geronimo-spec-corba/src/main/idl/NRService.idl - geronimo-specs - Git at Google

 #ifndef _NR_SERVICE_IDL
 #define _NR_SERVICE_IDL

 #pragma prefix "omg.org"

 #include <SecurityLevel2.idl>

 module NRService  {

     typedef Security::MechanismType 	NRMech;
     typedef Security::ExtensibleFamily	NRPolicyId;

     enum EvidenceType {
         SecProofofCreation,
         SecProofofReceipt,
         SecProofofApproval,
         SecProofofRetrieval,
         SecProofofOrigin,
         SecProofofDelivery,
         SecNoEvidence     // used when request-only token desired
     };

     enum NRVerificationResult {
         SecNRInvalid,
         SecNRValid,
         SecNRConditionallyValid
     };

     // the following are used for evidence validity duration
     typedef unsigned long   DurationInMinutes;

     const DurationInMinutes DurationHour   = 60;
     const DurationInMinutes DurationDay    = 1440;
     const DurationInMinutes DurationWeek   = 10080;
     const DurationInMinutes DurationMonth = 43200;// 30 days;
     const DurationInMinutes DurationYear   = 525600;//365 days;

     typedef long TimeOffsetInMinutes;

     struct NRPolicyFeatures {
          NRPolicyId         policy_id;
          unsigned long      policy_version;
          NRMech             mechanism;
     };

     typedef sequence <NRPolicyFeatures> NRPolicyFeaturesList;

     // features used when generating requests
     struct RequestFeatures {
         NRPolicyFeatures    requested_policy;
         EvidenceType        requested_evidence;
         string              requested_evidence_generators;
         string              requested_evidence_recipients;
         boolean             include_this_token_in_evidence;
     };

     struct EvidenceDescriptor {
         EvidenceType        evidence_type;
         DurationInMinutes   evidence_validity_duration;
         boolean             must_use_trusted_time;
     };

     typedef sequence <EvidenceDescriptor> EvidenceDescriptorList;

     struct AuthorityDescriptor {
         string              authority_name;
         string              authority_role;
         TimeOffsetInMinutes last_revocation_check_offset;
                  // may be >0 or <0; add this to evid. gen. time to
                  // get latest time at which mech. will check to see
                  // if this authority's key has been revoked.
     };

     typedef sequence <AuthorityDescriptor> AuthorityDescriptorList;

     struct MechanismDescriptor {
         NRMech                  mech_type;
         AuthorityDescriptorList authority_list;
         TimeOffsetInMinutes     max_time_skew;
                 // max permissible difference between evid. gen. time
                 // and time of time service countersignature
                 // ignored if trusted time not reqd.
     };

     typedef sequence <MechanismDescriptor> MechanismDescriptorList;


     interface NRCredentials : SecurityLevel2::Credentials{

         boolean set_NR_features(
             in   NRPolicyFeaturesList         requested_features,
             out  NRPolicyFeaturesList         actual_features
         );

         NRPolicyFeaturesList get_NR_features ();

         void generate_token(
             in   Security::Opaque             input_buffer,
             in   EvidenceType                 generate_evidence_type,
             in   boolean                      include_data_in_token,
             in   boolean                      generate_request,
             in   RequestFeatures              request_features,
             in   boolean                      input_buffer_complete,
             out  Security::Opaque             nr_token,
             out  Security::Opaque             evidence_check
         );

         NRVerificationResult verify_evidence(
             in   Security::Opaque             input_token_buffer,
             in   Security::Opaque             evidence_check,
             in   boolean                      form_complete_evidence,
             in   boolean                      token_buffer_complete,
             out  Security::Opaque             output_token,
             out  Security::Opaque             data_included_in_token,
             out  boolean                      evidence_is_complete,
             out  boolean                      trusted_time_used,
             out  Security::TimeT              complete_evidence_before,
             out  Security::TimeT              complete_evidence_after
         );

         void get_token_details(
             in   Security::Opaque             token_buffer,
             in   boolean                      token_buffer_complete,
             out  string                       token_generator_name,
             out  NRPolicyFeatures             policy_features,
             out  EvidenceType                 evidence_type,
             out  Security::UtcT               evidence_generation_time,
             out  Security::UtcT               evidence_valid_start_time,
             out  DurationInMinutes            evidence_validity_duration,
             out  boolean                      data_included_in_token,
             out  boolean                      request_included_in_token,
             out  RequestFeatures              request_features
         );

         boolean form_complete_evidence(
             in   Security::Opaque             input_token,
             out  Security::Opaque             output_token,
             out  boolean                      trusted_time_used,
             out  Security::TimeT              complete_evidence_before,
             out  Security::TimeT              complete_evidence_after
         );
     };


     interface NRPolicy : CORBA::Policy{

         void get_NR_policy_info(
             out  Security::ExtensibleFamily   NR_policy_id,
             out  unsigned long                policy_version,
             out  Security::TimeT              policy_effective_time,
             out  Security::TimeT              policy_expiry_time,
             out  EvidenceDescriptorList       supported_evidence_types,
             out  MechanismDescriptorList      supported_mechanisms
         );

         boolean set_NR_policy_info(
             in   MechanismDescriptorList      requested_mechanisms,
             out  MechanismDescriptorList      actual_mechanisms
         );
     };
 };
 #endif /* _NR_SERVICE_IDL */
	#ifndef _NR_SERVICE_IDL
	#define _NR_SERVICE_IDL

	#pragma prefix "omg.org"

	#include <SecurityLevel2.idl>

	module NRService {

	typedef Security::MechanismType NRMech;
	typedef Security::ExtensibleFamily NRPolicyId;

	enum EvidenceType {
	SecProofofCreation,
	SecProofofReceipt,
	SecProofofApproval,
	SecProofofRetrieval,
	SecProofofOrigin,
	SecProofofDelivery,
	SecNoEvidence // used when request-only token desired
	};

	enum NRVerificationResult {
	SecNRInvalid,
	SecNRValid,
	SecNRConditionallyValid
	};

	// the following are used for evidence validity duration
	typedef unsigned long DurationInMinutes;

	const DurationInMinutes DurationHour = 60;
	const DurationInMinutes DurationDay = 1440;
	const DurationInMinutes DurationWeek = 10080;
	const DurationInMinutes DurationMonth = 43200;// 30 days;
	const DurationInMinutes DurationYear = 525600;//365 days;

	typedef long TimeOffsetInMinutes;

	struct NRPolicyFeatures {
	NRPolicyId policy_id;
	unsigned long policy_version;
	NRMech mechanism;
	};

	typedef sequence <NRPolicyFeatures> NRPolicyFeaturesList;

	// features used when generating requests
	struct RequestFeatures {
	NRPolicyFeatures requested_policy;
	EvidenceType requested_evidence;
	string requested_evidence_generators;
	string requested_evidence_recipients;
	boolean include_this_token_in_evidence;
	};

	struct EvidenceDescriptor {
	EvidenceType evidence_type;
	DurationInMinutes evidence_validity_duration;
	boolean must_use_trusted_time;
	};

	typedef sequence <EvidenceDescriptor> EvidenceDescriptorList;

	struct AuthorityDescriptor {
	string authority_name;
	string authority_role;
	TimeOffsetInMinutes last_revocation_check_offset;
	// may be >0 or <0; add this to evid. gen. time to
	// get latest time at which mech. will check to see
	// if this authority's key has been revoked.
	};

	typedef sequence <AuthorityDescriptor> AuthorityDescriptorList;

	struct MechanismDescriptor {
	NRMech mech_type;
	AuthorityDescriptorList authority_list;
	TimeOffsetInMinutes max_time_skew;
	// max permissible difference between evid. gen. time
	// and time of time service countersignature
	// ignored if trusted time not reqd.
	};

	typedef sequence <MechanismDescriptor> MechanismDescriptorList;


	interface NRCredentials : SecurityLevel2::Credentials{

	boolean set_NR_features(
	in NRPolicyFeaturesList requested_features,
	out NRPolicyFeaturesList actual_features
	);

	NRPolicyFeaturesList get_NR_features ();

	void generate_token(
	in Security::Opaque input_buffer,
	in EvidenceType generate_evidence_type,
	in boolean include_data_in_token,
	in boolean generate_request,
	in RequestFeatures request_features,
	in boolean input_buffer_complete,
	out Security::Opaque nr_token,
	out Security::Opaque evidence_check
	);

	NRVerificationResult verify_evidence(
	in Security::Opaque input_token_buffer,
	in Security::Opaque evidence_check,
	in boolean form_complete_evidence,
	in boolean token_buffer_complete,
	out Security::Opaque output_token,
	out Security::Opaque data_included_in_token,
	out boolean evidence_is_complete,
	out boolean trusted_time_used,
	out Security::TimeT complete_evidence_before,
	out Security::TimeT complete_evidence_after
	);

	void get_token_details(
	in Security::Opaque token_buffer,
	in boolean token_buffer_complete,
	out string token_generator_name,
	out NRPolicyFeatures policy_features,
	out EvidenceType evidence_type,
	out Security::UtcT evidence_generation_time,
	out Security::UtcT evidence_valid_start_time,
	out DurationInMinutes evidence_validity_duration,
	out boolean data_included_in_token,
	out boolean request_included_in_token,
	out RequestFeatures request_features
	);

	boolean form_complete_evidence(
	in Security::Opaque input_token,
	out Security::Opaque output_token,
	out boolean trusted_time_used,
	out Security::TimeT complete_evidence_before,
	out Security::TimeT complete_evidence_after
	);
	};


	interface NRPolicy : CORBA::Policy{

	void get_NR_policy_info(
	out Security::ExtensibleFamily NR_policy_id,
	out unsigned long policy_version,
	out Security::TimeT policy_effective_time,
	out Security::TimeT policy_expiry_time,
	out EvidenceDescriptorList supported_evidence_types,
	out MechanismDescriptorList supported_mechanisms
	);

	boolean set_NR_policy_info(
	in MechanismDescriptorList requested_mechanisms,
	out MechanismDescriptorList actual_mechanisms
	);
	};
	};
	#endif /* _NR_SERVICE_IDL */