//File: Security.idl //Part of the Security Service #if !defined(_SECURITY_IDL_) #define _SECURITY_IDL_ #include #include #pragma prefix "omg.org" module Security { # pragma version Security 1.8 typedef string SecurityName; typedef sequence Opaque; // Constant declarations for Security Service Options const CORBA::ServiceOption SecurityLevel1 = 1; const CORBA::ServiceOption SecurityLevel2 = 2; const CORBA::ServiceOption NonRepudiation = 3; const CORBA::ServiceOption SecurityORBServiceReady = 4; const CORBA::ServiceOption SecurityServiceReady = 5; const CORBA::ServiceOption ReplaceORBServices = 6; const CORBA::ServiceOption ReplaceSecurityServices = 7; const CORBA::ServiceOption StandardSecureInteroperability = 8; const CORBA::ServiceOption DCESecureInteroperability = 9; // Service options for Common Secure Interoperability const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10; const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11; const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12; // Security mech types supported for secure association const CORBA::ServiceDetailType SecurityMechanismType = 1; // privilege types supported in standard access policy const CORBA::ServiceDetailType SecurityAttribute = 2; // extensible families for standard data types struct ExtensibleFamily { unsigned short family_definer; unsigned short family; }; typedef sequence OID; typedef sequence OIDList; // security attributes typedef unsigned long SecurityAttributeType; // other attributes; family = 0 const SecurityAttributeType AuditId = 1; const SecurityAttributeType AccountingId = 2; const SecurityAttributeType NonRepudiationId = 3; // privilege attributes; family = 1 const SecurityAttributeType _Public = 1; const SecurityAttributeType AccessId = 2; const SecurityAttributeType PrimaryGroupId = 3; const SecurityAttributeType GroupId = 4; const SecurityAttributeType Role = 5; const SecurityAttributeType AttributeSet = 6; const SecurityAttributeType Clearance = 7; const SecurityAttributeType Capability = 8; struct AttributeType { ExtensibleFamily attribute_family; SecurityAttributeType attribute_type; }; typedef sequence AttributeTypeList; struct SecAttribute { AttributeType attribute_type; OID defining_authority; Opaque value; // the value of this attribute can be // decoded only with knowledge of defining_authority }; typedef sequence AttributeList; // Authentication return status enum AuthenticationStatus { SecAuthSuccess, SecAuthFailure, SecAuthContinue, SecAuthExpired }; // Association return status enum AssociationStatus { SecAssocSuccess, SecAssocFailure, SecAssocContinue }; // Authentication method typedef unsigned long AuthenticationMethod; typedef sequence AuthenticationMethodList; // Credential types enum InvocationCredentialsType { SecOwnCredentials, SecReceivedCredentials, SecTargetCredentials }; // Declarations related to Rights struct Right { ExtensibleFamily rights_family; string the_right; }; typedef sequence RightsList; enum RightsCombinator { SecAllRights , SecAnyRight }; // Delegation related enum DelegationState { SecInitiator, SecDelegate }; enum DelegationDirective { Delegate, NoDelegate }; // pick up from TimeBase typedef TimeBase::UtcT UtcT; typedef TimeBase::IntervalT IntervalT; typedef TimeBase::TimeT TimeT; // Security features available on credentials. enum SecurityFeature { SecNoDelegation, SecSimpleDelegation, SecCompositeDelegation, SecNoProtection, SecIntegrity, SecConfidentiality, SecIntegrityAndConfidentiality, SecDetectReplay, SecDetectMisordering, SecEstablishTrustInTarget, SecEstablishTrustInClient }; // Quality of protection which can be specified // for an object reference and used to protect messages enum QOP { SecQOPNoProtection, SecQOPIntegrity, SecQOPConfidentiality, SecQOPIntegrityAndConfidentiality }; // Type of SecurityContext enum SecurityContextType { SecClientSecurityContext, SecServerSecurityContext }; // Operational State of a Security Context enum SecurityContextState { SecContextInitialized, SecContextContinued, SecContextClientEstablished, SecContextEstablished, SecContextEstablishExpired, SecContextExpired, SecContextInvalid }; struct ChannelBindings { unsigned long initiator_addrtype; sequence initiator_address; unsigned long acceptor_addrtype; sequence acceptor_address; sequence application_data; }; // For use with SecurityReplaceable struct OpaqueBuffer { Opaque buffer; unsigned long startpos; unsigned long endpos; // startpos <= endpos // OpaqueBuffer is said to be empty if startpos == endpos }; // Association options which can be administered // on secure invocation policy and used to // initialize security context typedef unsigned short AssociationOptions; const AssociationOptions NoProtection = 1; const AssociationOptions Integrity = 2; const AssociationOptions Confidentiality = 4; const AssociationOptions DetectReplay = 8; const AssociationOptions DetectMisordering = 16; const AssociationOptions EstablishTrustInTarget = 32; const AssociationOptions EstablishTrustInClient = 64; const AssociationOptions NoDelegation = 128; const AssociationOptions SimpleDelegation = 256; const AssociationOptions CompositeDelegation = 512; // Flag to indicate whether association options being // administered are the "required" or "supported" set enum RequiresSupports { SecRequires, SecSupports }; // Direction of communication for which // secure invocation policy applies enum CommunicationDirection { SecDirectionBoth, SecDirectionRequest, SecDirectionReply }; // security association mechanism type typedef string MechanismType; typedef sequence MechanismTypeList; // AssociationOptions-Direction pair struct OptionsDirectionPair { AssociationOptions options; CommunicationDirection direction; }; typedef sequence OptionsDirectionPairList; // Delegation mode which can be administered enum DelegationMode { SecDelModeNoDelegation, // i.e. use own credentials SecDelModeSimpleDelegation, // delegate received credentials SecDelModeCompositeDelegation // delegate both; }; // Association options supported by a given mech type struct MechandOptions { MechanismType mechanism_type; AssociationOptions options_supported; }; typedef sequence MechandOptionsList; // Attribute of the SecurityLevel2::EstablishTrustPolicy struct EstablishTrust { boolean trust_in_client; boolean trust_in_target; }; // Audit typedef unsigned long AuditChannelId; typedef unsigned short EventType; const EventType AuditAll = 0; const EventType AuditPrincipalAuth = 1; const EventType AuditSessionAuth = 2; const EventType AuditAuthorization = 3; const EventType AuditInvocation = 4; const EventType AuditSecEnvChange = 5; const EventType AuditPolicyChange = 6; const EventType AuditObjectCreation = 7; const EventType AuditObjectDestruction =8; const EventType AuditNonRepudiation = 9; enum DayOfTheWeek { Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday}; enum AuditCombinator { SecAllSelectors, SecAnySelector }; struct AuditEventType { ExtensibleFamily event_family; EventType event_type; }; typedef sequence AuditEventTypeList; typedef unsigned long SelectorType; const SelectorType InterfaceName = 1; const SelectorType ObjectRef = 2; const SelectorType Operation = 3; const SelectorType Initiator = 4; const SelectorType SuccessFailure = 5; const SelectorType Time = 6; const SelectorType DayOfWeek = 7; // values defined for audit_needed and audit_write are: // InterfaceName: CORBA::RepositoryId // ObjectRef: object reference // Operation: op_name // Initiator: Credentials // SuccessFailure: boolean // Time: utc time on audit_write; time picked up from // environment in audit_needed if required // DayOfWeek: DayOfTheWeek struct SelectorValue { SelectorType selector; any value; }; typedef sequence SelectorValueList; // Constant declaration for valid Security Policy Types // General administrative policies const CORBA::PolicyType SecClientInvocationAccess = 1; const CORBA::PolicyType SecTargetInvocationAccess = 2; const CORBA::PolicyType SecApplicationAccess = 3; const CORBA::PolicyType SecClientInvocationAudit = 4; const CORBA::PolicyType SecTargetInvocationAudit = 5; const CORBA::PolicyType SecApplicationAudit = 6; const CORBA::PolicyType SecDelegation = 7; const CORBA::PolicyType SecClientSecureInvocation = 8; const CORBA::PolicyType SecTargetSecureInvocation = 9; const CORBA::PolicyType SecNonRepudiation = 10; // Policies used to control attributes of a binding to a target const CORBA::PolicyType SecMechanismsPolicy = 12; const CORBA::PolicyType SecInvocationCredentialsPolicy = 13; const CORBA::PolicyType SecFeaturePolicy = 14; // obsolete const CORBA::PolicyType SecQOPPolicy = 15; const CORBA::PolicyType SecDelegationDirectivePolicy = 38; const CORBA::PolicyType SecEstablishTrustPolicy = 39; }; #endif /* _SECURITY_IDL_ */