#ifndef _NR_SERVICE_IDL | |
#define _NR_SERVICE_IDL | |
#pragma prefix "omg.org" | |
#include <SecurityLevel2.idl> | |
module NRService { | |
typedef Security::MechanismType NRMech; | |
typedef Security::ExtensibleFamily NRPolicyId; | |
enum EvidenceType { | |
SecProofofCreation, | |
SecProofofReceipt, | |
SecProofofApproval, | |
SecProofofRetrieval, | |
SecProofofOrigin, | |
SecProofofDelivery, | |
SecNoEvidence // used when request-only token desired | |
}; | |
enum NRVerificationResult { | |
SecNRInvalid, | |
SecNRValid, | |
SecNRConditionallyValid | |
}; | |
// the following are used for evidence validity duration | |
typedef unsigned long DurationInMinutes; | |
const DurationInMinutes DurationHour = 60; | |
const DurationInMinutes DurationDay = 1440; | |
const DurationInMinutes DurationWeek = 10080; | |
const DurationInMinutes DurationMonth = 43200;// 30 days; | |
const DurationInMinutes DurationYear = 525600;//365 days; | |
typedef long TimeOffsetInMinutes; | |
struct NRPolicyFeatures { | |
NRPolicyId policy_id; | |
unsigned long policy_version; | |
NRMech mechanism; | |
}; | |
typedef sequence <NRPolicyFeatures> NRPolicyFeaturesList; | |
// features used when generating requests | |
struct RequestFeatures { | |
NRPolicyFeatures requested_policy; | |
EvidenceType requested_evidence; | |
string requested_evidence_generators; | |
string requested_evidence_recipients; | |
boolean include_this_token_in_evidence; | |
}; | |
struct EvidenceDescriptor { | |
EvidenceType evidence_type; | |
DurationInMinutes evidence_validity_duration; | |
boolean must_use_trusted_time; | |
}; | |
typedef sequence <EvidenceDescriptor> EvidenceDescriptorList; | |
struct AuthorityDescriptor { | |
string authority_name; | |
string authority_role; | |
TimeOffsetInMinutes last_revocation_check_offset; | |
// may be >0 or <0; add this to evid. gen. time to | |
// get latest time at which mech. will check to see | |
// if this authority's key has been revoked. | |
}; | |
typedef sequence <AuthorityDescriptor> AuthorityDescriptorList; | |
struct MechanismDescriptor { | |
NRMech mech_type; | |
AuthorityDescriptorList authority_list; | |
TimeOffsetInMinutes max_time_skew; | |
// max permissible difference between evid. gen. time | |
// and time of time service countersignature | |
// ignored if trusted time not reqd. | |
}; | |
typedef sequence <MechanismDescriptor> MechanismDescriptorList; | |
interface NRCredentials : SecurityLevel2::Credentials{ | |
boolean set_NR_features( | |
in NRPolicyFeaturesList requested_features, | |
out NRPolicyFeaturesList actual_features | |
); | |
NRPolicyFeaturesList get_NR_features (); | |
void generate_token( | |
in Security::Opaque input_buffer, | |
in EvidenceType generate_evidence_type, | |
in boolean include_data_in_token, | |
in boolean generate_request, | |
in RequestFeatures request_features, | |
in boolean input_buffer_complete, | |
out Security::Opaque nr_token, | |
out Security::Opaque evidence_check | |
); | |
NRVerificationResult verify_evidence( | |
in Security::Opaque input_token_buffer, | |
in Security::Opaque evidence_check, | |
in boolean form_complete_evidence, | |
in boolean token_buffer_complete, | |
out Security::Opaque output_token, | |
out Security::Opaque data_included_in_token, | |
out boolean evidence_is_complete, | |
out boolean trusted_time_used, | |
out Security::TimeT complete_evidence_before, | |
out Security::TimeT complete_evidence_after | |
); | |
void get_token_details( | |
in Security::Opaque token_buffer, | |
in boolean token_buffer_complete, | |
out string token_generator_name, | |
out NRPolicyFeatures policy_features, | |
out EvidenceType evidence_type, | |
out Security::UtcT evidence_generation_time, | |
out Security::UtcT evidence_valid_start_time, | |
out DurationInMinutes evidence_validity_duration, | |
out boolean data_included_in_token, | |
out boolean request_included_in_token, | |
out RequestFeatures request_features | |
); | |
boolean form_complete_evidence( | |
in Security::Opaque input_token, | |
out Security::Opaque output_token, | |
out boolean trusted_time_used, | |
out Security::TimeT complete_evidence_before, | |
out Security::TimeT complete_evidence_after | |
); | |
}; | |
interface NRPolicy : CORBA::Policy{ | |
void get_NR_policy_info( | |
out Security::ExtensibleFamily NR_policy_id, | |
out unsigned long policy_version, | |
out Security::TimeT policy_effective_time, | |
out Security::TimeT policy_expiry_time, | |
out EvidenceDescriptorList supported_evidence_types, | |
out MechanismDescriptorList supported_mechanisms | |
); | |
boolean set_NR_policy_info( | |
in MechanismDescriptorList requested_mechanisms, | |
out MechanismDescriptorList actual_mechanisms | |
); | |
}; | |
}; | |
#endif /* _NR_SERVICE_IDL */ |