//tabstop=4 //*********************************************************************** // ORBAsec SL3 // ---------------------------------------------------------------------- // Copyright (C) 2001 Adiron, LLC. // All rights reserved. // ---------------------------------------------------------------------- // $Id$ //*********************************************************************** // // Marked modifications Copyright (C) 2002, 2003, 2004 ObjectSecurity Ltd. // #ifndef _SL3CSIARGS_IDL_ #define _SL3CSIARGS_IDL_ #include #include #include #include #include #include #include #include #include #include #pragma prefix "adiron.com" /** * This module contains structures and a factory interface to * create tagged argument lists that will be given to the * args parameter of the SecurityLevel3::CredentialsCurator. *

* ORBAsec SL3 uses this kind of mechanism because it is the * easiest way to represent optional arguments. *

* To alleviate the hassles of dealing with any's and creating * them, there is a factory retrieved by ORB::resolve_initial_references * using "SL3:ArgumentFactory". From this object one may create an * acquisition argument builder. This approach takes most of the work * out of forming the Credentials acquisition argument. * The form of the arguments and their requiredness or optionality * are defined by the specific acquisition mechanisms using them. * * The Credentials Acquired with these arguments handle the * CORBA CSIv2 protocol. */ module SL3CSI { /** * There is currently only one acquisition method for * CSI based Credentials. */ // begin of ObjectSecurity removal // const SL3CM::AcquisitionMethod AQM_CSIArgs = "CSIArgs"; // end of ObjectSecurity removal /** * An object of this interface is created by the Argument Factory Object. * It aids in creating the Credentials Acquisition Argument for * CSI based Credentials. */ // begin of ObjectSecurity operation name change local interface CSIArgBuilder : SL3AQArgs::ArgBuilder { /** * This operation places a user defined Password Generator * in the acquisition argument. */ void add_password_generator( in UserPassword::PasswordGenerator generator ); /** * This operation places a user defined Password Processor * in the acquisition argument. */ void add_password_processor( in UserPassword::PasswordProcessor processor ); /** * This operation causes the creation credentials that * have a "quoted" principal. CSI Credentials of this * type will assert the particular principal name to a server. */ void add_named_quoted_principal( in SL3PM::PrincipalName principal_name ); /** * This operation causes the creation credentials that * have a "quoted" principal. CSI Credentials of this * type will assert the particular identity to a server. */ void add_encoded_quoted_principal( in SL3PM::IdentityStatement identity ); /** * This operation places a user defined Trust Decider in * the acquisition argument. */ void add_trust_in_server_decider( in Trust::LocalTrustInServerDecider trust_decider ); // begin ObjectSecurity removal /** * This operation causes CSI Credentials to be created * over a particular transport as if you created the * transport credentials using the * TransportSecurity::CredentialsCurator and used the * addUseTransportCredentials operation of this object. */ // void addTransportCredentialsAQArgs( // in SL3CM::MechanismId mechanism_id, // in SL3CM::AcquisitionMethod acquisition_method, // in any acquisition_arguments // ); // end ObjectSecurity removal /** * This operation causes CSI Credentials to be created * over a particular transport credentials that have * already been created by using the * TransportSecurity::CredentialsCurator. */ void add_transport_credentials( in TransportSecurity::OwnCredentials credentials ); // end of ObjectSecurity operation name change // begin of ObjectSecurity addition void add_credentials_observer(in SL3OM::CredentialsObserver observer); void add_client_credentials_observer(in SL3OM::ClientCredentialsObserver observer); void add_target_credentials_observer(in SL3OM::TargetCredentialsObserver observer); // end of ObjectSecurity addition /** * This operation adds an ATLAS to your CSI Credentials. * ATLAS is the Authorization Token Layer Acquisition Service. * Each ATLAS represents a specific Authorization context, and * is used to give your clients the ability to "log" in, and * present credentials (i.e. an Authorization Token) for which * to work the requests. It also gives the ability for clients * to cache the tokens, so performance will be better. *

* None of the arguments can be null. *

* The cache_id is the caching Id, according to the ATLAS * specification which must be unique to this authorization * context, amongst all other authorization contexts. If you * do not have a cache id, then this argument should be an * empty octet sequence. *

* The token_dispenser is the ATLAS AuthTokenDispenser interface. * This cannot be a "local" object. *

* The supports_delegation_by_client and requires_delegation_by_client * arguments tell the client the way in which it * will use the ATLAS. This * information gets put in the ATLAS Profile, which is put * in the IOR of the objects associated with the credentials. *

* The token_processor is the "sister" to the ATLAS, as it * understands the tokens that the ATLAS ships out to clients. * It is specific to the Authorization context. It may be * a local object, but also can make remote calls. */ // begin of ObjectSecurity change void add_ATLAS_object( in ATLAS::ATLASCacheId cache_id, in ATLAS::AuthTokenDispenser token_dispenser, in SL3Authorization::TokenProcessor token_processor ); // end of ObjectSecurity change // begin of ObjectSecurity addition void add_token_processor( in SL3Authorization::TokenProcessor token_processor ); void add_identity_processor( in SL3TLS::TLSX509IdentityProcessor processor ); // end of ObjectSecurity addition }; /** * This interface is a factory for arguments that will * be in use for ORBAsec credentials acquisition mechanisms. * It is retrievable off the ORB at "SL3:ArgumentFactory" */ // begin of ObjectSecurity removal // local interface ArgumentFactory { // local interface ArgumentFactory : SL3AQArgs::ArgumentFactory { /** * Creates a new CSI Argument Builder object with the specified * Credentials usage. */ // CSIArgBuilder createCSIArgBuilder( // in SecurityLevel3::CredentialsUsage usage // ); /** * This operation creates a Tagged Argument containing * the following information for acquiring CSI credentials. *

* For a description of the arguments, please see the * corresponding operation in the CSIArgBuilder. * * @see CSIArgBuilder */ // kcg change // SL3AQArgs::Argument createUserPasswordCAGenerator( // in UserPassword::PasswordGenerator generator // ); /** * This operation creates a Tagged Argument containing * the following information for acquiring CSI credentials. *

* For a description of the arguments, please see the * corresponding operation in the CSIArgBuilder. * * @see CSIArgBuilder */ // kcg change // SL3AQArgs::Argument createUserPasswordCAProcessor( // in UserPassword::PasswordProcessor processor // ); /** * This operation creates a Tagged Argument containing * the following information for acquiring CSI credentials. *

* For a description of the arguments, please see the * corresponding operation in the CSIArgBuilder. * * @see CSIArgBuilder */ // kcg change // SL3AQArgs::Argument createKerberosCAGenerator( // ); /** * This operation creates a Tagged Argument containing * the following information for acquiring CSI credentials. *

* For a description of the arguments, please see the * corresponding operation in the CSIArgBuilder. * * @see CSIArgBuilder */ // kcg change // SL3AQArgs::Argument createKerberosCAProcessor( // ); /** * This operation creates a Tagged Argument containing * the following information for acquiring CSI credentials. *

* For a description of the arguments, please see the * corresponding operation in the CSIArgBuilder. * * @see CSIArgBuilder */ // kcg change // SL3AQArgs::Argument createNamedQuotedPrincipal( // in SecurityLevel3::PrincipalName prin_name // ); /** * This operation creates a Tagged Argument containing * the following information for acquiring CSI credentials. *

* For a description of the arguments, please see the * corresponding operation in the CSIArgBuilder. * * @see CSIArgBuilder */ // kcg change // SL3AQArgs::Argument createEncodedQuotedPrincipal( // in SecurityLevel3::IdentityStatement prin_name // ); /** * This operation creates a Arg_TrustInServerDecider tagged * argument. */ // kcg change // SL3AQArgs::Argument createLocalTrustInServerDecider( // in Trust::LocalTrustInServerDecider trust_decider // ); /** * This operation creates a Tagged Argument containing * the following information for acquiring CSI credentials. *

* For a description of the arguments, please see the * corresponding operation in the CSIArgBuilder. * * @see CSIArgBuilder */ // kcg change // SL3AQArgs::Argument createTransportCredentialsAQArgs( // in TransportSecurity::MechanismId mechanism_id, // in TransportSecurity::AcquisitionMethod acquisition_method, // in any acquisition_arguments // ); /** * This operation creates a Tagged Argument containing * the following information for acquiring CSI credentials. *

* For a description of the arguments, please see the * corresponding operation in the CSIArgBuilder. * * @see CSIArgBuilder */ // kcg change // SL3AQArgs::Argument createUseTransportCredentials( // in TransportSecurity::OwnCredentials credentials // ); /** * This operation creates a Tagged Argument containing * the following information for acquiring CSI credentials. *

* For a description of the arguments, please see the * corresponding operation in the CSIArgBuilder. * * @see CSIArgBuilder */ // kcg change // SL3AQArgs::Argument createATLASObject( // in ATLAS::ATLASCacheId cache_id, // in ATLAS::AuthTokenDispenser token_dispenser, // in boolean supports_endorsement_by_client, // in boolean requires_endorsement_by_client, // in SL3Authorization::TokenProcessor token_processor // ); // }; // end of ObjectSecurity removal }; #endif