//tabstop=4
//***********************************************************************
// ORBAsec SL3
// ----------------------------------------------------------------------
// Copyright (C) 2001 Adiron, LLC.
// All rights reserved.
// ----------------------------------------------------------------------
// $Id$
//***********************************************************************
//
// Marked modifications Copyright (C) 2002, 2003 ObjectSecurity Ltd.
//
#ifndef _TRUST_IDL_
#define _TRUST_IDL_
#include <mico/security/sl3pm.idl>
#include <mico/security/sl3cm.idl>
#pragma prefix "adiron.com"
/**
* This module contains various Trust elements for ORBAsec.
*/
module Trust {
/**
* This local interface is created by clients and used locally. It represents
* a trust decider that determine if the server
* trusted to receive further client authentication information
* (i.e. username password) and authorization information.
* It takes the server principal that has been authenticated
* at the transport level by the security service.
*/
// change to local interface from valuetype done by ObjectSecurity
local interface LocalTrustInServerDecider {
/**
* This operation determines the trust in the server
* principal. This principal is the transport principal
* of the server that was possibly authenticated by the
* clients security service. This operation is called by
* the security service.
*
* @param server_principal
* This field is the principal that represents the server.
* It may be authenticated. Check the attributes.
*
* @param supporting_statements
* This field will contain any Identity Statements
* that support the Security Services deduction of the
* principal.
* @param confidentiality
* This field is true if the transport talking to the
* server is confidential. Check the principal's
* attributes for any indication of the cipher and
* its strength.
* @param integrity
* This field is true if the transport talking with
* the server has integrity protection. Check the prnicipal's
* attributes for any indication of the cipher and
* its strength.
* @param creds_directive
* This is the creds directive, i.e. invoke, endorse,
* or embody, that the credentials will use once trust
* has been established. If this is a first time invocation
* for the SL3 Credentials, a minimal transport without
* endorsement, or embodiment capabilities (n/a for TLS)
* is established first for the purposes of determining
* trust.
*
* @return True if this object determines that the target is
* trusted to receive such things as authorization tokens,
* client authenticators, and receive invocations from
* this client.
*/
boolean is_trusted(
in SL3PM::Principal server_principal,
in SL3PM::StatementList supporting_statements,
in boolean confidentiality,
in boolean integrity,
in SL3CM::CredsDirective creds_directive
);
};
};
#endif // _TRUST_IDL_