sl3pm.idl

MICO2.3.13 corba 环境平台

//tabstop=4
//***********************************************************************
// ORBAsec SL3                                                     
// ----------------------------------------------------------------------
// Copyright (C) 2001 Adiron, LLC.                                 
//                    All rights reserved.                         
// ----------------------------------------------------------------------
// $Id$
//***********************************************************************
//
// Marked modifications Copyright (C) 2002, 2003 ObjectSecurity Ltd.
//
#ifndef _SL3PM_IDL_
#define _SL3PM_IDL_

#pragma prefix "adiron.com"

module SL3PM {
    // The SL3PM module contains common SL3 data structure
    // definitions. These definitions were moved here from
    // SecurityLevel3 module, since they are also used in the
    // TransportSecurity module.
    //
    // The major part of this module are Principals related
    // definitions which closely resemble the Principal Calculus as
    // described in [Abadi]

    //-------------------------------------------------------------
    //  Security Level 3 Data Representations
    //
    //-------------------------------------------------------------
    
    //
    // A Principal Name
    //   A principal name always has a type, and a path of
    //   name components. They are ordered from least significant
    //   to most significant. For example, if a principal is represented
    //   by a single X.509 certificate, the first element in the path
    //   is the SubjectDN, and the second is the IssuerDN.
    //
    /**
     * A NameType is used for typing a PrincipalName data structure.
     * A NameType is a string that represents an ASN.1 
     * OBJECT IDENTIFIER. Its representation is usually of the form
     * "oid:1.2.3.4". Other forms may be possible. It is used 
     * for encoding name type identifiers, which are ASN.1 DER encoded
     * OBJECT IDENTIFIERs, in the CSI protocol.
     * @see NameComponent
     * @see NamePath
     * @see NameValue
     * @see PrincipalName
     */
    typedef string                  NameType;

    /**
     * A NameComponent is an ordered component of a NamePath. The
     * least significant component is always the first component.
     * It is the type of a wstring to handle international character
     * values.
     * @see NameType
     * @see NamePath
     * @see NameValue
     * @see PrincipalName
     */    
    typedef wstring                 NameComponent;
    
    /**
     * A NamePath is an ordered collection of NameComponents, ordered
     * from the least significant to most significant. For example,
     * an identity that is defined by a certificate that has a 
     * SubjectDN of "C=US,CN=Joe,O=Adiron" and an IssuerDN of
     * "C=US,CN=AdironCA,O=Adiron" will have the following 
     * name components:
     * <pre>
     *  NameComponent[0] = "C=US,CN=Joe,O=Adiron"
     *  NameComponent[1] = "C=US,CN=AdironCA,O=Adiron"
     * </pre>
     * @see NameType
     * @see NameComponent
     * @see NameValue
     * @see PrincipalName
     */
    typedef sequence<NameComponent> NamePath;
    
    /**
     * A NameValue is the value component of a PrincipalName,
     * which is a "type-value" pair. It is defined as a NamePath.
     * @see NameType
     * @see NameComponent
     * @see NamePath
     * @see PrincipalName
     */
    typedef NamePath                NameValue;
    
    /**
     * A PrincipalName is a "type-value" structure. The type directs
     * what the encoding and format of the components in the the
     * value component are. For example, a type of "X509DirectoryPath"
     * means that the value contains the DNs of the subject and
     * subsequent issuers.
     * @see NameType
     * @see NameComponent
     * @see NamePath
     * @see NameValue
     */
    struct PrincipalName {
        NameType          the_type;
        NameValue         the_name;
    };
    
    /**
     * A list of PrincipalNames.
     * @see PrincipalName
     */
    typedef sequence<PrincipalName> PrincipalNameList;
    
    
    //
    // Attributes for privileges and other things. They are type value pairs.
    //
    
    /**
     * A PrinAttribute is a "type-value" pair, usually attributed to
     * a Principal by some means, such as values stored in its certificate
     * or environmental concerns, such as the channel the principal was
     * authenticated over.
     * <p>
     * The type of a PrinAttribute is represented by a string.
     * <p>
     * Privilege Attribute Types, that might come from X.509 certificates
     * might be represented by OIDs. OIDs are represented as:
     * <pre>
     *   oid:n1.n2.n3.n4.n5.n6.... 
     *             for an OID where ni are non-negative integers.
     * </pre>
     * These OIDs are meant to be used to direct the "type-value" encoding
     * of a GSS-API ExportName, which uses an OID as a type that directs
     * the encoding of the value.
     * <p>
     * Example Environmental Attribute Types
     * <p><pre>
     *   SL3:ChannelIdentifier
     *   SL3:LocalAddress
     *   SL3:LocalPort
     *   SL3:TransportMechanism
     *   SL3:TLSCipherSuite
     * </pre>
     * @see PrinAttribute
     */
    typedef string PrinAttributeType;
    
    /**
     * A PrinAttributeValue is a wide character string that encodes
     * or decodes the value of an attribute. An attempt is always
     * meant to represent an attribute's value in a human readable
     * string form. If the value cannot be decoded this way, and its
     * native form is binary, then it is represented in a Hex encoding
     * of the binary form.
     * @see PrinAttribute
     */
    typedef wstring PrinAttributeValue;
    
    /**
     * A PrinAttribute is a "type-value" pair, usually attributed to
     * a Principal by some means, such as values stored in its certificate
     * or environmental concerns, such as the channel the principal was
     * authenticated over.
     * @see PrinAttribute
     */
    struct PrinAttribute {
        PrinAttributeType   the_type; 
        PrinAttributeValue  the_value;
    };
    
    /**
     * A list of PrinAttributes.
     * @see PrinAttribute
     */
    typedef sequence<PrinAttribute> PrinAttributeList;
    
    /**
     * A ResourceName is the constructed name of a "resource". A 
     * ResourceName is closely modeled after CORBAmed's Resource
     * Access Decision (RAD) facility's "Resource". It contains
     * a sequence of strings.
     */
    struct ResourceName {
        sequence<string>  components;
    };
    
    /** 
     * A List of Resource Names.
     * @See ResourceName
     */
    typedef sequence<ResourceName> ResourceNameList;
    
    
    //
    // NameTypes used in SL3
    //
    
    /**
     * An NT_KerberosName is a NameType that signifies that the
     * value of a PrincipalName is a Kerberos formated name. 
     * A KerberosName is a single string encoded in the
     * familiar "name@REALM" format.
     * <p>
     * From GSS-Kerboeros RFC 1964:
     * <p>
     * 2.1.1. Kerberos Principal Name Form
     * <p>
     * This name form shall be represented by the Object Identifier {iso(1)
     * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
     * krb5(2) krb5_name(1)}.
     */
    const NameType NT_KerberosName = "oid:1.2.840.113554.1.2.2.1";

    /**
     * An NT_X509DirectoryNamePath is a NameType that signifies that
     * the value of a PrincipalName is constructed from a chain
     * of certificates, such that the end entity is the least 
     * significant position, with the subsequent issuers following
     * in order of signature.
     * <p>
     * The coding of the names is the string encoding of
     * complete X.500 DN's, such as "C=US, CN=Joe, O=Adiron".
     * There is no indication whether the last DN in the path is a 
     * "root", i.e. it's issuer is the same.
     */
    const NameType NT_X509DirectoryNamePath = "SL3:X509DirectoryPathName";
    
    /**
     * The NT_Anonymous is a name type that specifies that the 
     * PrincipalName is representing the "anonymous" principal.
     * Its value always as a single name component of "anonymous"
     */
    const NameType NT_Anonymous = "SL3:anonymous";

    /**
     * The NT_StringName is a NameType that specifies that the
     * PrincipalName is represented by a single NameComponent
     * of name in a "scoped" name space. The name and scope
     * are separated by a single "@" character. The escape character
     * is "\". This string name as we call it is the same form
     * used for the GSSUP (GSS-UserPassword NameType). This
     * oid is the OID defined by the OMG CSIv2 specification. It
     * is the value defined by the CSI::GSS_NT_Scoped_Username_OID
     * constant.
     */
    const NameType NT_StringName = "oid:2.23.130.1.2.1";

    //
    // Privileges
    //

    /**
     * A ScopedPrivileges structure represents privileges that
     * belong to a scope defined by a principal. This structure 
     * is used to represent a principal that is a privilege authority
     * that issues privileges. Privileges are represented as 
     * PrinAttributes.
     */
    struct ScopedPrivileges {
        PrincipalName         privilege_authority;
        PrinAttributeList     privileges;
    };
    
    /**
     * A list of ScopedPrivileges
     * @see ScopedPrivileges
     */
    typedef sequence<ScopedPrivileges> ScopedPrivilegesList;
    
    //
    // Principals
    //
    
    /**
     * A Principal comes in three forms, which correspond to the 
     * Principal Calculus. The forms are "Simple", "Quoting", and 
     * "Proxy". Simple is a principal that represents a single
     * entity, usually "speaking for" itself. A "Quoting" principal
     * is a "compound" principal that says that one principal is
     * speaking on behalf of another, usually denoted by "(A|B)", i.e.
     * "A is quoting B", which means that "A is speaking on behalf of B".
     * A "Proxy" principal is almost the same as a "Quoting" principal.
     * However, the security service has determined that enough evidence
     * exists that proves that Principal A is authorized to speak in
     * B's behalf. This principal is denoted in the calculus as "(A for B)"
     * in contrast to the quoting principal "(A|B)".
     */
    typedef unsigned long PrincipalType;
    
    /**
     * The Simple Principal Type (A)
     * @see PrincipalType
     */
    const PrincipalType PT_Simple  = 0; // A,        valuetype SimplePrincipal
    /**
     * The Quoting Principal Type (A|B)
     * @see PrincipalType
     */
    const PrincipalType PT_Quoting = 1; // B | A,    valuetype QuotingPrincipal
    /**
     * The Proxy Principal Type (A for B)
     * @see PrincipalType
     */
    const PrincipalType PT_Proxy   = 2; // B for A,  valuetype ProxyPrincipal
    
    /**
     * A Principal is represented by a base value type, which is extended
     * for the various principals, Simple, Quoting, and Proxy. This base 
     * type of a Principal may be sufficient for access control in 
     * most systems.
     * @param the_type    contains the corresponding identifier
     * @param the_name    contains the logical name of the most derived
     *                    Principal. Such as if the Principal is a nested
     *                    ProxyPrincipal (i.e. C for B for A) the name here
     *                    is A.
     * @param environmental_attributes
     *                    The attributes name certain things that do are 
     *                    environmental, such as IP addresses.
     * @param with_privileges
     *                    These are the privileges associated with Principal A
     *                    restricted_resources.
     *                    This field contains a collection of resources on which
     *                    the principal is authorized to perform actions.
     */
    valuetype Principal {
        /** This field contains the type of the Principal. */
        public PrincipalType          the_type;
        /** This field contains the name of the Principal */
        public PrincipalName          the_name;
        /**
         * This field contains the attributes of the principal
         * that are considered environmental, such as authentication
         * mechanism, authentication channel identifier, etc.
         */

	// begin of ObjectSecurity removal
	// as suggested by Adiron's Joncheng Kuo, this should go into
	// Client/TargetCredentials and CredentialsInitiator
	// and CredentialsAcceptor

//          public PrinAttributeList      environmental_attributes;

	// end of ObjectSecurity removal

        /**
         * This field contains the list of scoped privileges the
         * security service has determined belong to the particular
         * principal.
         */
        public ScopedPrivilegesList   with_privileges;
    };
    
    /**
     * A list of Principals
     * @see Principal
     */
    typedef sequence<Principal> PrincipalList;
    
    /**
     *  A Simple Principal represents a single entity. It is usually 
     * derived by authentication, trust rules concerning quoting,
     * or trust rules and certificates concerning Proxying.
     * It has one extra field over the base Principal, which is 
     * "alternate_names". 
     * @param alternate_names   
     *          This field contains other name types, such
     *          as that appear in an X.509 alternate name fields.
     */
     
    //
    // NOTE: The factory interfaces are not needed for general user use
    //        and will be eliminated.
    valuetype SimplePrincipal : truncatable Principal {