cim_identity.mof

Pegasus is an open-source implementationof the DMTF CIM and WBEM standards. It is designed to be por

// Copyright (c) 2005 DMTF.  All rights reserved.
// ==================================================================
//  CIM_Identity
// ==================================================================
   [Version ( "2.8.0" ), Description (
       "An instance of an Identity represents a ManagedElement that "
       "acts as a security principal within the scope in which it is "
       "defined and authenticated. (Note that the Identity's scope is "
       "specified using the association, CIM_IdentityContext.) "
       "ManagedElements with Identities can be OrganizationalEntities, "
       "Services, Systems, etc. The ManagedElement 'behind' an "
       "Identity is described using the AssignedIdentity association. "
       "\n\n"
       "Within a given security context, an Identity may be imparted a "
       "level of trust, usually based on its credentials. A trust "
       "level is defined using the CIM_SecuritySensitivity class, and "
       "associated with Identity using CIM_ElementSecuritySensitivity. "
       "Whether an Identity is currently authenticated is evaluated by "
       "checking the CurrentlyAuthenticated boolean property. This "
       "property is set and cleared by the security infrastructure, "
       "and should only be readable within the management "
       "infrastructure. The conditions which must be met/authenticated "
       "in order for an Identity's CurrentlyAuthenticated Boolean to "
       "be TRUE are defined using a subclass of PolicyCondition - "
       "AuthenticationCondition. The inheritance tree for "
       "AuthenticationCondition is defined in the CIM Policy Model. \n"
       "\n"
       "Subclasses of Identity may include specific information "
       "related to a given AuthenticationService or authority (such as "
       "a security token or computer hardware port/communication "
       "details) that more specifically determine the authenticity of "
       "the Identity. An instance of Identity may be persisted even "
       "though it is not CurrentlyAuthenticated, in order to maintain "
       "static relationships to Roles, associations to accounting "
       "information, and policy data defining authentication "
       "requirements. Note however, when an Identity is not "
       "authenticated (CurrentlyAuthenticated = FALSE), then "
       "Privileges or rights SHOULD NOT be authorized. The lifetime, "
       "validity, and propagation of the Identity is dependent on a "
       "security infrastructure's policies.")]
class CIM_Identity : CIM_ManagedElement {

      [Key, Description (
          "Within the scope of the instantiating Namespace, InstanceID "
          "opaquely and uniquely identifies an instance of this class. "
          "In order to ensure uniqueness within the NameSpace, the "
          "value of InstanceID SHOULD be constructed using the "
          "following 'preferred' algorithm: \n"
          "<OrgID>:<LocalID> \n"
          "Where <OrgID> and <LocalID> are separated by a colon ':', "
          "and where <OrgID> MUST include a copyrighted, trademarked "
          "or otherwise unique name that is owned by the business "
          "entity creating/defining the InstanceID, or is a registered "
          "ID that is assigned to the business entity by a recognized "
          "global authority. (This is similar to the <Schema "
          "Name>_<Class Name> structure of Schema class names.) In "
          "addition, to ensure uniqueness <OrgID> MUST NOT contain a "
          "colon (':'). When using this algorithm, the first colon to "
          "appear in InstanceID MUST appear between <OrgID> and "
          "<LocalID>. \n"
          "<LocalID> is chosen by the business entity and SHOULD not "
          "be re-used to identify different underlying (real-world) "
          "elements. If the above 'preferred' algorithm is not used, "
          "the defining entity MUST assure that the resultant "
          "InstanceID is not re-used across any InstanceIDs produced "
          "by this or other providers for this instance's NameSpace. \n"
          "For DMTF defined instances, the 'preferred' algorithm MUST "
          "be used with the <OrgID> set to 'CIM'.")]
   string InstanceID;

      [Description (
          "Boolean indicating whether this Identity has been "
          "authenticated, and is currently known within the scope of "
          "an AuthenticationService or authority. By default, "
          "authenticity SHOULD NOT be assumed. This property is set "
          "and cleared by the security infrastructure, and should only "
          "be readable within the management infrastructure. Note that "
          "its value, alone, may not be sufficient to determine "
          "authentication/ authorization, in that properties of an "
          "Identity subclass (such as a security token or computer "
          "hardware port/ communication details) may be required by "
          "the security infrastructure.")]
   boolean CurrentlyAuthenticated = FALSE;
};