#ifndef _SECURITY_IDL_ | |
#define _SECURITY_IDL_ | |
#include <orb.idl> | |
#include <TimeBase.idl> | |
#pragma prefix "omg.org" | |
module Security { | |
# pragma version Security 1.5 | |
typedef string SecurityName; | |
typedef sequence <octet> Opaque; | |
// Constant declarations for Security Service Options | |
const CORBA::ServiceOption SecurityLevel1 = 1; | |
const CORBA::ServiceOption SecurityLevel2 = 2; | |
const CORBA::ServiceOption NonRepudiation = 3; | |
const CORBA::ServiceOption SecurityORBServiceReady = 4; | |
const CORBA::ServiceOption SecurityServiceReady = 5; | |
const CORBA::ServiceOption ReplaceORBServices = 6; | |
const CORBA::ServiceOption ReplaceSecurityServices = 7; | |
const CORBA::ServiceOption StandardSecureInteroperability = 8; | |
const CORBA::ServiceOption DCESecureInteroperability = 9; | |
// Service options for Common Secure Interoperability | |
const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10; | |
const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11; | |
const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12; | |
// Security mech types supported for secure association | |
const CORBA::ServiceDetailType SecurityMechanismType = 1; | |
// privilege types supported in standard access policy | |
const CORBA::ServiceDetailType SecurityAttribute = 2; | |
// extensible families for standard data types | |
struct ExtensibleFamily { | |
unsigned short family_definer; | |
unsigned short family; | |
}; | |
// security attributes | |
typedef unsigned long SecurityAttributeType; | |
// other attributes; family = 0 | |
const SecurityAttributeType AuditId = 1; | |
const SecurityAttributeType AccountingId = 2; | |
const SecurityAttributeType NonRepudiationId = 3; | |
// privilege attributes; family = 1 | |
const SecurityAttributeType _Public = 1; | |
const SecurityAttributeType AccessId = 2; | |
const SecurityAttributeType PrimaryGroupId = 3; | |
const SecurityAttributeType GroupId = 4; | |
const SecurityAttributeType Role = 5; | |
const SecurityAttributeType AttributeSet = 6; | |
const SecurityAttributeType Clearance = 7; | |
const SecurityAttributeType Capability = 8; | |
struct AttributeType { | |
ExtensibleFamily attribute_family; | |
SecurityAttributeType attribute_type; | |
}; | |
typedef sequence<AttributeType> AttributeTypeList; | |
struct SecAttribute { | |
AttributeType attribute_type; | |
Opaque defining_authority; | |
Opaque value; | |
// the value of this attribute can be | |
// interpreted only with knowledge of type | |
}; | |
typedef sequence <SecAttribute> AttributeList; | |
// Authentication return status | |
enum AuthenticationStatus { | |
SecAuthSuccess, | |
SecAuthFailure, | |
SecAuthContinue, | |
SecAuthExpired | |
}; | |
// Association return status | |
enum AssociationStatus { | |
SecAssocSuccess, | |
SecAssocFailure, | |
SecAssocContinue | |
}; | |
// Authentication method | |
typedef unsigned long AuthenticationMethod; | |
typedef sequence<AuthenticationMethod> AuthenticationMethodList; | |
// Credential types which can be set as Current default | |
enum CredentialType { | |
SecInvocationCredentials, | |
SecNRCredentials | |
}; | |
enum InvocationCredentialsType { | |
SecOwnCredentials, | |
SecReceivedCredentials | |
}; | |
// Declarations related to Rights | |
struct Right { | |
ExtensibleFamily rights_family; | |
string right; | |
}; | |
typedef sequence <Right> RightsList; | |
enum RightsCombinator { | |
SecAllRights, | |
SecAnyRight | |
}; | |
// Delegation related | |
enum DelegationState { | |
SecInitiator, | |
SecDelegate | |
}; | |
enum DelegationDirective { | |
Delegate, | |
NoDelegate | |
}; | |
// pick up from TimeBase | |
typedef TimeBase::UtcT UtcT; | |
typedef TimeBase::IntervalT IntervalT; | |
typedef TimeBase::TimeT TimeT; | |
// Security features available on credentials. | |
enum SecurityFeature { | |
SecNoDelegation, | |
SecSimpleDelegation, | |
SecCompositeDelegation, | |
SecNoProtection, | |
SecIntegrity, | |
SecConfidentiality, | |
SecIntegrityAndConfidentiality, | |
SecDetectReplay, | |
SecDetectMisordering, | |
SecEstablishTrustInTarget, | |
SecEstablishTrustInClient | |
}; | |
// Quality of protection which can be specified | |
// for an object reference and used to protect messages | |
enum QOP { | |
SecQOPNoProtection, | |
SecQOPIntegrity, | |
SecQOPConfidentiality, | |
SecQOPIntegrityAndConfidentiality | |
}; | |
// Type of SecurityContext | |
enum SecurityContextType { | |
SecClientSecurityContext, | |
SecServerSecurityContext | |
}; | |
// Operational State of a Security Context | |
enum SecurityContextState { | |
SecContextInitialized, | |
SecContextContinued, | |
SecContextClientEstablished, | |
SecContextEstablished, | |
SecContextEstablishExpired, | |
SecContextExpired, | |
SecContextInvalid | |
}; | |
// For use with SecurityReplaceable | |
struct OpaqueBuffer { | |
Opaque buffer; | |
unsigned long startpos; | |
unsigned long endpos; | |
// startpos <= endpos | |
// OpaqueBuffer is said to be empty if startpos == endpos | |
}; | |
// Association options which can be administered | |
// on secure invocation policy and used to | |
// initialize security context | |
typedef unsigned short AssociationOptions; | |
const AssociationOptions NoProtection = 1; | |
const AssociationOptions Integrity = 2; | |
const AssociationOptions Confidentiality = 4; | |
const AssociationOptions DetectReplay = 8; | |
const AssociationOptions DetectMisordering = 16; | |
const AssociationOptions EstablishTrustInTarget = 32; | |
const AssociationOptions EstablishTrustInClient = 64; | |
const AssociationOptions NoDelegation = 128; | |
const AssociationOptions SimpleDelegation = 256; | |
const AssociationOptions CompositeDelegation = 512; | |
const AssociationOptions IdentityAssertion = 1024; | |
const AssociationOptions DelegationByClient = 2048; | |
//Types Defined for CSIv2 | |
typedef sequence <octet> OID; | |
// An X509CertificateChain contains an ASN.1 BER encoded SEQUENCE [1..MAX] | |
// OF X.509 certificates encapsulated in a sequence of octets. The | |
// subjects certificate shall come first in the list. Each following | |
// certificate shall directly certify the one preceding it. The ASN.1 | |
// representation of Certificate is as defined in [IETF RFC 2459]. | |
typedef sequence <octet> X509CertificateChain; | |
// an X.501 type name or Distinguished Name encapsulated in a sequence of | |
// octets containing the ASN.1 encoding. | |
typedef sequence <octet> X501DistinguishedName; | |
typedef sequence <octet> UTF8String; | |
typedef UTF8String NameValue; | |
struct ScopedName { | |
Security::NameValue name_scope; | |
Security::NameValue name_value; | |
}; | |
// A sequence of octets containing a GSStoken. Initial context tokens are | |
// ASN.1 encoded as defined in [IETF RFC 2743] Section 3.1, | |
// "Mechanism-Independent token Format", pp. 81-82. Initial context tokens | |
// contain an ASN.1 tag followed by a token length, a mechanism identifier, | |
// and a mechanism-specific token (i.e. a GSSUP::InitialContextToken). The | |
// encoding of all other GSS tokens (e.g. error tokens and final context | |
// tokens) is mechanism dependent. | |
typedef sequence <octet> GSSToken; | |
// An encoding of a GSS Mechanism-Independent Exported Name Object as | |
// defined in [IETF RFC 2743] Section 3.2, "GSS Mechanism-Independent | |
// Exported Name Object Format," p. 84. | |
typedef sequence <octet> GSS_NT_ExportedName; | |
// End types defined for CSIv2 Flag to indicate whether association options | |
// being administered are the required or supported set | |
enum RequiresSupports { | |
SecRequires, | |
SecSupports | |
}; | |
// Direction of communication for which | |
// secure invocation policy applies | |
enum CommunicationDirection { | |
SecDirectionBoth, | |
SecDirectionRequest, | |
SecDirectionReply | |
}; | |
// security association mechanism type | |
typedef string MechanismType; | |
typedef sequence<MechanismType> MechanismTypeList; | |
struct SecurityMechanismData { | |
MechanismType mechanism; | |
Opaque security_name; | |
AssociationOptions options_supported; | |
AssociationOptions options_required; | |
}; | |
typedef sequence<SecurityMechanismData>SecurityMechanismDataList; | |
// AssociationOptions-Direction pair | |
struct OptionsDirectionPair { | |
AssociationOptions options; | |
CommunicationDirection direction; | |
}; | |
typedef sequence <OptionsDirectionPair> OptionsDirectionPairList; | |
// Delegation mode which can be administered | |
enum DelegationMode { | |
SecDelModeNoDelegation, // i.e. use own credentials | |
SecDelModeSimpleDelegation, // delegate received credentials | |
SecDelModeCompositeDelegation // delegate both; | |
}; | |
// Association options supported by a given mech type | |
struct MechandOptions { | |
MechanismType mechanism_type; | |
AssociationOptions options_supported; | |
}; | |
typedef sequence <MechandOptions> MechandOptionsList; | |
// Attribute of the SecurityLevel2::EstablishTrustPolicy | |
struct EstablishTrust { | |
boolean trust_in_client; | |
boolean trust_in_target; | |
}; | |
// Audit | |
typedef unsigned long AuditChannelId; | |
typedef unsigned short EventType; | |
const EventType AuditAll = 0; | |
const EventType AuditPrincipalAuth = 1; | |
const EventType AuditSessionAuth = 2; | |
const EventType AuditAuthorization = 3; | |
const EventType AuditInvocation = 4; | |
const EventType AuditSecEnvChange = 5; | |
const EventType AuditPolicyChange = 6; | |
const EventType AuditObjectCreation = 7; | |
const EventType AuditObjectDestruction = 8; | |
const EventType AuditNonRepudiation = 9; | |
enum DayOfTheWeek { | |
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday}; | |
enum AuditCombinator { | |
SecAllSelectors, | |
SecAnySelector | |
}; | |
struct AuditEventType { | |
ExtensibleFamily event_family; | |
EventType event_type; | |
}; | |
typedef sequence <AuditEventType> AuditEventTypeList; | |
typedef unsigned long SelectorType; | |
const SelectorType InterfaceName = 1; | |
const SelectorType ObjectRef = 2; | |
const SelectorType Operation = 3; | |
const SelectorType Initiator = 4; | |
const SelectorType SuccessFailure = 5; | |
const SelectorType Time = 6; | |
const SelectorType DayOfWeek = 7; | |
// values defined for audit_needed and audit_write are: | |
// InterfaceName: CORBA::RepositoryId | |
// ObjectRef: object reference | |
// Operation: op_name | |
// Initiator: Credentials | |
// SuccessFailure: boolean | |
// Time: utc time on audit_write; time picked up from | |
// environment in audit_needed if required | |
// DayOfWeek: DayOfTheWeek | |
struct SelectorValue { | |
SelectorType selector; | |
any value; | |
}; | |
typedef sequence <SelectorValue> SelectorValueList; | |
// Constant declaration for valid Security Policy Types | |
// General administrative policies | |
const CORBA::PolicyType SecClientInvocationAccess = 1; | |
const CORBA::PolicyType SecTargetInvocationAccess = 2; | |
const CORBA::PolicyType SecApplicationAccess = 3; | |
const CORBA::PolicyType SecClientInvocationAudit = 4; | |
const CORBA::PolicyType SecTargetInvocationAudit = 5; | |
const CORBA::PolicyType SecApplicationAudit = 6; | |
const CORBA::PolicyType SecDelegation = 7; | |
const CORBA::PolicyType SecClientSecureInvocation = 8; | |
const CORBA::PolicyType SecTargetSecureInvocation = 9; | |
const CORBA::PolicyType SecNonRepudiation = 10; | |
// Policies used to control attributes of a binding to a target | |
const CORBA::PolicyType SecMechanismsPolicy = 12; | |
const CORBA::PolicyType SecInvocationCredentialsPolicy = 13; | |
const CORBA::PolicyType SecFeaturePolicy = 14; // obsolete | |
const CORBA::PolicyType SecQOPPolicy = 15; | |
const CORBA::PolicyType SecDelegationDirectivePolicy = 38; | |
const CORBA::PolicyType SecEstablishTrustPolicy = 39; | |
}; | |
#endif /* _SECURITY_IDL_ */ |