geronimo-spec-corba/src/main/idl/Security.idl

#ifndef _SECURITY_IDL_
#define _SECURITY_IDL_

#include <orb.idl>
#include <TimeBase.idl>
#pragma prefix "omg.org"
module Security {
# pragma version Security 1.5
    typedef string SecurityName;
    typedef sequence <octet> Opaque;
    // Constant declarations for Security Service Options
    const CORBA::ServiceOption SecurityLevel1 = 1;
    const CORBA::ServiceOption SecurityLevel2 = 2;
    const CORBA::ServiceOption NonRepudiation = 3;
    const CORBA::ServiceOption SecurityORBServiceReady = 4;
    const CORBA::ServiceOption SecurityServiceReady = 5;
    const CORBA::ServiceOption ReplaceORBServices = 6;
    const CORBA::ServiceOption ReplaceSecurityServices = 7;
    const CORBA::ServiceOption StandardSecureInteroperability = 8;
    const CORBA::ServiceOption DCESecureInteroperability = 9;
    // Service options for Common Secure Interoperability
    const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
    const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
    const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;
    // Security mech types supported for secure association
    const CORBA::ServiceDetailType SecurityMechanismType = 1;
    // privilege types supported in standard access policy
    const CORBA::ServiceDetailType SecurityAttribute = 2;
    // extensible families for standard data types
    struct ExtensibleFamily {
        unsigned short family_definer;
        unsigned short family;
    };
    // security attributes
    typedef unsigned long SecurityAttributeType;
    // other attributes; family = 0
    const SecurityAttributeType AuditId = 1;
    const SecurityAttributeType AccountingId = 2;
    const SecurityAttributeType NonRepudiationId = 3;
    // privilege attributes; family = 1
    const SecurityAttributeType _Public = 1;
    const SecurityAttributeType AccessId = 2;
    const SecurityAttributeType PrimaryGroupId = 3;
    const SecurityAttributeType GroupId = 4;
    const SecurityAttributeType Role = 5;
    const SecurityAttributeType AttributeSet = 6;
    const SecurityAttributeType Clearance = 7;
    const SecurityAttributeType Capability = 8;
    struct AttributeType {
        ExtensibleFamily attribute_family;
        SecurityAttributeType attribute_type;
    };
    typedef sequence<AttributeType> AttributeTypeList;
    struct SecAttribute {
        AttributeType attribute_type;
        Opaque defining_authority;
        Opaque value;
        // the value of this attribute can be
        // interpreted only with knowledge of type
    };
    typedef sequence <SecAttribute> AttributeList;
    // Authentication return status
    enum AuthenticationStatus {
        SecAuthSuccess,
        SecAuthFailure,
        SecAuthContinue,
        SecAuthExpired
    };
    // Association return status
    enum AssociationStatus {
        SecAssocSuccess,
        SecAssocFailure,
        SecAssocContinue
    };
    // Authentication method
    typedef unsigned long AuthenticationMethod;
    typedef sequence<AuthenticationMethod> AuthenticationMethodList;
    // Credential types which can be set as Current default
    enum CredentialType {
        SecInvocationCredentials,
        SecNRCredentials
    };
    enum InvocationCredentialsType {
        SecOwnCredentials,
        SecReceivedCredentials
    };
    // Declarations related to Rights
    struct Right {
        ExtensibleFamily rights_family;
        string right;
    };
    typedef sequence <Right> RightsList;
    enum RightsCombinator {
        SecAllRights,
        SecAnyRight
    };
    // Delegation related
    enum DelegationState {
        SecInitiator,
        SecDelegate
    };
    enum DelegationDirective {
        Delegate,
        NoDelegate
    };
    // pick up from TimeBase
    typedef TimeBase::UtcT UtcT;
    typedef TimeBase::IntervalT IntervalT;
    typedef TimeBase::TimeT TimeT;
    // Security features available on credentials.
    enum SecurityFeature {
        SecNoDelegation,
        SecSimpleDelegation,
        SecCompositeDelegation,
        SecNoProtection,
        SecIntegrity,
        SecConfidentiality,
        SecIntegrityAndConfidentiality,
        SecDetectReplay,
        SecDetectMisordering,
        SecEstablishTrustInTarget,
        SecEstablishTrustInClient
    };
    // Quality of protection which can be specified
    // for an object reference and used to protect messages
    enum QOP {
        SecQOPNoProtection,
        SecQOPIntegrity,
        SecQOPConfidentiality,
        SecQOPIntegrityAndConfidentiality
    };
    // Type of SecurityContext
    enum SecurityContextType {
        SecClientSecurityContext,
        SecServerSecurityContext
    };
    // Operational State of a Security Context
    enum SecurityContextState {
        SecContextInitialized,
        SecContextContinued,
        SecContextClientEstablished,
        SecContextEstablished,
        SecContextEstablishExpired,
        SecContextExpired,
        SecContextInvalid
    };
    // For use with SecurityReplaceable
    struct OpaqueBuffer {
        Opaque buffer;
        unsigned long startpos;
        unsigned long endpos;
        // startpos <= endpos
        // OpaqueBuffer is said to be empty if startpos == endpos
    };
    // Association options which can be administered
    // on secure invocation policy and used to
    // initialize security context
    typedef unsigned short AssociationOptions;
    const AssociationOptions NoProtection = 1;
    const AssociationOptions Integrity = 2;
    const AssociationOptions Confidentiality = 4;
    const AssociationOptions DetectReplay = 8;
    const AssociationOptions DetectMisordering = 16;
    const AssociationOptions EstablishTrustInTarget = 32;
    const AssociationOptions EstablishTrustInClient = 64;
    const AssociationOptions NoDelegation = 128;
    const AssociationOptions SimpleDelegation = 256;
    const AssociationOptions CompositeDelegation = 512;
    const AssociationOptions IdentityAssertion = 1024;
    const AssociationOptions DelegationByClient = 2048;
    //Types Defined for CSIv2
    typedef sequence <octet> OID;
    // An X509CertificateChain contains an ASN.1 BER encoded SEQUENCE [1..MAX]
    // OF X.509 certificates encapsulated in a sequence of octets. The
    // subject’s certificate shall come first in the list. Each following
    // certificate shall directly certify the one preceding it. The ASN.1
    // representation of Certificate is as defined in [IETF RFC 2459].
    typedef sequence <octet> X509CertificateChain;
    // an X.501 type name or Distinguished Name encapsulated in a sequence of
    // octets containing the ASN.1 encoding.
    
    typedef sequence <octet> X501DistinguishedName;
    typedef sequence <octet> UTF8String;
    typedef UTF8String NameValue;
    struct ScopedName {
        Security::NameValue name_scope;
        Security::NameValue name_value;
    };
    // A sequence of octets containing a GSStoken. Initial context tokens are
    // ASN.1 encoded as defined in [IETF RFC 2743] Section 3.1,
    // "Mechanism-Independent token Format", pp. 81-82. Initial context tokens
    // contain an ASN.1 tag followed by a token length, a mechanism identifier,
    // and a mechanism-specific token (i.e. a GSSUP::InitialContextToken). The
    // encoding of all other GSS tokens (e.g.  error tokens and final context
    // tokens) is mechanism dependent.
    typedef sequence <octet> GSSToken;
    // An encoding of a GSS Mechanism-Independent Exported Name Object as
    // defined in [IETF RFC 2743] Section 3.2, "GSS Mechanism-Independent
    // Exported Name Object Format," p. 84.
    typedef sequence <octet> GSS_NT_ExportedName;
    // End types defined for CSIv2 Flag to indicate whether association options
    // being administered are the “required” or “supported” set
    enum RequiresSupports {
        SecRequires,
        SecSupports
    };
    // Direction of communication for which
    // secure invocation policy applies
    enum CommunicationDirection {
        SecDirectionBoth,
        SecDirectionRequest,
        SecDirectionReply
    };
    // security association mechanism type
    typedef string MechanismType;
    typedef sequence<MechanismType> MechanismTypeList;
    struct SecurityMechanismData {
        MechanismType mechanism;
        Opaque security_name;
        AssociationOptions options_supported;
        AssociationOptions options_required;
    };
    typedef sequence<SecurityMechanismData>SecurityMechanismDataList;
    // AssociationOptions-Direction pair
    struct OptionsDirectionPair {
        AssociationOptions options;
        CommunicationDirection direction;
    };
    typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;
    // Delegation mode which can be administered
    enum DelegationMode {
        SecDelModeNoDelegation, // i.e. use own credentials
        SecDelModeSimpleDelegation, // delegate received credentials
        SecDelModeCompositeDelegation // delegate both;
    };
    // Association options supported by a given mech type
    struct MechandOptions {
        MechanismType mechanism_type;
        AssociationOptions options_supported;
    };
    typedef sequence <MechandOptions> MechandOptionsList;
    // Attribute of the SecurityLevel2::EstablishTrustPolicy
    struct EstablishTrust {
        boolean trust_in_client;
        boolean trust_in_target;
    };
    // Audit
    typedef unsigned long AuditChannelId;
    typedef unsigned short EventType;
    const EventType AuditAll = 0;
    const EventType AuditPrincipalAuth = 1;
    const EventType AuditSessionAuth = 2;
    const EventType AuditAuthorization = 3;
    const EventType AuditInvocation = 4;
    const EventType AuditSecEnvChange = 5;
    const EventType AuditPolicyChange = 6;
    const EventType AuditObjectCreation = 7;
    const EventType AuditObjectDestruction = 8;
    const EventType AuditNonRepudiation = 9;
    enum DayOfTheWeek {
        Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday};
    enum AuditCombinator {
        SecAllSelectors,
        SecAnySelector
    };
    struct AuditEventType {
        ExtensibleFamily event_family;
        EventType event_type;
    };
    typedef sequence <AuditEventType> AuditEventTypeList;
    typedef unsigned long SelectorType;
    const SelectorType InterfaceName = 1;
    const SelectorType ObjectRef = 2;
    const SelectorType Operation = 3;
    const SelectorType Initiator = 4;
    const SelectorType SuccessFailure = 5;
    const SelectorType Time = 6;
    const SelectorType DayOfWeek = 7;
    // values defined for audit_needed and audit_write are:
    // InterfaceName: CORBA::RepositoryId
    // ObjectRef: object reference
    // Operation: op_name
    // Initiator: Credentials
    // SuccessFailure: boolean
    // Time: utc time on audit_write; time picked up from
    // environment in audit_needed if required
    // DayOfWeek: DayOfTheWeek
    struct SelectorValue {
        SelectorType selector;
        any value;
    };
    typedef sequence <SelectorValue> SelectorValueList;
    // Constant declaration for valid Security Policy Types
    // General administrative policies
    const CORBA::PolicyType SecClientInvocationAccess = 1;
    const CORBA::PolicyType SecTargetInvocationAccess = 2;
    const CORBA::PolicyType SecApplicationAccess = 3;
    const CORBA::PolicyType SecClientInvocationAudit = 4;
    const CORBA::PolicyType SecTargetInvocationAudit = 5;
    const CORBA::PolicyType SecApplicationAudit = 6;
    const CORBA::PolicyType SecDelegation = 7;
    const CORBA::PolicyType SecClientSecureInvocation = 8;
    const CORBA::PolicyType SecTargetSecureInvocation = 9;
    const CORBA::PolicyType SecNonRepudiation = 10;
    // Policies used to control attributes of a binding to a target
    const CORBA::PolicyType SecMechanismsPolicy = 12;
    const CORBA::PolicyType SecInvocationCredentialsPolicy = 13;
    const CORBA::PolicyType SecFeaturePolicy = 14; // obsolete
    const CORBA::PolicyType SecQOPPolicy = 15;
    const CORBA::PolicyType SecDelegationDirectivePolicy = 38;
    const CORBA::PolicyType SecEstablishTrustPolicy = 39;
};
#endif /* _SECURITY_IDL_ */