECURITY_REPLACEABLE_IDL_ */