//tabstop=4 //*********************************************************************** // ORBAsec SL3 // ---------------------------------------------------------------------- // Copyright (C) 2001 Adiron, LLC. // All rights reserved. // ---------------------------------------------------------------------- // $Id$ //*********************************************************************** // // Marked modifications Copyright (C) 2002, 2003 ObjectSecurity Ltd. // #ifndef _SL3CM_IDL_ #define _SL3CM_IDL_ module SL3CM { // The SL3CM module contains common definitions for Credentials // Model. These definitions were moved here from SecurityLevel3 // module, since they are also used in the TransportSecurity module // and it is useless to duplicate constants definitions inside // both modules. // // // The Security Level 3 Credentials Model // /** * Credentials come in three types. OwnCredentials, ClientCredentials, * and TargetCredentials. OwnCredentials represent the ORB instance's * credentials. Each Credentials has initiating and accepting capability. * ClientCredentials represent an established security context with * a client. TargetCredentials represent an established security context * with a Target's Server. */ typedef unsigned long CredentialsType; /** * The CT_OwnCredentials CredentialsType signifies that the * Credentials can be extended to the OwnCredentials Type. */ const CredentialsType CT_OwnCredentials = 0; /** * The CT_ClientCredentials CredentialsType signifies that the * Credentials can be extended to the ClientCredentials Type. */ const CredentialsType CT_ClientCredentials = 1; /** * The CT_TargetCredentials CredentialsType signifies that the * Credentials can be extended to the ClientCredentials Type. */ const CredentialsType CT_TargetCredentials = 2; /** * A Credentials object has a validity state. Some credentials * may be time or use dependent. */ typedef long CredentialsState; /** * The Credentials with a CredentialsState of CS_Invalid cannot be * used in any the initiating or accepting establishment of any * security contexts. */ const CredentialsState CS_Invalid = -3; /** * Credentials with a CredentialsState of CS_Expired can no longer * be used for initiating or accepting establishment of any * security contexts. */ const CredentialsState CS_Expired = -2; /** * Credentials with a CredentialsState of CS_PendingRelease can no longer * be used for initiating or accepting establishment of any * security contexts. It means that "release_credentials" has been * called on the credentials. */ const CredentialsState CS_PendingRelease = -1; /** * Credentials with a CredentialsState of CS_Initialized can not * be used for initiating or accepting establishment of any * security contexts. It means that credentials are in an initial * state. This value is for internal use, and there is no * reason a SecurityLevel3 user should see credentials in this state. */ const CredentialsState CS_Initialized = 0; /** * Credentials with a CredentialsState of CS_Valid can * be used for initiating or accepting establishment of * security contexts. */ const CredentialsState CS_Valid = 1; /** * Credentials have system generated identifiers * to which they can be referred and retrieved. */ typedef string CredentialsId; typedef sequence CredentialsIdList; /** * Security Contexts have system generated identifiers. * Security Contexts may be long lived and not established on * every request. Therefore, an identifier is assigned. */ typedef string ContextId; typedef sequence ContextIdList; /** * Credentials Usage *

* Credentials Usage refers to the concept that Credentials may * be used to initiate security context, accept security contexts, * or do both. its values are used in the acquisition * of credentials for the purpose of designating the abilities * of the credentials acquired. */ typedef unsigned long CredentialsUsage; /** * The CU_Indefinite CredentialsUsage type is a value that * signifies the default. Depending on some other acquisition * arguments, the credentials usage may be able to be implicitly * determined. */ const CredentialsUsage CU_Indefinite = 1; /** * The CU_None CredentialsUsage type is a value that states the * credentials can not be used to make or accept security * contexts. ClientCredentials and TargetCredentials have * this credentials usage. */ const CredentialsUsage CU_None = 2; /** * The CU_AcceptOnly CredentialsUsage type is a value that signifies * that the credentials can only be used to accept the establishment * of security contexts. */ const CredentialsUsage CU_AcceptOnly = 3; /** * The CU_InitiateOnly CredentialsUsage type is a value that signifies * that the credentials can only be used to initiate the establishment * of security contexts. */ const CredentialsUsage CU_InitiateOnly = 4; /** * The CU_InitiateAndAccept CredentialsUsage type is a value that * signifies that the credentials can be used to both initiate * and accept the establishment of security contexts. */ const CredentialsUsage CU_InitiateAndAccept = 5; /** * A CredsDirective is a directive on a invocation as to the * effects of the initiated security context will have on the * the accepting side. Please see ContextEstablishmentPolicy * for is use in context with establishing security contexts. * @see ContextEstablishmentPolicy */ typedef unsigned long CredsDirective; /** * The CD_Default CredsDirective is a value that signifies to * use the capabilities of the selected credentials. */ const CredsDirective CD_Default = 0; /** * The CD_InvokeTarget CredsDirective is a value that signifies that * the selected credentials should only be used in a simple * invocation fashion. They shall not attempt to endorse or embody * the target to act on its behalf. */ const CredsDirective CD_InvokeTarget = 1; /** * The CD_EndorseTarget CredsDirective is a value that signifies that * the selected credentials, if capable, should attempt to endorse * the target. In other words, it gives the accepting side the ability * to act on behalf of the initiating side. */ const CredsDirective CD_EndorseTarget = 2; /** * The CD_EmbodyTarget CredsDirective is a value that signifies that * the selected credentials, if capable, should attempt to embody * the target. In other words, it gives the accepting side the ability * to impersonate the initiating side. */ const CredsDirective CD_EmbodyTarget = 3; /** * A Feature Directive is a general directive used in policy that * stipulates the of a particular feature. Such examples include, * confidentiality, integrity, client authentication, etc. */ typedef long FeatureDirective; /** * The FD_DoNotUse FeatureDirective means definitely do not to use * the feature. */ const FeatureDirective FD_DoNotUse = -2; /** * The FD_DoNotUseIfPossible FeatureDirective means do not to use * the feature if it is possible. Note, some mechanisms may always * use confidentiality. */ const FeatureDirective FD_DoNotUseIfPossible = -1; /** * The FD_UseDefault FeatureDirective means to use or not to use * the feature depending on defaults. */ const FeatureDirective FD_UseDefault = 0; /** * The FD_DoNotUseIfPossible FeatureDirective means do not to use * the feature if it is possible. Note, some mechanisms may not * be able to use confidentiality. */ const FeatureDirective FD_UseIfPossible = 1; /** * The FD_DoNotUse FeatureDirective means definitely use * the feature. */ const FeatureDirective FD_Use = 2; /** * Credentials are acquired by a Credentials Acquirer by some * acquisition mechanism specified in the Credentials Curator. * Acquisition methods are available on the curator. The * specifics of arguments needed and the acquisition process * are defined by the method itself. */ // typedef string AcquisitionMethod; // typedef sequence AcquisitionMethodList; /** * This type specifies the transport mechanisms, which is used for * acquiring Credentials such as TCPIP, TLS, SECIOP-Kerberos. * * NOTE: Currently Supported, "TCPIP", "TLS". */ // note: MechId definitions are used only in TransportSecurity // module, but since other modules depends on TransportSecurity // module only because of these definitions, we have rather moved // them here. Anyway, they are part of Credentials Model. // typedef string MechanismId; // typedef sequence MechanismList; typedef string AcquisitionArgumentType; }; // SL3CM #endif // _SL3CM_IDL_