Google Git
Sign in
apache / geronimo-specs / refs/heads/1_0 / . / geronimo-spec-corba / src / main / idl / SecurityLevel2.idl
blob: 11e87e1de5abc5cefb06a1cf14da6beb988bb7f9 [file] [log] [blame]
// $Id: SecurityLevel2.idl,v 1.2 2001/09/22 14:51:13 jso Exp $
#ifndef _SECURITY_LEVEL_2_IDL
#define _SECURITY_LEVEL_2_IDL
#pragma prefix "omg.org"
#include <SecurityLevel1.idl>
module SecurityLevel2
{
// Forward declaration of interfaces
interface PrincipalAuthenticator;
interface Credentials;
interface Current;
interface PrincipalAuthenticator
{
Security::AuthenticationMethodList get_supported_authen_methods(
in Security::MechanismType mechanism
);
Security::AuthenticationStatus authenticate (
in Security::AuthenticationMethod method,
in Security::MechanismType mechanism,
in Security::SecurityName security_name,
in Security::Opaque auth_data,
in Security::AttributeList privileges,
out Credentials creds,
out Security::Opaque continuation_data,
out Security::Opaque auth_specific_data
);
Security::AuthenticationStatus continue_authentication (
in Security::Opaque response_data,
in Credentials creds,
out Security::Opaque continuation_data,
out Security::Opaque auth_specific_data
);
};
interface Credentials
{
Credentials copy ();
void destroy();
readonly attribute Security::InvocationCredentialsType credentials_type;
readonly attribute Security::AuthenticationStatus authentication_state;
readonly attribute Security::MechanismType mechanism;
attribute Security::AssociationOptions accepting_options_supported;
attribute Security::AssociationOptions accepting_options_required;
attribute Security::AssociationOptions invocation_options_supported;
attribute Security::AssociationOptions invocation_options_required;
boolean get_security_feature(
in Security::CommunicationDirection direction,
in Security::SecurityFeature feature
);
boolean set_privileges (
in boolean force_commit,
in Security::AttributeList requested_privileges,
out Security::AttributeList actual_privileges
);
Security::AttributeList get_attributes (in Security::AttributeTypeList attributes);
boolean is_valid (
out Security::UtcT expiry_time
);
boolean refresh(
in Security::Opaque refresh_data
);
};
typedef sequence <Credentials> CredentialsList;
interface ReceivedCredentials : Credentials
{
readonly attribute Credentials accepting_credentials;
readonly attribute Security::AssociationOptions association_options_used;
readonly attribute Security::DelegationState delegation_state;
readonly attribute Security::DelegationMode delegation_mode;
};
// RequiredRights Interface
interface RequiredRights
{
void get_required_rights(
in Object obj,
in CORBA::Identifier operation_name,
in CORBA::RepositoryId interface_name,
out Security::RightsList rights,
out Security::RightsCombinator rights_combinator
);
void set_required_rights(
in CORBA::Identifier operation_name,
in CORBA::RepositoryId interface_name,
in Security::RightsList rights,
in Security::RightsCombinator rights_combinator
);
};
// interface audit channel
interface AuditChannel
{
void audit_write (
in Security::AuditEventType event_type,
in CredentialsList creds,
in Security::UtcT time,
in Security::SelectorValueList descriptors,
in Security::Opaque event_specific_data
);
readonly attribute Security::AuditChannelId audit_channel_id;
};
// interface for Audit Decision
interface AuditDecision
{
boolean audit_needed (
in Security::AuditEventType event_type,
in Security::SelectorValueList value_list
);
readonly attribute AuditChannel audit_channel;
};
interface AccessDecision
{
boolean access_allowed (
in SecurityLevel2::CredentialsList cred_list,
in Object target,
in CORBA::Identifier operation_name,
in CORBA::Identifier target_interface_name
);
};
// Policy interfaces to control bindings
interface QOPPolicy : CORBA::Policy
{
readonly attribute Security::QOP qop;
};
interface MechanismPolicy : CORBA::Policy
{
readonly attribute Security::MechanismTypeList mechanisms;
};
interface InvocationCredentialsPolicy : CORBA::Policy
{
readonly attribute CredentialsList creds;
};
interface EstablishTrustPolicy : CORBA::Policy
{
readonly attribute Security::EstablishTrust trust;
};
interface DelegationDirectivePolicy : CORBA::Policy
{
readonly attribute Security::DelegationDirective delegation_directive;
};
enum DelegationMode { Delegate, NoDelegate };
// Interface Current derived from SecurityLevel1::Current providing
// additional operations on Current at this security level.
// This is implemented by the ORB
interface Current : SecurityLevel1::Current
{
// Thread specific
readonly attribute ReceivedCredentials received_credentials;
void set_credentials (
in Security::CredentialType cred_type,
in CredentialsList creds,
in DelegationMode del
);
CredentialsList get_credentials (
in Security::CredentialType cred_type
);
CORBA::Policy get_policy (
in CORBA::PolicyType policy_type
);
void remove_own_credentials(
in Credentials credentials
);
// Process/Capsule/ORB Instance specific operations
readonly attribute Security::MechandOptionsList supported_mechanisms;
readonly attribute CredentialsList own_credentials;
readonly attribute RequiredRights required_rights_object;
readonly attribute PrincipalAuthenticator principal_authenticator;
readonly attribute AccessDecision access_decision;
readonly attribute AuditDecision audit_decision;
// Security mechanism data for a given target
Security::SecurityMechanismDataList get_security_mechanisms (
in Object obj_ref
);
// Factory operations for local policies controlling bindings
QOPPolicy create_qop_policy(
in Security::QOP qop
);
MechanismPolicy create_mechanism_policy(
in Security::MechanismTypeList mechanisms
);
InvocationCredentialsPolicy create_invoc_creds_policy(
in CredentialsList creds
);
};
};
#endif /* _SECURITY_LEVEL_2_IDL */