// $Id: SecurityLevel2.idl,v 1.2 2001/09/22 14:51:13 jso Exp $ | |
#ifndef _SECURITY_LEVEL_2_IDL | |
#define _SECURITY_LEVEL_2_IDL | |
#pragma prefix "omg.org" | |
#include <SecurityLevel1.idl> | |
module SecurityLevel2 | |
{ | |
// Forward declaration of interfaces | |
interface PrincipalAuthenticator; | |
interface Credentials; | |
interface Current; | |
interface PrincipalAuthenticator | |
{ | |
Security::AuthenticationMethodList get_supported_authen_methods( | |
in Security::MechanismType mechanism | |
); | |
Security::AuthenticationStatus authenticate ( | |
in Security::AuthenticationMethod method, | |
in Security::MechanismType mechanism, | |
in Security::SecurityName security_name, | |
in Security::Opaque auth_data, | |
in Security::AttributeList privileges, | |
out Credentials creds, | |
out Security::Opaque continuation_data, | |
out Security::Opaque auth_specific_data | |
); | |
Security::AuthenticationStatus continue_authentication ( | |
in Security::Opaque response_data, | |
in Credentials creds, | |
out Security::Opaque continuation_data, | |
out Security::Opaque auth_specific_data | |
); | |
}; | |
interface Credentials | |
{ | |
Credentials copy (); | |
void destroy(); | |
readonly attribute Security::InvocationCredentialsType credentials_type; | |
readonly attribute Security::AuthenticationStatus authentication_state; | |
readonly attribute Security::MechanismType mechanism; | |
attribute Security::AssociationOptions accepting_options_supported; | |
attribute Security::AssociationOptions accepting_options_required; | |
attribute Security::AssociationOptions invocation_options_supported; | |
attribute Security::AssociationOptions invocation_options_required; | |
boolean get_security_feature( | |
in Security::CommunicationDirection direction, | |
in Security::SecurityFeature feature | |
); | |
boolean set_privileges ( | |
in boolean force_commit, | |
in Security::AttributeList requested_privileges, | |
out Security::AttributeList actual_privileges | |
); | |
Security::AttributeList get_attributes (in Security::AttributeTypeList attributes); | |
boolean is_valid ( | |
out Security::UtcT expiry_time | |
); | |
boolean refresh( | |
in Security::Opaque refresh_data | |
); | |
}; | |
typedef sequence <Credentials> CredentialsList; | |
interface ReceivedCredentials : Credentials | |
{ | |
readonly attribute Credentials accepting_credentials; | |
readonly attribute Security::AssociationOptions association_options_used; | |
readonly attribute Security::DelegationState delegation_state; | |
readonly attribute Security::DelegationMode delegation_mode; | |
}; | |
// RequiredRights Interface | |
interface RequiredRights | |
{ | |
void get_required_rights( | |
in Object obj, | |
in CORBA::Identifier operation_name, | |
in CORBA::RepositoryId interface_name, | |
out Security::RightsList rights, | |
out Security::RightsCombinator rights_combinator | |
); | |
void set_required_rights( | |
in CORBA::Identifier operation_name, | |
in CORBA::RepositoryId interface_name, | |
in Security::RightsList rights, | |
in Security::RightsCombinator rights_combinator | |
); | |
}; | |
// interface audit channel | |
interface AuditChannel | |
{ | |
void audit_write ( | |
in Security::AuditEventType event_type, | |
in CredentialsList creds, | |
in Security::UtcT time, | |
in Security::SelectorValueList descriptors, | |
in Security::Opaque event_specific_data | |
); | |
readonly attribute Security::AuditChannelId audit_channel_id; | |
}; | |
// interface for Audit Decision | |
interface AuditDecision | |
{ | |
boolean audit_needed ( | |
in Security::AuditEventType event_type, | |
in Security::SelectorValueList value_list | |
); | |
readonly attribute AuditChannel audit_channel; | |
}; | |
interface AccessDecision | |
{ | |
boolean access_allowed ( | |
in SecurityLevel2::CredentialsList cred_list, | |
in Object target, | |
in CORBA::Identifier operation_name, | |
in CORBA::Identifier target_interface_name | |
); | |
}; | |
// Policy interfaces to control bindings | |
interface QOPPolicy : CORBA::Policy | |
{ | |
readonly attribute Security::QOP qop; | |
}; | |
interface MechanismPolicy : CORBA::Policy | |
{ | |
readonly attribute Security::MechanismTypeList mechanisms; | |
}; | |
interface InvocationCredentialsPolicy : CORBA::Policy | |
{ | |
readonly attribute CredentialsList creds; | |
}; | |
interface EstablishTrustPolicy : CORBA::Policy | |
{ | |
readonly attribute Security::EstablishTrust trust; | |
}; | |
interface DelegationDirectivePolicy : CORBA::Policy | |
{ | |
readonly attribute Security::DelegationDirective delegation_directive; | |
}; | |
enum DelegationMode { Delegate, NoDelegate }; | |
// Interface Current derived from SecurityLevel1::Current providing | |
// additional operations on Current at this security level. | |
// This is implemented by the ORB | |
interface Current : SecurityLevel1::Current | |
{ | |
// Thread specific | |
readonly attribute ReceivedCredentials received_credentials; | |
void set_credentials ( | |
in Security::CredentialType cred_type, | |
in CredentialsList creds, | |
in DelegationMode del | |
); | |
CredentialsList get_credentials ( | |
in Security::CredentialType cred_type | |
); | |
CORBA::Policy get_policy ( | |
in CORBA::PolicyType policy_type | |
); | |
void remove_own_credentials( | |
in Credentials credentials | |
); | |
// Process/Capsule/ORB Instance specific operations | |
readonly attribute Security::MechandOptionsList supported_mechanisms; | |
readonly attribute CredentialsList own_credentials; | |
readonly attribute RequiredRights required_rights_object; | |
readonly attribute PrincipalAuthenticator principal_authenticator; | |
readonly attribute AccessDecision access_decision; | |
readonly attribute AuditDecision audit_decision; | |
// Security mechanism data for a given target | |
Security::SecurityMechanismDataList get_security_mechanisms ( | |
in Object obj_ref | |
); | |
// Factory operations for local policies controlling bindings | |
QOPPolicy create_qop_policy( | |
in Security::QOP qop | |
); | |
MechanismPolicy create_mechanism_policy( | |
in Security::MechanismTypeList mechanisms | |
); | |
InvocationCredentialsPolicy create_invoc_creds_policy( | |
in CredentialsList creds | |
); | |
}; | |
}; | |
#endif /* _SECURITY_LEVEL_2_IDL */ |