sl3cm.idl

MICO2.3.13 corba 环境平台

//tabstop=4
//***********************************************************************
// ORBAsec SL3                                                     
// ----------------------------------------------------------------------
// Copyright (C) 2001 Adiron, LLC.                                 
//                    All rights reserved.                         
// ----------------------------------------------------------------------
// $Id$
//***********************************************************************
//
// Marked modifications Copyright (C) 2002, 2003 ObjectSecurity Ltd.
//
#ifndef _SL3CM_IDL_
#define _SL3CM_IDL_

module SL3CM {

    // The SL3CM module contains common definitions for Credentials
    // Model. These definitions were moved here from SecurityLevel3
    // module, since they are also used in the TransportSecurity module
    // and it is useless to duplicate constants definitions inside
    // both modules.
    //

    //
    // The Security Level 3 Credentials Model
    //
    
    /**
     * Credentials come in three types. OwnCredentials, ClientCredentials,
     * and TargetCredentials. OwnCredentials represent the ORB instance's
     * credentials. Each Credentials has initiating and accepting capability.
     * ClientCredentials represent an established security context with
     * a client. TargetCredentials represent an established security context
     * with a Target's Server.
     */
    typedef unsigned long CredentialsType;
    
    /**
     * The CT_OwnCredentials CredentialsType signifies that the 
     * Credentials can be extended to the OwnCredentials Type.
     */
    const CredentialsType CT_OwnCredentials        = 0;
    /**
     * The CT_ClientCredentials CredentialsType signifies that the 
     * Credentials can be extended to the ClientCredentials Type.
     */
    const CredentialsType CT_ClientCredentials     = 1;
    /**
     * The CT_TargetCredentials CredentialsType signifies that the 
     * Credentials can be extended to the ClientCredentials Type.
     */
    const CredentialsType CT_TargetCredentials     = 2;
    
    /**
     * A Credentials object has a validity state. Some credentials
     * may be time or use dependent.
     */
    typedef long CredentialsState;
    
    /**
     * The Credentials with a CredentialsState of CS_Invalid cannot be
     * used in any the initiating or accepting establishment of any
     * security contexts.
     */
    const CredentialsState CS_Invalid         = -3;
    
    /**
     * Credentials with a CredentialsState of CS_Expired can no longer
     * be used for initiating or accepting establishment of any
     * security contexts.
     */
    const CredentialsState CS_Expired         = -2;
    /**
     * Credentials with a CredentialsState of CS_PendingRelease can no longer
     * be used for initiating or accepting establishment of any
     * security contexts. It means that "release_credentials" has been
     * called on the credentials.
     */
    const CredentialsState CS_PendingRelease  = -1;
    /**
     * Credentials with a CredentialsState of CS_Initialized can not
     * be used for initiating or accepting establishment of any
     * security contexts. It means that credentials are in an initial
     * state. This value is for internal use, and there is no
     * reason a SecurityLevel3 user should see credentials in this state.
     */
    const CredentialsState CS_Initialized     =  0;
    /**
     * Credentials with a CredentialsState of CS_Valid can
     * be used for initiating or accepting establishment of
     * security contexts.
     */
    const CredentialsState CS_Valid           =  1;
    
    /**
     * Credentials have system generated identifiers
     * to which they can be referred and retrieved.
     */
    typedef string CredentialsId;
    typedef sequence<CredentialsId> CredentialsIdList;
    
    /**
     * Security Contexts have system generated identifiers.
     * Security Contexts may be long lived and not established on
     * every request. Therefore, an identifier is assigned.
     */
    typedef string ContextId;
    typedef sequence<ContextId> ContextIdList;

    /**
     * Credentials Usage
     * <p>
     * Credentials Usage refers to the concept that Credentials may
     * be used to initiate security context, accept security contexts,
     * or do both. its values are used in the acquisition
     * of credentials for the purpose of designating the abilities
     * of the credentials acquired.
     */
    typedef unsigned long CredentialsUsage;
    /**
     * The CU_Indefinite CredentialsUsage type is a value that 
     * signifies the default. Depending on some other acquisition
     * arguments, the credentials usage may be able to be implicitly
     * determined.
     */
    const CredentialsUsage CU_Indefinite         = 1;
    /**
     * The CU_None CredentialsUsage type is a value that states the
     * credentials can not be used to make or accept security
     * contexts. ClientCredentials and TargetCredentials have
     * this credentials usage.
     */
    const CredentialsUsage CU_None               = 2;
    /**
     * The CU_AcceptOnly CredentialsUsage type is a value that signifies
     * that the credentials can only be used to accept the establishment
     * of security contexts.
     */
    const CredentialsUsage CU_AcceptOnly         = 3;
    /**
     * The CU_InitiateOnly CredentialsUsage type is a value that signifies
     * that the credentials can only be used to initiate the establishment
     * of security contexts.
     */
    const CredentialsUsage CU_InitiateOnly       = 4;
    /**
     * The CU_InitiateAndAccept CredentialsUsage type is a value that 
     * signifies that the credentials can be used to both initiate 
     * and accept the establishment of security contexts.
     */
    const CredentialsUsage CU_InitiateAndAccept  = 5;
    
    /**
     * A CredsDirective is a directive on a invocation as to the
     * effects of the initiated security context will have on the
     * the accepting side. Please see ContextEstablishmentPolicy
     * for is use in context with establishing security contexts.
     * @see ContextEstablishmentPolicy
     */
    typedef unsigned long CredsDirective;
    /**
     * The CD_Default CredsDirective is a value that signifies to
     * use the capabilities of the selected credentials.
     */
    const CredsDirective CD_Default             = 0;
    /**
     * The CD_InvokeTarget CredsDirective is a value that signifies that
     * the selected credentials should only be used in a simple 
     * invocation fashion. They shall not attempt to endorse or embody
     * the target to act on its behalf.
     */
    const CredsDirective CD_InvokeTarget        = 1;
    /**
     * The CD_EndorseTarget CredsDirective is a value that signifies that
     * the selected credentials, if capable, should attempt to endorse
     * the target. In other words, it gives the accepting side the ability
     * to act on behalf of the initiating side.
     */
    const CredsDirective CD_EndorseTarget       = 2;
    /**
     * The CD_EmbodyTarget CredsDirective is a value that signifies that
     * the selected credentials, if capable, should attempt to embody
     * the target. In other words, it gives the accepting side the ability
     * to impersonate the initiating side.
     */
    const CredsDirective CD_EmbodyTarget        = 3;
    
    /**
     * A Feature Directive is a general directive used in policy that
     * stipulates the of a particular feature. Such examples include,
     * confidentiality, integrity, client authentication, etc.
     */ 
    typedef long FeatureDirective;
    
    /**
     * The FD_DoNotUse FeatureDirective means definitely do not to use
     * the feature.
     */
    const FeatureDirective FD_DoNotUse             = -2;
    /**
     * The FD_DoNotUseIfPossible FeatureDirective means do not to use
     * the feature if it is possible. Note, some mechanisms may always
     * use confidentiality.
     */
    const FeatureDirective FD_DoNotUseIfPossible   = -1;
    /**
     * The FD_UseDefault FeatureDirective means to use or not to use
     * the feature depending on defaults.
     */
    const FeatureDirective FD_UseDefault           =  0;
    /**
     * The FD_DoNotUseIfPossible FeatureDirective means do not to use
     * the feature if it is possible. Note, some mechanisms may not
     * be able to use confidentiality.
     */
    const FeatureDirective FD_UseIfPossible        =  1;
    /**
     * The FD_DoNotUse FeatureDirective means definitely use
     * the feature.
     */
    const FeatureDirective FD_Use                  =  2;

    /**
     * Credentials are acquired by a Credentials Acquirer by some
     * acquisition mechanism specified in the Credentials Curator.
     * Acquisition methods are available on the curator. The 
     * specifics of arguments needed and the acquisition process
     * are defined by the method itself.
     */
//      typedef string AcquisitionMethod;
//      typedef sequence<AcquisitionMethod> AcquisitionMethodList;
    
    /**
     * This type specifies the transport mechanisms, which is used for
     * acquiring Credentials such as TCPIP, TLS, SECIOP-Kerberos.
     *
     * NOTE: Currently Supported, "TCPIP", "TLS".
     */
    // note: MechId definitions are used only in TransportSecurity
    // module, but since other modules depends on TransportSecurity
    // module only because of these definitions, we have rather moved
    // them here. Anyway, they are part of Credentials Model.
//      typedef string MechanismId;
//      typedef sequence<MechanismId> MechanismList;

    typedef string AcquisitionArgumentType;
    
}; // SL3CM
#endif // _SL3CM_IDL_