Google Git
Sign in
apache / geronimo-yoko / fecb90d58274bf549b360f4ae836a9b9a9655277 / . / yoko-spec-corba / src / main / idl / Security.idl
blob: c2e5489d7d74af7bba8c8d6b57ee46cf942e2549 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
//Security Service, v1.8 - OMG IDL Summary File
//Object Management Group, Inc.
//
//Copyright 1995, AT&T Global Information Solutions Company
//Copyright 1995, Digital Equipment Corporation
//Copyright 1995, Expersoft Corporation
//Copyright 1995, Groupe Bull
//Copyright 1995, Hewlett-Packard Company
//Copyright 1995, IBM (in collaboration with Taligent, Inc.)
//Copyright 1995, International Computers Limited
//Copyright 2000, Object Management Group, Inc.
//Copyright 1995, Netscape Communications Corporation
//Copyright 1997, Northern Telecom Limited
//Copyright 1995, Novell, Inc.
//Copyright 1995, Siemens Nixdorf Informationssysteme AG
//Copyright 1995, 1997, SunSoft, Inc.
//Copyright 1995, Tandem Computer, Inc. (in collaboration with Odyssey Research Assoc, Inc.)
//Copyright 1995, Tivoli Systems, Inc.
//Copyright 1997, Visigenic Software, Inc.
//
//The companies listed above have granted to the Object Management Group, Inc.
//(OMG) a nonexclusive, royalty-free, paid up, worldwide license to copy and
//distribute this document and to modify this document and distribute copies of
//the modified version. Each of the copyright holders listed above has agreed
//that no person shall be deemed to have infringed the copyright in the included
//material of any such copyright holder by reason of having used the
//specification set forth herein or having conformed any computer software to
//the specification.
//
//This file contains OMG IDL from the Security Service, v1.8 specification.
//OMG regularly publishes a summary file that contains all the "code" parts of
//an OMG formal document. Every formal document line that is IDL, PIDL, or
//language code is included in the summary file. The reason for such a listing
//is to give readers an electronic version of the "code" so that they can
//extract pieces of it. Readers might want to test an example, include it in
//their own code, or use it for documentation purposes. Having the code lines
//available electronically means there is less likelihood of a transcription
//error.
//
//This subsection defines the OMG IDL for security data types common to the
//other security modules, which is the module Security. The Security module
//depends on the TimeBase module and the CORBA module.
#ifndef _SECURITY_IDL_
#define _SECURITY_IDL_
#include "geronimo-orb.idl"
#include "TimeBase.idl"
#pragma prefix "omg.org"
module Security {
# pragma version Security 1.8
typedef string SecurityName;
typedef sequence <octet> Opaque;
// Constant declarations for Security Service Options
const CORBA::ServiceOption SecurityLevel1 = 1;
const CORBA::ServiceOption SecurityLevel2 = 2;
const CORBA::ServiceOption NonRepudiation = 3;
const CORBA::ServiceOption SecurityORBServiceReady = 4;
const CORBA::ServiceOption SecurityServiceReady = 5;
const CORBA::ServiceOption ReplaceORBServices = 6;
const CORBA::ServiceOption ReplaceSecurityServices = 7;
const CORBA::ServiceOption StandardSecureInteroperability = 8;
const CORBA::ServiceOption DCESecureInteroperability = 9;
// Service options for Common Secure Interoperability
const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;
// Security mech types supported for secure association
const CORBA::ServiceDetailType SecurityMechanismType = 1;
// privilege types supported in standard access policy
const CORBA::ServiceDetailType SecurityAttribute = 2;
// extensible families for standard data types
struct ExtensibleFamily {
unsigned short family_definer;
unsigned short family;
};
typedef sequence<octet> OID;
typedef sequence<OID> OIDList;
// security attributes
typedef unsigned long SecurityAttributeType;
// other attributes; family = 0
const SecurityAttributeType AuditId = 1;
const SecurityAttributeType AccountingId = 2;
const SecurityAttributeType NonRepudiationId = 3;
// privilege attributes; family = 1
const SecurityAttributeType _Public = 1;
const SecurityAttributeType AccessId = 2;
const SecurityAttributeType PrimaryGroupId = 3;
const SecurityAttributeType GroupId = 4;
const SecurityAttributeType Role = 5;
const SecurityAttributeType AttributeSet = 6;
const SecurityAttributeType Clearance = 7;
const SecurityAttributeType Capability = 8;
struct AttributeType {
ExtensibleFamily attribute_family;
SecurityAttributeType attribute_type;
};
typedef sequence<AttributeType> AttributeTypeList;
struct SecAttribute {
AttributeType attribute_type;
OID defining_authority;
Opaque value;
// the value of this attribute can be
// decoded only with knowledge of defining_authority
};
typedef sequence <SecAttribute> AttributeList;
// Authentication return status
enum AuthenticationStatus {
SecAuthSuccess,
SecAuthFailure,
SecAuthContinue,
SecAuthExpired
};
// Association return status
enum AssociationStatus {
SecAssocSuccess,
SecAssocFailure,
SecAssocContinue
};
// Authentication method
typedef unsigned long AuthenticationMethod;
typedef sequence<AuthenticationMethod> AuthenticationMethodList;
// Credential types
enum InvocationCredentialsType {
SecOwnCredentials,
SecReceivedCredentials,
SecTargetCredentials
};
// Declarations related to Rights
struct Right {
ExtensibleFamily rights_family;
string the_right;
};
typedef sequence <Right> RightsList;
enum RightsCombinator {
SecAllRights,
SecAnyRight
};
// Delegation related
enum DelegationState {
SecInitiator,
SecDelegate
};
enum DelegationDirective {
Delegate,
NoDelegate
};
// pick up from TimeBase
typedef TimeBase::UtcT UtcT;
typedef TimeBase::IntervalT IntervalT;
typedef TimeBase::TimeT TimeT;
// Security features available on credentials.
enum SecurityFeature {
SecNoDelegation,
SecSimpleDelegation,
SecCompositeDelegation,
SecNoProtection,
SecIntegrity,
SecConfidentiality,
SecIntegrityAndConfidentiality,
SecDetectReplay,
SecDetectMisordering,
SecEstablishTrustInTarget,
SecEstablishTrustInClient
};
// Quality of protection which can be specified
// for an object reference and used to protect messages
enum QOP {
SecQOPNoProtection,
SecQOPIntegrity,
SecQOPConfidentiality,
SecQOPIntegrityAndConfidentiality
};
// Type of SecurityContext
enum SecurityContextType {
SecClientSecurityContext,
SecServerSecurityContext
};
// Operational State of a Security Context
enum SecurityContextState {
SecContextInitialized,
SecContextContinued,
SecContextClientEstablished,
SecContextEstablished,
SecContextEstablishExpired,
SecContextExpired,
SecContextInvalid
};
struct ChannelBindings {
unsigned long initiator_addrtype;
sequence<octet> initiator_address;
unsigned long acceptor_addrtype;
sequence<octet> acceptor_address;
sequence<octet> application_data;
};
// For use with SecurityReplaceable
struct OpaqueBuffer {
Opaque buffer;
unsigned long startpos;
unsigned long endpos;
// startpos <= endpos
// OpaqueBuffer is said to be empty if startpos == endpos
};
// Association options which can be administered
// on secure invocation policy and used to
// initialize security context
typedef unsigned short AssociationOptions;
const AssociationOptions NoProtection = 1;
const AssociationOptions Integrity = 2;
const AssociationOptions Confidentiality = 4;
const AssociationOptions DetectReplay = 8;
const AssociationOptions DetectMisordering = 16;
const AssociationOptions EstablishTrustInTarget = 32;
const AssociationOptions EstablishTrustInClient = 64;
const AssociationOptions NoDelegation = 128;
const AssociationOptions SimpleDelegation = 256;
const AssociationOptions CompositeDelegation = 512;
// Flag to indicate whether association options being
// administered are the "required" or "supported" set
enum RequiresSupports {
SecRequires,
SecSupports
};
// Direction of communication for which
// secure invocation policy applies
enum CommunicationDirection {
SecDirectionBoth,
SecDirectionRequest,
SecDirectionReply
};
// security association mechanism type
typedef string MechanismType;
typedef sequence<MechanismType> MechanismTypeList;
// AssociationOptions-Direction pair
struct OptionsDirectionPair {
AssociationOptions options;
CommunicationDirection direction;
};
typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;
// Delegation mode which can be administered
enum DelegationMode {
SecDelModeNoDelegation, // i.e. use own credentials
SecDelModeSimpleDelegation, // delegate received credentials
SecDelModeCompositeDelegation // delegate both;
};
// Association options supported by a given mech type
struct MechandOptions {
MechanismType mechanism_type;
AssociationOptions options_supported;
};
typedef sequence <MechandOptions> MechandOptionsList;
// Attribute of the SecurityLevel2::EstablishTrustPolicy
struct EstablishTrust {
boolean trust_in_client;
boolean trust_in_target;
};
// Audit
typedef unsigned long AuditChannelId;
typedef unsigned short EventType;
const EventType AuditAll = 0;
const EventType AuditPrincipalAuth = 1;
const EventType AuditSessionAuth = 2;
const EventType AuditAuthorization = 3;
const EventType AuditInvocation = 4;
const EventType AuditSecEnvChange = 5;
const EventType AuditPolicyChange = 6;
const EventType AuditObjectCreation = 7;
const EventType AuditObjectDestruction = 8;
const EventType AuditNonRepudiation = 9;
enum DayOfTheWeek {
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
};
enum AuditCombinator {
SecAllSelectors,
SecAnySelector
};
struct AuditEventType {
ExtensibleFamily event_family;
EventType event_type;
};
typedef sequence <AuditEventType> AuditEventTypeList;
typedef unsigned long SelectorType;
const SelectorType InterfaceName = 1;
const SelectorType ObjectRef = 2;
const SelectorType Operation = 3;
const SelectorType Initiator = 4;
const SelectorType SuccessFailure = 5;
const SelectorType Time = 6;
const SelectorType DayOfWeek = 7;
// values defined for audit_needed and audit_write are:
// InterfaceName: CORBA::RepositoryId
// ObjectRef: object reference
// Operation: op_name
// Initiator: Credentials
// SuccessFailure: boolean
// Time: utc time on audit_write; time picked up from
// environment in audit_needed if required
// DayOfWeek: DayOfTheWeek
struct SelectorValue {
SelectorType selector;
any value;
};
typedef sequence <SelectorValue> SelectorValueList;
// Constant declaration for valid Security Policy Types
// General administrative policies
const CORBA::PolicyType SecClientInvocationAccess = 1;
const CORBA::PolicyType SecTargetInvocationAccess = 2;
const CORBA::PolicyType SecApplicationAccess = 3;
const CORBA::PolicyType SecClientInvocationAudit = 4;
const CORBA::PolicyType SecTargetInvocationAudit = 5;
const CORBA::PolicyType SecApplicationAudit = 6;
const CORBA::PolicyType SecDelegation = 7;
const CORBA::PolicyType SecClientSecureInvocation = 8;
const CORBA::PolicyType SecTargetSecureInvocation = 9;
const CORBA::PolicyType SecNonRepudiation = 10;
// Policies used to control attributes of a binding to a target
const CORBA::PolicyType SecMechanismsPolicy = 12;
const CORBA::PolicyType SecInvocationCredentialsPolicy = 13;
const CORBA::PolicyType SecFeaturePolicy = 14; // obsolete
const CORBA::PolicyType SecQOPPolicy = 15;
const CORBA::PolicyType SecDelegationDirectivePolicy = 38;
const CORBA::PolicyType SecEstablishTrustPolicy = 39;
};
#endif /* _SECURITY_IDL_ */