Security.idl

Go to the documentation of this file.
00001 #ifndef _SECURITY_IDL_
00002 #define _SECURITY_IDL_
00003 
00009 #include <orbdefs.idl>
00010 
00011 #include <TimeBase.idl>
00012 
00013 #pragma prefix "omg.org"
00014 
00015 module Security
00016 {
00017    typedef string SecurityName;
00018    typedef sequence <octet> Opaque;
00019 
00020    // Constant declarations for Security Service Options
00021 
00022    const CORBA::ServiceOption SecurityLevel1 = 1;
00023    const CORBA::ServiceOption SecurityLevel2 = 2;
00024    const CORBA::ServiceOption NonRepudiation = 3;
00025    const CORBA::ServiceOption SecurityORBServiceReady = 4;
00026    const CORBA::ServiceOption SecurityServiceReady = 5;
00027    const CORBA::ServiceOption ReplaceORBServices = 6;
00028    const CORBA::ServiceOption ReplaceSecurityServices = 7;
00029    const CORBA::ServiceOption StandardSecureInteroperability = 8;
00030    const CORBA::ServiceOption DCESecureInteroperability = 9;
00031 
00032    // Service options for Common Secure Interoperability
00033 
00034    const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
00035    const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
00036    const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;
00037 
00038    // Security mech types supported for secure association
00039 
00040    const CORBA::ServiceDetailType SecurityMechanismType = 1;
00041 
00042    // Privilege types supported in standard access policy
00043 
00044    const CORBA::ServiceDetailType SecurityAttribute = 2;
00045 
00046    // Extensible families for standard data types
00047 
00048    struct ExtensibleFamily
00049    {
00050       unsigned short family_definer;
00051       unsigned short family;
00052    };
00053 
00054    typedef sequence<octet> OID;
00055    typedef sequence<OID> OIDList;
00056 
00057    // Security attributes
00058 
00059    typedef unsigned long SecurityAttributeType;
00060 
00061    // Other attributes; family = 0
00062 
00063    const SecurityAttributeType AuditId = 1;
00064    const SecurityAttributeType AccountingId = 2;
00065    const SecurityAttributeType NonRepudiationId = 3;
00066 
00067    // Privilege attributes; family = 1
00068 
00069    const SecurityAttributeType _Public = 1;
00070    const SecurityAttributeType AccessId = 2;
00071    const SecurityAttributeType PrimaryGroupId = 3;
00072    const SecurityAttributeType GroupId = 4;
00073    const SecurityAttributeType Role = 5;
00074    const SecurityAttributeType AttributeSet = 6;
00075    const SecurityAttributeType Clearance = 7;
00076    const SecurityAttributeType Capability = 8;
00077 
00078    struct AttributeType
00079    {
00080       ExtensibleFamily attribute_family;
00081       SecurityAttributeType attribute_type;
00082    };
00083    typedef sequence<AttributeType> AttributeTypeList;
00084 
00085    struct SecAttribute
00086    {
00087       AttributeType attribute_type;
00088       OID defining_authority;
00089       Opaque value;
00090       // the value of this attribute can be
00091       // interpreted only with knowledge of type
00092    };
00093    typedef sequence <SecAttribute> AttributeList;
00094 
00095    // Authentication return status
00096 
00097    enum AuthenticationStatus
00098    {
00099       SecAuthSuccess,
00100       SecAuthFailure,
00101       SecAuthContinue,
00102       SecAuthExpired
00103    };
00104 
00105    // Association return status
00106 
00107    enum AssociationStatus
00108    {
00109       SecAssocSuccess,
00110       SecAssocFailure,
00111       SecAssocContinue
00112    };
00113 
00114    // Authentication method
00115 
00116    typedef unsigned long AuthenticationMethod;
00117    typedef sequence<AuthenticationMethod> AuthenticationMethodList;
00118 
00119    // Credential types
00120 
00121    enum InvocationCredentialsType
00122    {
00123       SecOwnCredentials,
00124       SecReceivedCredentials,
00125       SecTargetCredentials
00126    };
00127 
00128    // Declarations related to Rights
00129 
00130    struct Right
00131    {
00132       ExtensibleFamily rights_family;
00133       string the_right;
00134    };
00135    typedef sequence <Right> RightsList;
00136 
00137    enum RightsCombinator
00138    {
00139       SecAllRights,
00140       SecAnyRight
00141    };
00142 
00143    // Delegation related
00144 
00145    enum DelegationState
00146    {
00147       SecInitiator,
00148       SecDelegate
00149    };
00150 
00151    enum DelegationDirective
00152    {
00153       Delegate,
00154       NoDelegate
00155    };
00156 
00157    // Pick up from TimeBase
00158 
00159    typedef TimeBase::UtcT UtcT;
00160    typedef TimeBase::IntervalT IntervalT;
00161    typedef TimeBase::TimeT TimeT;
00162 
00163    // Security features available on credentials
00164 
00165    enum SecurityFeature
00166    {
00167       SecNoDelegation,
00168       SecSimpleDelegation,
00169       SecCompositeDelegation,
00170       SecNoProtection,
00171       SecIntegrity,
00172       SecConfidentiality,
00173       SecIntegrityAndConfidentiality,
00174       SecDetectReplay,
00175       SecDetectMisordering,
00176       SecEstablishTrustInTarget,
00177       SecEstablishTrustInClient
00178    };
00179 
00180    // Quality of protection which can be specified
00181    // for an object reference and used to protect messages
00182 
00183    enum QOP
00184    {
00185       SecQOPNoProtection,
00186       SecQOPIntegrity,
00187       SecQOPConfidentiality,
00188       SecQOPIntegrityAndConfidentiality
00189    };
00190 
00191    // Type of SecurityContext
00192 
00193    enum SecurityContextType
00194    {
00195       SecClientSecurityContext,
00196       SecServerSecurityContext
00197    };
00198 
00199    // Operational State of a Security Context
00200 
00201    enum SecurityContextState
00202    {
00203       SecContextInitialized,
00204       SecContextContinued,
00205       SecContextClientEstablished,
00206       SecContextEstablished,
00207       SecContextEstablishExpired,
00208       SecContextExpired,
00209       SecContextInvalid
00210    };
00211 
00212    struct ChannelBindings
00213    {
00214       unsigned long initiator_addrtype;
00215       sequence<octet> initiator_address;
00216       unsigned long acceptor_addrtype;
00217       sequence<octet> acceptor_address;
00218       sequence<octet> application_data;
00219    };
00220 
00221    // For use with SecurityReplaceable
00222 
00223    struct OpaqueBuffer
00224    {
00225       Opaque buffer;
00226       unsigned long startpos;
00227       unsigned long endpos;
00228 
00229       // startpos <= endpos
00230       // OpaqueBuffer is said to be empty if startpos == endpos
00231    };
00232 
00233    // Association options which can be administered
00234    // on secure invocation policy and used to
00235    // initialize security context
00236 
00237    typedef unsigned short AssociationOptions;
00238 
00239    const AssociationOptions NoProtection = 1;
00240    const AssociationOptions Integrity = 2;
00241    const AssociationOptions Confidentiality = 4;
00242    const AssociationOptions DetectReplay = 8;
00243    const AssociationOptions DetectMisordering = 16;
00244    const AssociationOptions EstablishTrustInTarget = 32;
00245    const AssociationOptions EstablishTrustInClient = 64;
00246    const AssociationOptions NoDelegation = 128;
00247    const AssociationOptions SimpleDelegation = 256;
00248    const AssociationOptions CompositeDelegation = 512;
00249 
00250    // Flag to indicate whether association options being
00251    // administered are the 'required' or 'supported' set
00252 
00253    enum RequiresSupports
00254    {
00255       SecRequires,
00256       SecSupports
00257    };
00258 
00259    // Direction of communication for which
00260    // secure invocation policy applies
00261 
00262    enum CommunicationDirection
00263    {
00264       SecDirectionBoth,
00265       SecDirectionRequest,
00266       SecDirectionReply
00267    };
00268 
00269    // Security association mechanism type
00270 
00271    typedef string MechanismType;
00272    typedef sequence<MechanismType> MechanismTypeList;
00273 
00274    // AssociationOptions-Direction pair
00275 
00276    struct OptionsDirectionPair
00277    {
00278       AssociationOptions options;
00279       CommunicationDirection direction;
00280    };
00281    typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;
00282 
00283    // Delegation mode which can be administered
00284 
00285    enum DelegationMode
00286    {
00287       SecDelModeNoDelegation, // i.e. use own credentials
00288       SecDelModeSimpleDelegation, // delegate received credentials
00289       SecDelModeCompositeDelegation // delegate both;
00290    };
00291 
00292    // Association options supported by a given mech type
00293 
00294    struct MechandOptions
00295    {
00296       MechanismType mechanism_type;
00297       AssociationOptions options_supported;
00298    };
00299    typedef sequence <MechandOptions> MechandOptionsList;
00300 
00301    // Attribute of the SecurityLevel2::EstablishTrustPolicy
00302 
00303    struct EstablishTrust
00304    {
00305       boolean trust_in_client;
00306       boolean trust_in_target;
00307    };
00308 
00309    // Audit
00310 
00311    typedef unsigned long AuditChannelId;
00312    typedef unsigned short EventType;
00313 
00314    const EventType AuditAll = 0;
00315    const EventType AuditPrincipalAuth = 1;
00316    const EventType AuditSessionAuth = 2;
00317    const EventType AuditAuthorization = 3;
00318    const EventType AuditInvocation = 4;
00319    const EventType AuditSecEnvChange = 5;
00320    const EventType AuditPolicyChange = 6;
00321    const EventType AuditObjectCreation = 7;
00322    const EventType AuditObjectDestruction = 8;
00323    const EventType AuditNonRepudiation = 9;
00324 
00325    enum DayOfTheWeek
00326    {
00327       Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
00328    };
00329 
00330    enum AuditCombinator
00331    {
00332       SecAllSelectors,
00333       SecAnySelector
00334    };
00335 
00336    struct AuditEventType
00337    {
00338       ExtensibleFamily event_family;
00339       EventType event_type;
00340    };
00341    typedef sequence <AuditEventType> AuditEventTypeList;
00342 
00343    typedef unsigned long SelectorType;
00344 
00345    const SelectorType InterfaceName = 1;
00346    const SelectorType ObjectRef = 2;
00347    const SelectorType Operation = 3;
00348    const SelectorType Initiator = 4;
00349    const SelectorType SuccessFailure = 5;
00350    const SelectorType Time = 6;
00351    const SelectorType DayOfWeek = 7;
00352 
00353    // values defined for audit_needed and audit_write are:
00354    // InterfaceName: CORBA::RepositoryId
00355    // ObjectRef: object reference
00356    // Operation: op_name
00357    // Initiator: Credentials
00358    // SuccessFailure: boolean
00359    // Time: utc time on audit_write; time picked up from
00360    // environment in audit_needed if required
00361    // DayOfWeek: DayOfTheWeek
00362 
00363    struct SelectorValue
00364    {
00365       SelectorType selector;
00366       any value;
00367    };
00368    typedef sequence <SelectorValue> SelectorValueList;
00369 
00370    // Constant declaration for valid Security Policy Types
00371 
00372    // General administrative policies
00373 
00374    const CORBA::PolicyType SecClientInvocationAccess = 1;
00375    const CORBA::PolicyType SecTargetInvocationAccess = 2;
00376    const CORBA::PolicyType SecApplicationAccess = 3;
00377    const CORBA::PolicyType SecClientInvocationAudit = 4;
00378    const CORBA::PolicyType SecTargetInvocationAudit = 5;
00379    const CORBA::PolicyType SecApplicationAudit = 6;
00380    const CORBA::PolicyType SecDelegation = 7;
00381    const CORBA::PolicyType SecClientSecureInvocation = 8;
00382    const CORBA::PolicyType SecTargetSecureInvocation = 9;
00383    const CORBA::PolicyType SecNonRepudiation = 10;
00384 
00385    // Policies used to control attributes of a binding to a target
00386 
00387    const CORBA::PolicyType SecMechanismsPolicy = 12;
00388    const CORBA::PolicyType SecInvocationCredentialsPolicy = 13;
00389    const CORBA::PolicyType SecFeaturePolicy = 14; // obsolete
00390    const CORBA::PolicyType SecQOPPolicy = 15;
00391    const CORBA::PolicyType SecDelegationDirectivePolicy = 38;
00392    const CORBA::PolicyType SecEstablishTrustPolicy = 39;
00393 };
00394 
00395 #endif