SecurityReplaceable.idl

Go to the documentation of this file.
00001 #ifndef _SECURITY_REPLACEABLE_IDL_
00002 #define _SECURITY_REPLACEABLE_IDL_
00003 
00004 #include <SecurityLevel2.idl>
00005 
00006 #pragma prefix "omg.org"
00007 
00008 module SecurityReplaceable
00009 {
00010    local interface SecurityContext;
00011    local interface ClientSecurityContext;
00012    local interface ServerSecurityContext;
00013 
00014    local interface Vault
00015    {
00016       Security::AuthenticationMethodList get_supported_authen_methods
00017          (in Security::MechanismType mechanism);
00018 
00019       readonly attribute Security::OIDList supported_mech_oids;
00020 
00021       Security::AuthenticationStatus acquire_credentials
00022       (
00023          in Security::AuthenticationMethod method, 
00024          in Security::MechanismType mechanism,
00025          in Security::SecurityName security_name,
00026          in any auth_data,
00027          in Security::AttributeList privileges,
00028          out SecurityLevel2::Credentials creds,
00029          out any continuation_data,
00030          out any auth_specific_data
00031       );
00032 
00033       Security::AuthenticationStatus continue_credentials_acquisition
00034       (
00035          in any response_data,
00036          in SecurityLevel2::Credentials creds,
00037          out any continuation_data,
00038          out any auth_specific_data
00039       );
00040 
00041 #ifndef VISIBROKER52
00042 #ifndef VISIBROKER60
00043 #ifndef VISIBROKER65
00044 #ifndef VISIBROKER70
00045 #ifndef VISIBROKER80
00046       IOP::TaggedComponentSeq create_ior_components
00047          (in SecurityLevel2::Credentials creds_list);
00048 #endif
00049 #endif
00050 #endif
00051 #endif
00052 #endif
00053 
00054       Security::AssociationStatus init_security_context
00055       (
00056          in SecurityLevel2::Credentials creds,
00057          in Security::SecurityName target_security_name,
00058          in Object target,
00059          in Security::DelegationMode delegation_mode,
00060          in Security::OptionsDirectionPairList association_options,
00061          in Security::MechanismType mechanism,
00062          in Security::Opaque comp_data,
00063          in Security::ChannelBindings chan_binding,
00064          out Security::OpaqueBuffer security_token,
00065          out ClientSecurityContext security_context
00066       );
00067 
00068       Security::AssociationStatus accept_security_context
00069       (
00070          in SecurityLevel2::CredentialsList creds_list,
00071          in Security::ChannelBindings chan_bindings,
00072          in Security::OpaqueBuffer in_token,
00073          out Security::OpaqueBuffer out_token,
00074          out ServerSecurityContext security_context
00075       );
00076 
00077       Security::MechandOptionsList get_supported_mechs ();
00078    };
00079 
00080    local interface SecurityContext
00081    {
00082       readonly attribute Security::SecurityContextType context_type;
00083       readonly attribute Security::SecurityContextState context_state;
00084       readonly attribute Security::MechanismType mechanism;
00085       readonly attribute boolean supports_refresh;
00086       readonly attribute Security::ChannelBindings chan_binding;
00087       readonly attribute SecurityLevel2::ReceivedCredentials received_credentials;
00088 
00089       Security::AssociationStatus continue_security_context
00090       (
00091          in Security::OpaqueBuffer in_token,
00092          out Security::OpaqueBuffer out_token
00093       );
00094 
00095       void protect_message
00096       (
00097          in Security::OpaqueBuffer message,
00098          in Security::QOP qop,
00099          out Security::OpaqueBuffer text_buffer,
00100          out Security::OpaqueBuffer token
00101       );
00102 
00103       boolean reclaim_message
00104       (
00105          in Security::OpaqueBuffer text_buffer,
00106          in Security::OpaqueBuffer token,
00107          out Security::QOP qop,
00108          out Security::OpaqueBuffer message
00109       );
00110 
00111       boolean is_valid (out Security::UtcT expiry_time);
00112       boolean refresh_security_context
00113       (
00114          in any refresh_data,
00115          out Security::OpaqueBuffer out_token
00116       );
00117       boolean process_refresh_token (in Security::OpaqueBuffer refresh_token);
00118       boolean discard_security_context
00119       (
00120          in Security::Opaque discard_data,
00121          out Security::OpaqueBuffer out_token
00122       );
00123       boolean process_discard_token (in Security::OpaqueBuffer discard_token);
00124    };
00125 
00126    local interface ClientSecurityContext : SecurityContext
00127    {
00128       readonly attribute Security::AssociationOptions association_options_used;
00129       readonly attribute Security::DelegationMode delegation_mode;
00130       readonly attribute Security::Opaque comp_data;
00131       readonly attribute SecurityLevel2::Credentials client_credentials;
00132       readonly attribute Security::AssociationOptions server_options_supported;
00133       readonly attribute Security::AssociationOptions server_options_required;
00134       readonly attribute Security::Opaque server_security_name;
00135    };
00136 
00137    local interface ServerSecurityContext : SecurityContext
00138    {
00139       readonly attribute Security::AssociationOptions association_options_used;
00140       readonly attribute Security::DelegationMode delegation_mode;
00141       readonly attribute SecurityLevel2::Credentials server_credentials;
00142       readonly attribute Security::AssociationOptions server_options_supported;
00143       readonly attribute Security::AssociationOptions server_options_required;
00144       readonly attribute Security::Opaque server_security_name;
00145    };
00146 
00147    interface RequiredRights
00148    {
00149       void get_required_rights
00150       (
00151          in CORBA::Identifier operation_name,
00152          in CORBA::RepositoryId interface_name,
00153          out Security::RightsList rights,
00154          out Security::RightsCombinator rights_combinator
00155       );
00156 
00157       void set_required_rights
00158       (
00159          in CORBA::Identifier operation_name,
00160          in CORBA::RepositoryId interface_name,
00161          in Security::RightsList rights,
00162          in Security::RightsCombinator rights_combinator
00163       );
00164    };
00165 
00166    local interface AuditChannel
00167    { 
00168       void audit_write
00169       (
00170          in Security::AuditEventType event_type,
00171          in SecurityLevel2::CredentialsList creds_list,
00172          in Security::UtcT time,
00173          in Security::SelectorValueList descriptors,
00174          in Security::Opaque event_specific_data
00175       );
00176 
00177       readonly attribute Security::AuditChannelId audit_channel_id;
00178    };
00179 
00180    local interface AuditDecision
00181    {
00182       boolean audit_needed
00183       (
00184          in Security::AuditEventType event_type,
00185          in Security::SelectorValueList value_list
00186       );
00187 
00188       readonly attribute AuditChannel audit_channel;
00189    };
00190 
00191    local interface AccessDecision
00192    {
00193       boolean access_allowed
00194       (
00195          in SecurityLevel2::CredentialsList cred_list,
00196          in CORBA::Identifier operation_name,
00197          in CORBA::Identifier target_interface_name
00198       );
00199    };
00200 };
00201 
00202 #endif