📄 securitylevel3.idl
字号:
/** * A list of credentials. */ typedef sequence<Credentials> CredentialsList; /** * OwnCredentials are created as a result of Credentials acquisition * from the CredentialsCurator's CredentialsAcquirers. * The Credentials have an initiator and an acceptor based * upon its intended usage and capability. Some OwnCredentials * that were acquired solely for initiating contexts (i.e. client side) * will not have an acceptor, and visa versa. */ local interface OwnCredentials : Credentials { /** * The creds_initiator field contains a reference to the * local credentials initiator associated with these credentials. * It is null if the creds_usage is AcceptOnly. */ readonly attribute CredsInitiator creds_initiator; /** * The creds_acceptor field contains a reference to the * local credentials acceptor associated with these credentials. * It is null if the creds_usage is InitiateOnly. */ readonly attribute CredsAcceptor creds_acceptor; /** * The release_credentials operation disables the credentials * from further initiating and/or accepting contexts. * Formal destruction of the Credentials object is delayed until * its pending work is done, at which time it becomes Invalid. */ void release_credentials (); }; /** * A list of OwnCredentials */ typedef sequence<OwnCredentials> OwnCredentialsList; /** * The ClientCredentials object is created as the result of accepting a * security context for a remote client. It represents that context. * It contains only the information used from the OwnCredentials * that was pertinent in establishing the context. * There is a pointer back to that OwnCredentials object. * Once this context is created, its attributes are guaranteed * not to change. */ local interface ClientCredentials : Credentials { /** * The context_id field contains a system generated unique identifier * for the context. */ readonly attribute SL3CM::ContextId context_id; /** * The client_principal field contains the principal that * the security service can deduce is the client from the * information and mechanisms used. */ readonly attribute SL3PM::Principal client_principal; /** * The client_supporting_statements field contains the statements that * delivered from CSIv2 protocol along with any from the associated * OwnCredentials that are used to deduce the client principal. */ readonly attribute SL3PM::StatementList client_supporting_statements; /** * The client_restricted_resources field contains the names of the * resources that the security service deduces from the CSIv2 * information and information from the associated OwnCredentials. */ readonly attribute SL3PM::ResourceNameList client_restricted_resources; /** * The target_principal field contains the exact principal that * the security service believes is representative of the * clients version of the target's principal. */ readonly attribute SL3PM::Principal target_principal; /** * The target_supporting_statements field contains the statements that * support the deduction of the target principal. */ readonly attribute SL3PM::StatementList target_supporting_statements; /** * The target_restricted_resources field contains names of resources * on which the target is restricted. This information may come * from the OwnCredentials. */ readonly attribute SL3PM::ResourceNameList target_restricted_resources; /** * This field is directly copied from TransportSecurity::ClientCredentials */ readonly attribute SL3PM::PrinAttributeList environmental_attributes; /** * This field refers to the OwnCredentials that were used in * establishing the security context. */ readonly attribute OwnCredentials parent_credentials; /** * This field is true if the client has been authenticated, either * over the transport, or at the CSIv2 ClientAuthentication Layer. */ readonly attribute boolean client_authentication; /** * This field is true if the target believes that it performed * a successful authentication of the target with the client. */ readonly attribute boolean target_authentication; /** * This field is true if the context is providing confidentiality * protection. */ readonly attribute boolean confidentiality; /** * This field is true if the context is providing integrity * protection. */ readonly attribute boolean integrity; }; /** * The TargetCredentials object is created as the result of accepting a * security context for a target. It represents that context. * It contains only the information used from the OwnCredentials * that was pertinent in establishing the context. * There is a pointer back to that OwnCredentials object. * Once this context is created, its attributes are guaranteed * not to change. */ local interface TargetCredentials : Credentials { /** * The context_id attribute contains a system generated * unique identifier for the context. */ readonly attribute SL3CM::ContextId context_id; /** * The client_principal attribute contains the principal that * the security service believe is the target's * ClientCredentials client_principal field. */ readonly attribute SL3PM::Principal client_principal; /** * The client_supporting_statements attribute contains the * statements that support the deduction of the client principal. */ readonly attribute SL3PM::StatementList client_supporting_statements; /** * The client_restricted_resources attribute contains names of * resources on which the client believes the client is restricted. * This information may be derived from newly acquired endorsement * information. */ readonly attribute SL3PM::ResourceNameList client_restricted_resources; /** * The target_principal attribute contains the exact principal that * the security service deduces to be the target. */ readonly attribute SL3PM::Principal target_principal; /** * The target_supporting_statements attribute contains the statements * that support the deduction of the target principal. */ readonly attribute SL3PM::StatementList target_supporting_statements; /** * The target_restricted_resources attribute contains names of * resources on which the target is restricted. This information * may not be available. */ readonly attribute SL3PM::ResourceNameList target_restricted_resources; /** * This field is directly copied from TransportSecurity::TargetCredentials */ readonly attribute SL3PM::PrinAttributeList environmental_attributes; /** * The parent_credentials attribute refers to the OwnCredentials * that were used in establishing the security context. */ readonly attribute OwnCredentials parent_credentials; /** * The client_authentication attribute is true if the client has * been authenticated, either over the transport, or at the * CSIv2 ClientAuthentication Layer. */ readonly attribute boolean client_authentication; /** * The target_authentication attribute is true if the target * believes that it performed a successful authentication of the * target with the client. */ readonly attribute boolean target_authentication; /** * The confidentiality attribute is true if the context is * providing confidentiality protection. */ readonly attribute boolean confidentiality; /** * The integrity attribute is true if the context is providing * integrity protection. */ readonly attribute boolean integrity; /** * The target_embodied attribute is true if the security service * believes that the target is embodied to impersonate the client * side principal. */ readonly attribute boolean target_embodied; /** * The target_endorsed attribute is true if the security service * believes that the target is endorsed to act on behalf of the * client side principal. */ readonly attribute boolean target_endorsed; /** * The release operation indicates to the CSIv2 protocol, that if * state is being retained for these credentials, they * will be discarded with the pending next request that * may have not yet gone out. * <p> * Any objects references that are binded to these * credentials after you release them will become unusable. * * This operation is experimental. */ void release(); }; //-------------------------------------------------------------------- // Security Invocation Policy // //-------------------------------------------------------------------- /** * The ContextEstablishmentPolicy policy object directs the * establishment of security contexts with a target. * <p> * The CredsDirective usage is the following: * <dl> * <dt> * CD_Default * <dd> * This directive means to use the default set * up by the thread, the ORB, the ORB configuration, * available credentials, or other policies. * <dt> * CD_InvokeTarget * <dd> * This directive means to use the * the specified OwnCredentials to create a * secure association with the target * before invocation. Do not endorse or embody the target. * Credentials may be IT_Simple, IT_Quoting, or IT_Proxy. * <dt> * CD_EndorseTarget * <dd> * This directive means to use the * the specified OwnCredentials to create a * secure association with the target * before invocation. * The credentials must be * IT_Simple, IT_Quoting, or IT_Proxy own credentials * that supports endorsement. * Note, a Initiator Credentials that is a IT_Proxy * may have an endorsement statement that not only * endorses this immediate client, but may very well * apply to the next target. * <dt> * CD_EmbodyTarget * <dd> * If possible give the target the ability to * impersonate the client, is performed using * transports that can forward their credentials * in the transport that give the ability to the * target to work in their own behalf. Alternatively, * the authenticator may be able to be passed on. * IT_Simple credentials must have or have the * ability to forward credentials. This is analogous * to flipping the DELEGATE bit on GSS-Kerberos Forwardable * credentials. IT_Quoting principals means * that you can forward the transport credentials, * authenticator plus the Quoting statement. * IT_Proxy principals means that you can forward * the transport credentials, authenticator, * and associated proxy statements. * </dl> * <p> * On using Own Credentials. The creds_ids name Own Credentials. * Also, they restrict the invocation to use only certain credentials. * If the cred_ids list is empty, then the own credentials for the * invocation are selected from a default, which may be * set on the thread or the ORB instance. */ local interface ContextEstablishmentPolicy : CORBA::Policy { readonly attribute SL3CM::CredsDirective creds_directive; readonly attribute OwnCredentialsList creds_list;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -