Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members | Search for 

SecurityLevel2.idl

Go to the documentation of this file.
00001 // -*- IDL -*-
00002 //
00003 // $Id: SecurityLevel2.idl 78854 2007-07-12 17:10:11Z mesnier_p $
00004 
00005 
00006 #ifndef _SECURITY_LEVEL_2_IDL_
00007 #define _SECURITY_LEVEL_2_IDL_
00008 
00009 #include <orbsvcs/SecurityLevel1.idl>
00010 
00011 #pragma prefix "omg.org"
00012 
00013 module SecurityLevel2 {
00014 
00015 # pragma version SecurityLevel2 1.8
00016 
00017   // Forward declaration of interfaces
00018   local interface PrincipalAuthenticator;
00019   local interface Credentials;
00020   local interface Current;
00021 
00022   // Interface PrincipalAuthenticator
00023   local interface PrincipalAuthenticator {
00024 #   pragma version PrincipalAuthenticator 1.8
00025 
00026     Security::AuthenticationMethodList
00027     get_supported_authen_methods(
00028       in Security::MechanismType             mechanism
00029     );
00030 
00031     Security::AuthenticationStatus authenticate (
00032       in   Security::AuthenticationMethod    method,
00033       in   Security::MechanismType           mechanism,
00034       in   Security::SecurityName            security_name,
00035       in   any                               auth_data,
00036       in   Security::AttributeList           privileges,
00037       out  Credentials                       creds,
00038       out  any                               continuation_data,
00039       out  any                               auth_specific_data
00040     );
00041 
00042     Security::AuthenticationStatus continue_authentication (
00043       in   any                               response_data,
00044       in   Credentials                       creds,
00045       out  any                               continuation_data,
00046       out  any                               auth_specific_data
00047     );
00048   };
00049 
00050 
00051   // Interface Credentials
00052   local interface Credentials {
00053 #   pragma version Credentials 1.8
00054 
00055     Credentials copy ();
00056 
00057     void destroy();
00058 
00059     readonly attribute Security::InvocationCredentialsType
00060       credentials_type;
00061 
00062     readonly attribute Security::AuthenticationStatus
00063       authentication_state;
00064 
00065     readonly attribute Security::MechanismType mechanism;
00066 
00067     attribute Security::AssociationOptions
00068       accepting_options_supported;
00069 
00070     attribute Security::AssociationOptions
00071       accepting_options_required;
00072 
00073     attribute Security::AssociationOptions
00074       invocation_options_supported;
00075 
00076     attribute Security::AssociationOptions
00077       invocation_options_required;
00078 
00079     boolean get_security_feature (
00080       in Security::CommunicationDirection direction,
00081       in Security::SecurityFeature feature
00082     );
00083 
00084     boolean set_attributes (
00085       in Security::AttributeList   requested_attributes,
00086       out Security::AttributeList  actual_attributes
00087     );
00088 
00089     Security::AttributeList get_attributes (
00090       in Security::AttributeTypeList attributes
00091     );
00092 
00093     boolean is_valid (out Security::UtcT expiry_time);
00094 
00095     boolean refresh (in any refresh_data);
00096 
00097   };
00098 
00099   typedef sequence <Credentials>  CredentialsList;
00100 
00101   local interface ReceivedCredentials : Credentials {
00102 
00103 #   pragma version ReceivedCredentials 1.8
00104 
00105     readonly attribute Credentials accepting_credentials;
00106 
00107     readonly attribute Security::AssociationOptions
00108       association_options_used;
00109 
00110     readonly attribute Security::DelegationState delegation_state;
00111 
00112     readonly attribute Security::DelegationMode  delegation_mode;
00113 
00114   };
00115 
00116   local interface TargetCredentials : Credentials {
00117 
00118 #   pragma version TargetCredentials 1.8
00119 
00120     readonly attribute Credentials    initiating_credentials;
00121 
00122     readonly attribute Security::AssociationOptions
00123       association_options_used;
00124 
00125   };
00126 
00127   // RequiredRights Interface
00128   interface RequiredRights {
00129 
00130     void get_required_rights(
00131       in   Object                             obj,
00132       in   CORBA::Identifier                  operation_name,
00133       in   CORBA::RepositoryId                interface_name,
00134       out  Security::RightsList               rights,
00135       out  Security::RightsCombinator         rights_combinator
00136     );
00137 
00138     void set_required_rights(
00139       in   CORBA::Identifier                  operation_name,
00140       in   CORBA::RepositoryId                interface_name,
00141       in   Security::RightsList               rights,
00142       in   Security::RightsCombinator         rights_combinator
00143     );
00144   };
00145 
00146 
00147   // interface audit channel
00148   local interface AuditChannel {
00149 
00150 # pragma version AuditChannel 1.8
00151 
00152     void audit_write (
00153       in   Security::AuditEventType            event_type,
00154       in   CredentialsList                     creds,
00155       in   Security::UtcT                      time,
00156       in   Security::SelectorValueList         descriptors,
00157       in   any                                 event_specific_data
00158     );
00159 
00160     readonly attribute Security::AuditChannelId audit_channel_id;
00161 
00162   };
00163 
00164 
00165   // interface for Audit Decision
00166   local interface AuditDecision {
00167 
00168 #   pragma version AuditDecision 1.8
00169 
00170     boolean audit_needed (
00171       in   Security::AuditEventType            event_type,
00172       in   Security::SelectorValueList         value_list
00173     );
00174 
00175     readonly attribute AuditChannel audit_channel;
00176 
00177   };
00178 
00179 
00180   local interface AccessDecision {
00181 
00182 #   pragma version AccessDecision 1.8
00183 
00184     boolean access_allowed (
00185       in   SecurityLevel2::CredentialsList     cred_list,
00186       in   Object                              target,
00187       in   CORBA::Identifier                   operation_name,
00188       in   CORBA::Identifier                   target_interface_name
00189     );
00190   };
00191 
00192   // Policy interfaces to control bindings
00193 
00194   local interface QOPPolicy : CORBA::Policy {
00195 #   pragma version QOPPolicy 1.8
00196     readonly attribute Security::QOP           qop;
00197 
00198   };
00199 
00200   local interface MechanismPolicy : CORBA::Policy {
00201 #   pragma version MechanismPolicy 1.8
00202     readonly attribute Security::MechanismTypeList mechanisms;
00203   };
00204 
00205   local interface InvocationCredentialsPolicy : CORBA::Policy {
00206 #   pragma version InvocationCredentialsPolicy 1.8
00207     readonly attribute CredentialsList creds;
00208   };
00209 
00210   local interface EstablishTrustPolicy : CORBA::Policy {
00211 #   pragma version EstablishTrustPolicy 1.8
00212     readonly attribute Security::EstablishTrust trust;
00213   };
00214 
00215   local interface DelegationDirectivePolicy : CORBA::Policy {
00216 #   pragma version DelegationDirectivePolicy 1.8
00217     readonly attribute Security::DelegationDirective delegation_directive;
00218   };
00219 
00220   local interface SecurityManager {
00221 
00222 #   pragma version SecurityManager 1.8
00223 
00224     // Process/Capsule/ORB Instance specific operations
00225 
00226     readonly attribute Security::MechandOptionsList
00227       supported_mechanisms;
00228 
00229     readonly attribute CredentialsList own_credentials;
00230 
00231     readonly attribute RequiredRights
00232       required_rights_object;
00233 
00234     readonly attribute PrincipalAuthenticator
00235       principal_authenticator;
00236 
00237     readonly attribute AccessDecision
00238       access_decision;
00239 
00240     readonly attribute AuditDecision
00241       audit_decision;
00242 
00243     TargetCredentials get_target_credentials (
00244       in Object obj_ref
00245     );
00246 
00247     void remove_own_credentials(
00248       in Credentials creds
00249     );
00250 
00251     CORBA::Policy get_security_policy (
00252       in CORBA::PolicyType policy_type
00253     );
00254   };
00255 
00256   // Interface Current derived from SecurityLevel1::Current providing
00257   // additional operations on Current at this security level.
00258   // This is implemented by the ORB
00259   local interface Current : SecurityLevel1::Current {
00260 
00261 #    pragma version Current 1.8
00262 
00263     // Thread specific
00264 
00265     readonly attribute ReceivedCredentials received_credentials;
00266 
00267   };
00268 
00269 };
00270 
00271 #pragma prefix ""
00272 
00273 module TAO {
00274   module SL2 {
00275     local interface AccessDecision : SecurityLevel2::AccessDecision
00276     {
00277       /* TAO-specific access_allowed that works around deficiencies in
00278          the SecurityLevel2::AccessDecision::access_allowed() operation. */
00279       // Parameter object_id should be PortableInterceptor::ObjectId, but
00280       // using that type would require including the PI_Forward.pidl file.
00281       // By using the real type, we can avoid that dependency.
00282       boolean access_allowed_ex (in ::CORBA::ORBid orb_id,
00283                                  in ::CORBA::OctetSeq adapter_id,
00284                                  in ::CORBA::OctetSeq object_id,
00285                                  in ::SecurityLevel2::CredentialsList cred_list,
00286                                  in ::CORBA::Identifier operation_name);
00287 
00288       /*! Default value returned when a reference is not in the list. */
00289       // Can't come up with a good name for this.
00290       attribute boolean default_decision;
00291 
00292       /*! Establish whether a particular object can be accessed via insecure
00293         means. */
00294       void add_object (in ::CORBA::ORBid orb_id,
00295                        in ::CORBA::OctetSeq adapter_id,
00296                        in ::CORBA::OctetSeq object_id,
00297                        in boolean allow_insecure_access);
00298       void remove_object (in ::CORBA::ORBid orb_id,
00299                           in ::CORBA::OctetSeq adapter_id,
00300                           in ::CORBA::OctetSeq object_id);
00301 
00302       // Should there be some kind of "find" interface?
00303     };
00304   };
00305 };
00306 
00307 #endif /* _SECURITY_LEVEL_2_IDL_ */
Generated on Sun Jan 27 16:09:36 2008 for TAO_Security by doxygen 1.3.6