Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members | Search for 

Security.idl

Go to the documentation of this file.
00001 // -*- IDL -*-
00002 //
00003 // Security.idl,v 1.13 2004/04/01 05:16:45 bala Exp
00004 
00005 
00006 #ifndef _SECURITY_IDL_
00007 #define _SECURITY_IDL_
00008 
00009 #include "tao/TimeBase.pidl"
00010 #include <orb.idl>
00011 
00012 #pragma prefix "omg.org"
00013 
00014 module Security {
00015 
00016 #pragma version Security 1.8
00017 
00018     typedef string SecurityName;
00019     typedef sequence<octet> Opaque;
00020 
00021     // Constant declarations for Security Service Options
00022     const CORBA::ServiceOption SecurityLevel1 = 1;
00023     const CORBA::ServiceOption SecurityLevel2 = 2;
00024     const CORBA::ServiceOption NonRepudiation = 3;
00025     const CORBA::ServiceOption SecurityORBServiceReady = 4;
00026     const CORBA::ServiceOption SecurityServiceReady = 5;
00027     const CORBA::ServiceOption ReplaceORBServices = 6;
00028     const CORBA::ServiceOption ReplaceSecurityServices = 7;
00029     const CORBA::ServiceOption StandardSecureInteroperability = 8;
00030     const CORBA::ServiceOption DCESecureInteroperability = 9;
00031 
00032     // Service options for Common Secure Interoperability
00033     const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
00034     const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
00035     const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;
00036 
00037     // Security mech types supported for secure association
00038     const CORBA::ServiceDetailType SecurityMechanismType = 1;
00039 
00040     // privilege types supported in standard access policy
00041     const CORBA::ServiceDetailType SecurityAttribute = 2;
00042 
00043    // extensible families for standard data types
00044     struct ExtensibleFamily {
00045         unsigned short        family_definer;
00046         unsigned short        family;
00047     };
00048 
00049     typedef sequence<octet> OID;
00050 
00051     typedef sequence<OID> OIDList;
00052 
00053     // security attributes
00054     typedef unsigned long SecurityAttributeType;
00055 
00056     // other attributes; family = 0
00057 
00058     const SecurityAttributeType    AuditId = 1;
00059     const SecurityAttributeType    AccountingId = 2;
00060     const SecurityAttributeType    NonRepudiationId = 3;
00061 
00062     // privilege attributes; family = 1
00063 
00064     const SecurityAttributeType    _Public = 1;
00065     const SecurityAttributeType    AccessId = 2;
00066     const SecurityAttributeType    PrimaryGroupId = 3;
00067     const SecurityAttributeType    GroupId = 4;
00068     const SecurityAttributeType    Role = 5;
00069     const SecurityAttributeType    AttributeSet = 6;
00070     const SecurityAttributeType    Clearance = 7;
00071     const SecurityAttributeType    Capability = 8;
00072 
00073     struct AttributeType {
00074         ExtensibleFamily      attribute_family;
00075         SecurityAttributeType attribute_type;
00076     };
00077 
00078     typedef sequence<AttributeType> AttributeTypeList;
00079 
00080     struct SecAttribute {
00081         AttributeType         attribute_type;
00082         OID                   defining_authority;
00083         Opaque                value;
00084         // the value of this attribute can be
00085         // decoded only with knowledge of defining authority
00086     };
00087 
00088     typedef sequence <SecAttribute> AttributeList;
00089 
00090     // Authentication return status
00091     enum AuthenticationStatus {
00092         SecAuthSuccess,
00093         SecAuthFailure,
00094         SecAuthContinue,
00095         SecAuthExpired
00096     };
00097 
00098     // Association return status
00099     enum AssociationStatus {
00100         SecAssocSuccess,
00101         SecAssocFailure,
00102         SecAssocContinue
00103     };
00104 
00105     // Authentication method
00106     typedef unsigned long AuthenticationMethod;
00107 
00108     typedef sequence<AuthenticationMethod> AuthenticationMethodList;
00109 
00110     // Credential types
00111 
00112     enum InvocationCredentialsType {
00113         SecOwnCredentials,
00114         SecReceivedCredentials,
00115         SecTargetCredentials
00116     };
00117 
00118     // Declarations related to Rights
00119 
00120     struct Right {
00121         ExtensibleFamily        rights_family;
00122         string                  the_right;
00123     };
00124 
00125     typedef sequence <Right> RightsList;
00126 
00127     enum RightsCombinator {
00128         SecAllRights,
00129         SecAnyRight
00130     };
00131 
00132     // Delegation related
00133 
00134     enum DelegationState {
00135         SecInitiator,
00136         SecDelegate
00137     };
00138 
00139     enum DelegationDirective {
00140         Delegate,
00141         NoDelegate
00142     };
00143 
00144     // pick up from TimeBase
00145 
00146     typedef TimeBase::UtcT        UtcT;
00147     typedef TimeBase::IntervalT   IntervalT;
00148     typedef TimeBase::TimeT       TimeT;
00149 
00150     // Security features available on credentials.
00151 
00152     enum SecurityFeature {
00153         SecNoDelegation,
00154         SecSimpleDelegation,
00155         SecCompositeDelegation,
00156         SecNoProtection,
00157         SecIntegrity,
00158         SecConfidentiality,
00159         SecIntegrityAndConfidentiality,
00160         SecDetectReplay,
00161         SecDetectMisordering,
00162         SecEstablishTrustInTarget,
00163         SecEstablishTrustInClient
00164     };
00165 
00166     // Quality of protection which can be specified
00167     // for an object reference and used to protect messages
00168     enum QOP {
00169         SecQOPNoProtection,
00170         SecQOPIntegrity,
00171         SecQOPConfidentiality,
00172         SecQOPIntegrityAndConfidentiality
00173     };
00174 
00175     // Type of SecurityContext
00176     enum SecurityContextType {
00177         SecClientSecurityContext,
00178         SecServerSecurityContext
00179     };
00180 
00181     // Operational State of a Security Context
00182     enum SecurityContextState {
00183         SecContextInitialized,
00184         SecContextContinued,
00185         SecContextClientEstablished,
00186         SecContextEstablished,
00187         SecContextEstablishExpired,
00188         SecContextExpired,
00189         SecContextInvalid
00190     };
00191 
00192     struct ChannelBindings {
00193       unsigned long   initiator_addrtype;
00194       CORBA::OctetSeq initiator_address;
00195       unsigned long   acceptor_addrtype;
00196       CORBA::OctetSeq acceptor_address;
00197       CORBA::OctetSeq application_data;
00198     };
00199 
00200     // For use with SecurityReplaceable
00201     struct OpaqueBuffer {
00202       Opaque buffer;
00203       unsigned long startpos;
00204       unsigned long endpos;
00205       // startpos <= endpos
00206       // OpaqueBuffer is said to be empty if startpos == endpos
00207     };
00208 
00209     // Association options which can be administered
00210     // on secure invocation policy and used to
00211     // initialize security context
00212     typedef unsigned short    AssociationOptions;
00213 
00214     const AssociationOptions NoProtection = 1;
00215     const AssociationOptions Integrity = 2;
00216     const AssociationOptions Confidentiality = 4;
00217     const AssociationOptions DetectReplay = 8;
00218     const AssociationOptions DetectMisordering = 16;
00219     const AssociationOptions EstablishTrustInTarget = 32;
00220     const AssociationOptions EstablishTrustInClient = 64;
00221     const AssociationOptions NoDelegation = 128;
00222     const AssociationOptions SimpleDelegation = 256;
00223     const AssociationOptions CompositeDelegation = 512;
00224 
00225     // Flag to indicate whether association options being
00226     // administered are the "required" or "supported" set
00227     enum RequiresSupports {
00228         SecRequires,
00229         SecSupports
00230     };
00231 
00232     // Direction of communication for which
00233     // secure invocation policy applies
00234     enum CommunicationDirection {
00235         SecDirectionBoth,
00236         SecDirectionRequest,
00237         SecDirectionReply
00238     };
00239 
00240     // security association mechanism type
00241     typedef string MechanismType;
00242     typedef sequence<MechanismType> MechanismTypeList;
00243 
00244     // AssociationOptions-Direction pair
00245     struct OptionsDirectionPair {
00246         AssociationOptions           options;
00247         CommunicationDirection       direction;
00248     };
00249 
00250     typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;
00251 
00252     // Delegation mode which can be administered
00253     enum DelegationMode {
00254         SecDelModeNoDelegation,       // i.e. use own credentials
00255         SecDelModeSimpleDelegation,   // delegate received credentials
00256         SecDelModeCompositeDelegation // delegate both
00257     };
00258 
00259     // Association options supported by a given mech type
00260     struct MechandOptions {
00261         MechanismType        mechanism_type;
00262         AssociationOptions   options_supported;
00263     };
00264 
00265     typedef sequence <MechandOptions> MechandOptionsList;
00266 
00267     // Attribute of the SecurityLevel2::EstablishTrustPolicy
00268     struct EstablishTrust {
00269       boolean trust_in_client;
00270       boolean trust_in_target;
00271     };
00272 
00273     // Audit
00274     typedef unsigned long  AuditChannelId;
00275     typedef unsigned short _EventType;
00276 
00277     const _EventType    AuditAll = 0;
00278     const _EventType    AuditPrincipalAuth = 1;
00279     const _EventType    AuditSessionAuth = 2;
00280     const _EventType    AuditAuthorization = 3;
00281     const _EventType    AuditInvocation = 4;
00282     const _EventType    AuditSecEnvChange = 5;
00283     const _EventType    AuditPolicyChange = 6;
00284     const _EventType    AuditObjectCreation = 7;
00285     const _EventType    AuditObjectDestruction = 8;
00286     const _EventType    AuditNonRepudiation = 9;
00287 
00288     enum DayOfTheWeek {
00289       Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
00290     };
00291 
00292     enum AuditCombinator {
00293       SecAllSelectors,
00294       SecAnySelector
00295     };
00296 
00297     struct AuditEventType {
00298         ExtensibleFamily    event_family;
00299         _EventType           event_type;
00300     };
00301 
00302     typedef sequence <AuditEventType> AuditEventTypeList;
00303 
00304     typedef unsigned long SelectorType;
00305 
00306     const SelectorType    InterfaceName = 1;
00307     const SelectorType    ObjectRef = 2;
00308     const SelectorType    Operation = 3;
00309     const SelectorType    Initiator = 4;
00310     const SelectorType    SuccessFailure = 5;
00311     const SelectorType    Time = 6;
00312     const SelectorType    DayOfWeek = 7;
00313 
00314     // values defined for audit_needed and audit_write are:
00315     // InterfaceName: CORBA::RepositoryId
00316     // ObjectRef: object reference
00317     // Operation: op_name
00318     // Initiator: Credentials
00319     // SuccessFailure: boolean
00320     // Time: utc time on audit_write; time picked up from
00321     //       environment in audit_needed if required
00322     // DayOfWeek: DayOfTheWeek
00323 
00324     struct SelectorValue {
00325         SelectorType        selector;
00326         any                 value;
00327     };
00328 
00329     typedef sequence <SelectorValue> SelectorValueList;
00330 
00331     // Constant declaration for valid Security Policy Types
00332 
00333     // General administrative policies
00334     const CORBA::PolicyType SecClientInvocationAccess = 1;
00335     const CORBA::PolicyType SecTargetInvocationAccess = 2;
00336     const CORBA::PolicyType SecApplicationAccess      = 3;
00337     const CORBA::PolicyType SecClientInvocationAudit  = 4;
00338     const CORBA::PolicyType SecTargetInvocationAudit  = 5;
00339     const CORBA::PolicyType SecApplicationAudit       = 6;
00340     const CORBA::PolicyType SecDelegation             = 7;
00341     const CORBA::PolicyType SecClientSecureInvocation = 8;
00342     const CORBA::PolicyType SecTargetSecureInvocation = 9;
00343     const CORBA::PolicyType SecNonRepudiation         = 10;
00344 
00345 
00346     // Policies used to control attributes of a binding to a target
00347     const CORBA::PolicyType SecMechanismsPolicy            = 12;
00348     const CORBA::PolicyType SecInvocationCredentialsPolicy = 13;
00349     const CORBA::PolicyType SecFeaturePolicy               = 14; // obsolete
00350     const CORBA::PolicyType SecQOPPolicy                   = 15;
00351 
00352     const CORBA::PolicyType SecDelegationDirectivePolicy = 38;
00353     const CORBA::PolicyType SecEstablishTrustPolicy      = 39;
00354 };
00355 
00356 #pragma prefix ""
00357 
00358 #endif /* _SECURITY_IDL_ */
Generated on Thu Nov 9 13:50:47 2006 for TAO_Security by doxygen 1.3.6