/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ //File: SecurityLevel2.idl //Part of the Security Service #ifndef _SECURITY_LEVEL_2_IDL_ #define _SECURITY_LEVEL_2_IDL_ #include //#pragma prefix "omg.org" module SecurityLevel2 { // Forward declaration of interfaces local interface PrincipalAuthenticator; local interface Credentials; local interface Current; // Interface PrincipalAuthenticator local interface PrincipalAuthenticator { Security::AuthenticationMethodList get_supported_authen_methods( in Security::MechanismType mechanism ); Security::AuthenticationStatus authenticate ( in Security::AuthenticationMethod method, in Security::MechanismType mechanism, in Security::SecurityName security_name, in any auth_data, in Security::AttributeList privileges, out Credentials creds, out any continuation_data, out any auth_specific_data ); Security::AuthenticationStatus continue_authentication ( in any response_data, in Credentials creds, out any continuation_data, out any auth_specific_data ); }; // Interface Credentials local interface Credentials { Credentials copy (); void destroy(); readonly attribute Security::InvocationCredentialsType credentials_type; readonly attribute Security::AuthenticationStatus authentication_state; readonly attribute Security::MechanismType mechanism; attribute Security::AssociationOptions accepting_options_supported; attribute Security::AssociationOptions accepting_options_required; attribute Security::AssociationOptions invocation_options_supported; attribute Security::AssociationOptions invocation_options_required; boolean get_security_feature( in Security::CommunicationDirection direction, in Security::SecurityFeature feature ); boolean set_attributes ( in Security::AttributeList requested_attributes, out Security::AttributeList actual_attributes ); Security::AttributeList get_attributes ( in Security::AttributeTypeList attributes ); boolean is_valid ( out Security::UtcT expiry_time ); boolean refresh( in any refresh_data ); }; typedef sequence CredentialsList; local interface ReceivedCredentials : Credentials { readonly attribute Credentials accepting_credentials; readonly attribute Security::AssociationOptions association_options_used; readonly attribute Security::DelegationState delegation_state; readonly attribute Security::DelegationMode delegation_mode; }; local interface TargetCredentials : Credentials { readonly attribute Credentials initiating_credentials; readonly attribute Security::AssociationOptions association_options_used; }; // RequiredRights Interface interface RequiredRights{ void get_required_rights( in Object obj, in CORBA::Identifier operation_name, in CORBA::RepositoryId interface_name, out Security::RightsList rights, out Security::RightsCombinator rights_combinator ); void set_required_rights( in CORBA::Identifier operation_name, in CORBA::RepositoryId interface_name, in Security::RightsList rights, in Security::RightsCombinator rights_combinator ); }; // interface audit channel local interface AuditChannel { void audit_write ( in Security::AuditEventType event_type, in CredentialsList creds, in Security::UtcT time, in Security::SelectorValueList descriptors, in any event_specific_data ); readonly attribute Security::AuditChannelId audit_channel_id; }; // interface for Audit Decision local interface AuditDecision { boolean audit_needed ( in Security:: AuditEventType event_type, in Security::SelectorValueList value_list ); readonly attribute AuditChannel audit_channel; }; local interface AccessDecision { boolean access_allowed ( in SecurityLevel2::CredentialsList cred_list, in Object target, in CORBA::Identifier operation_name, in CORBA::Identifier target_interface_name ); }; // Policy interfaces to control bindings local interface QOPPolicy : CORBA::Policy { readonly attribute Security::QOP qop; }; local interface MechanismPolicy : CORBA::Policy { readonly attribute Security::MechanismTypeList mechanisms; }; local interface InvocationCredentialsPolicy : CORBA::Policy { readonly attribute CredentialsList creds; }; local interface EstablishTrustPolicy : CORBA::Policy { readonly attribute Security::EstablishTrust trust; }; local interface DelegationDirectivePolicy : CORBA::Policy { readonly attribute Security::DelegationDirective delegation_directive; }; local interface SecurityManager { // Process/Capsule/ORB Instance specific operations readonly attribute Security::MechandOptionsList supported_mechanisms; readonly attribute CredentialsList own_credentials; readonly attribute RequiredRights required_rights_object; readonly attribute PrincipalAuthenticator principal_authenticator; readonly attribute AccessDecision access_decision; readonly attribute AuditDecision audit_decision; TargetCredentials get_target_credentials ( in Object obj_ref ); void remove_own_credentials( in Credentials creds ); CORBA::Policy get_security_policy ( in CORBA::PolicyType policy_type ); }; // Interface Current derived from SecurityLevel1::Current providing // additional operations on Current at this security level. // This is implemented by the ORB local interface Current : SecurityLevel1::Current { // Thread specific readonly attribute ReceivedCredentials received_credentials; }; }; #endif /* _SECURITY_LEVEL_2_IDL_ */