transportsecurity.idl

MICO2.3.13 corba 环境平台

//tabstop=4
//***********************************************************************
// ORBAsec SL3                                                     
// ----------------------------------------------------------------------
// Copyright (C) 2001 Adiron, LLC.                                 
//                    All rights reserved.                         
// ----------------------------------------------------------------------
// $Id$
//***********************************************************************
//
// Marked modifications Copyright (C) 2002, 2003, 2004 ObjectSecurity Ltd.
//
#ifndef _TRANSPORT_SECURITY_IDL_
#define _TRANSPORT_SECURITY_IDL_

#include <mico/security/sl3pm.idl>
#include <mico/security/sl3cm.idl>
#include <mico/security/sl3aqargs.idl>

#include <mico/security/csi.idl>
#include <mico/security/csiiop.idl>

//#include <mico/orb.idl>
#include <mico/basic_seq.idl>
#include <mico/policy.idl>
#include <mico/timebase.idl>

#pragma prefix "adiron.com"

/**
 * The Transport Security Module contains the data definitions
 * and Application Programmers Interface for dealing with
 * ORB security at the Transport Layer. This security is commonly
 * known as Common Secure Interoperability Version 1 (CSIv1).
 * <p>
 * This module uses the data and valuetype definitions of the
 * SecurityLevel3 module, to give a common representation of
 * important security information, such as Principals and 
 * Statements about Principals.
 * <p>
 * In order to let this module stand on its own, many of the
 * primitive data definitions parallel those of the Security
 * Level 3 module, such as string types, and integer constants.
 * For example, CredentialsType, CredentialsUsage, CredentialsState,
 * CredsDirective, FeatureDirective, all have type names and
 * constant names that parallel in both name and values to their
 * counterparts in the SecurityLevel3 module. At least in Java,
 * where the IDL language mapping dereferences types to their
 * most primitive type (such as int), these values can be 
 * used interchangeably between modules, in your Java code.
 * <p>
 * The Transport Security Service parallels the Security Level 3
 * module in that brings forth the security service (for the 
 * Transport Layer) with two objects that are returned by the
 * ORB's resolve_initial_references call. These two objects are:
 * the
 * <a href="TransportSecurity.SecurityManager.html">
 * TransportSecurity::SecurityManager</a>, and
 * <a href="TransportSecurity.SecurityCurrent.html">
 * TransportSecurity::SecurityCurrent</a> objects.
 * <p>
 * The Transport Security Service has the same Credentials model
 * we use in SecurityLevel3. This
 * model, which is heavily based on the Principal Calculus, yields
 * an API for accessing principal information. The credentials 
 * represent the ORB's credentials, as well as the establishment
 * of security contexts between client and servers.
 * <p>
 * The Transport Security Service is currently CSIv1 Level 0 and 
 * Level 1 compliant depending on the ORB options
 * <ul>
 * <li>
 * Level 0: SSL/TLS (SSLIOP) and plain TCPIP (IIOP).
 * <li>
 * Level 1: KerberosV5/SECP (SECIOP-Kerberos).
 * </ul>
 * Each mechanism (SSL, TCPIP, Kerberos) has its own security
 * characteristics which are illustrated by the credentials
 * initiator (client side) or acceptor (server side). These
 * security characteristics are:
 * <ul>
 * <li>
 * confidentiality: True if the credentials and mechanism support
 * encryption (TLS Kerberos)
 * <li>
 * integrity: True if the credentials and mechanism support
 * cryptographic integrity checking. (TLS, Kerberos)
 * <li>
 * client_authentication: True if the credentials have the ability
 * to authenticate the client of a security association. (TLS, Kerberos)
 * <li>
 * target_authentication: True if the credentials have the ability
 * to authenticate the target of a security association. (TLS, Kerberos)
 * <li>
 * supports_embodiment: True if the credentials initiator can 
 * make the target impersonate the client. This is a form of 
 * "unrestricted delegation" (Kerberos).
 * <li>
 * supports_endorsement: True if the credentials initiator can
 * endorse the target with its credentials. (Currently, no mechanism
 * can do that at the transport layer).
 * <li>
 * supports_quoting: True if the credentials initiator can 
 * quote another principal (Currently, no mechanism can do that
 * at the transport layer, and this feature is largely done at the 
 * Security Level 3 (CSIv2) layer.
 * </ul>
 * <p>
 * The <a href="TransportSecurity.CredentialsCurator.html">
 * Credentials Curator</a> is an object that is retrievable off of the
 * <a href="TransportSecurity.SecurityManager.html">
 * TransportSecurity::SecurityManager</a>.
 * You use this object to acquire transport
 * <a href="TransportSecurity.OwnCredentials.html">OwnCredentials</a>.
 * Transport Credentials give you the ability
 * to communicate with other clients and servers with transport security
 * protection. However, we model plain IIOP (GIOP/TCP/IP) with the
 * same credentials model. This gives you the ability to extract 
 * information from clients and target objects, such as their 
 * Internet addresses, which may be useful in your access control
 * and auditing decisions.
 * <P>
 * You cannot communicate with IIOP ORBs unless you acquire TCPIP
 * credentials.
 */
module TransportSecurity
{

    /**
     * The Adiron VMCID, which is used in Minor Error Codes, 
     * Policy Tags, etc.
     */
    const unsigned long ADIRON_VMCID = 0xA11C000;

    //-------------------------------------------------------------
    //  Transport Security Data Representations
    //
    //-------------------------------------------------------------
    
    /**
     * The CSIVersion type has two constants which represent the
     * versions of Common Security Interoperability as defined
     * by the OMG. These constants are used to indicate whether
     * a transport will handle CSIv1 or CSIv2 requests. This is
     * important, since CSIv2 transports handle state retention
     * of CSIv2 security contexts that are associated with
     * the transports.
     */
    typedef long CSIVersion;
    /**
     * This constant represents CSIv1, which is the ability to
     * handle security only at the transport layer. When 
     * credentials are acquired at the Transport Security Layer
     * they usually support CSIv1 and not CSIv2. CSIv2 may have to
     * be explicitly activated. Check with the parameters given
     * to the Credentials Acquirer of a particular mechanism.
     */
    const CSIVersion CSIv1 = 1;
    /**
     * This constant represents CSIv2, which has the the ability
     * to associate and process CSIv2 requests over its transport
     * protection layer. This option is not supported by default
     * unless TransportSecurity Credentials are implicitly acquired
     * by the SecurityLevel3 Credentials Acquire in support of
     * those CSIv2 enabled Credentials.
     */
    const CSIVersion CSIv2 = 2;
    
    /**
     * The ExternalizationType is a string that is used for requesting
     * the externalization format/type of Transport Security 
     * credentials, if it is supported by the particular mechanism.
     */

    // begin of ObjectSecurity removal

//      typedef string ExternalizationType;

    // end of ObjectSecurity removal
    
    //-------------------------------------------------------------
    //  Transport Security Application Users Interface
    //
    //-------------------------------------------------------------
    
    //
    // The Transport Security Credentials Model
    //
    // These interfaces give the information that the application can
    // use about the transport security.
    //
    
    /**
     * This interface represents the initiator side of the OwnCredentials.
     * It contains the local principal and capabilities in establishing
     * secure associations with servers.
     */
    local interface CredentialsInitiator {

        readonly attribute SL3PM::Principal        the_principal;
        readonly attribute SL3PM::StatementList    supporting_statements;
        readonly attribute SL3PM::ResourceNameList restricted_resources;
	readonly attribute SL3PM::PrinAttributeList         environmental_attributes;
        readonly attribute boolean                          supports_embodiment;
        readonly attribute boolean                          supports_endorsement;
        readonly attribute boolean                          supports_quoting;
        readonly attribute boolean                          supports_client_authentication;
        readonly attribute boolean                          supports_target_authentication;
        readonly attribute boolean                          supports_confidentiality;
        readonly attribute boolean                          supports_integrity;
        readonly attribute TimeBase::UtcT                   expiry_time;
    };
    
    /**
     * This interface represents the acceptor side of the OwnCredentials.
     * It contains the local principal and the capabilities in accepting
     * a secure association with clients.
     */
    local interface CredentialsAcceptor {

        readonly attribute SL3PM::Principal        the_principal;
        readonly attribute SL3PM::StatementList    supporting_statements;
        readonly attribute SL3PM::ResourceNameList restricted_resources;
	readonly attribute SL3PM::PrinAttributeList         environmental_attributes;
        readonly attribute boolean                          supports_endorsement;
        readonly attribute boolean                          supports_quoting;
        readonly attribute boolean                          supports_client_authentication;
        readonly attribute boolean                          supports_target_authentication;
        readonly attribute boolean                          supports_confidentiality;
        readonly attribute boolean                          supports_integrity;
        readonly attribute TimeBase::UtcT                   expiry_time;
    };
    
    /**
     * This interface is the base interface for all the transport credentials,
     * own, target, and client.
     */
    local interface TransportCredentials
    {
	readonly attribute SL3CM::CredentialsId        creds_id;    // Allocated by System
	// begin of ObjectSecurity addition
	readonly attribute SL3CM::CredentialsState     creds_state;
	// end of ObjectSecurity addition
        readonly attribute SL3CM::CredentialsType      creds_type;  // Own, Client, Target
        readonly attribute SL3CM::CredentialsUsage     creds_usage; // Accept, Initiate, Both
        readonly attribute TimeBase::UtcT       expiry_time;
    };
    
    /**
     * This interface is the own credentials. Objects of this interface
     * are created by the CredentialsAcquirer.
     */
    local interface OwnCredentials : TransportCredentials {

        /**
         * This operation stipulates the transport support for CSI.
         * If CSIv1 is true, then CSIv2 contexts are not supported
         * over transports derived from these Credentials. If CSIv2 is true,
         * and CSIv1 is false, a CSIv2 ServiceContext message must
         * accompany GIOP requests over the transport.
         */
        boolean supports_csi_version(
            in CSIVersion version
        );
        
        /**
         * This attribute is Null if creds_usage is not initiating.
         */
        readonly attribute CredentialsInitiator     the_initiator;
        
        /**
         * This attribute is Null if creds_usage is not accepting.
         */
        readonly attribute CredentialsAcceptor      the_acceptor;
        
        /**
         * This function releases the credentials from use and 
         * from the default credentials list, if it is present
         * on it. The credentials shall not be actually released
         * from use until all its pending work is done.
         */
        void release_credentials();
        
        /**
         * The externalize_credentials operation writes the credentials
         * to a form that may be able to be used by other programs, such
         * as a Kerberos Session Credentials Cache. This operation will
         * raise a System Exception of BAD_PARAM, if the type is invalid
         * for the mechanism, or url is invalid, or cannot be accessed.
         * <p>
         * For Kerberos, you can get the credentials dumped to a credentials
         * cache file by, using the type of "CredCache", and a FILE: url, 
         * such as in the following:
         * <pre>
         * creds.externalize("CredCache","FILE:/tmp/krb5cc_user");
         * </pre>
         *
         * @param externalization_type
         *             The externalization_type parameter holds the type
         *             of externalization desired. Identifiers are specific
         *             to mechanisms.
         * @param dest_url
         *             The dest_url parameter must hold a valid
         *             writable URL, such as "FILE:/tmp/krb5cc".
         */

	// begin of ObjectSecurity removal

//          void externalize_credentials(
//              in ExternalizationType externalization_type,
//              in string dest_url
//          );

	// end of ObjectSecurity removal
    };
    typedef sequence<OwnCredentials> OwnCredentialsList;
    
    /**
     * An object of this interface represents an established
     * secure association with a client. This object is only
     * retrievable from the TransportSecurity::SecurityCurrent
     * object, as it is thread based, i.e. available during
     * the servicing of a CORBA request.
     */
    local interface ClientCredentials : TransportCredentials {

        readonly attribute SL3CM::ContextId                        context_id;
        readonly attribute SL3PM::Principal        client_principal;
        readonly attribute SL3PM::StatementList    client_supporting_statements;
        readonly attribute SL3PM::ResourceNameList client_restricted_resources;
        readonly attribute SL3PM::Principal        target_principal;
        readonly attribute SL3PM::StatementList    target_supporting_statements;
        readonly attribute SL3PM::ResourceNameList target_restricted_resources;
	readonly attribute SL3PM::PrinAttributeList         environmental_attributes;
        readonly attribute OwnCredentials                   parent_credentials;
        readonly attribute boolean                          client_authentication;
        readonly attribute boolean                          target_authentication;
        readonly attribute boolean                          confidentiality;
        readonly attribute boolean                          integrity;
        
        // The following means that Own transport credentials can be made 
        // from this context using the corresponding proxy directive
        //
        readonly attribute boolean                          impersonable;
        readonly attribute boolean                          endorseable;
        readonly attribute boolean                          quotable;
        
    };
    
    /**
     * Objects of this interface are returned by the SecurityManager's
     * get_target_credentials operation. It represents an established
     * secure association with a server.