#if !defined(_SECURITY_IDL) #define _SECURITY_IDL #pragma prefix "omg.org" #include #include module Security { typedef string SecurityName; typedef sequence Opaque; // Constant declarations for Security Service Options const CORBA::ServiceOption SecurityLevel1 = 1; const CORBA::ServiceOption SecurityLevel2 = 2; const CORBA::ServiceOption NonRepudiation = 3; const CORBA::ServiceOption SecurityORBServiceRaady = 4; const CORBA::ServiceOption SecurityServiceReady = 5; const CORBA::ServiceOption ReplaceORBServices = 6; const CORBA::ServiceOption ReplaceSecurityServices = 7; const CORBA::ServiceOption StandardSecureInteroperability = 8; const CORBA::ServiceOption DCESecureInteroperability = 9; // Service options for Common Secure Interoperability const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10; const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11; const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12; // Security mech types supported for secure association const CORBA::ServiceDetailType SecurityMechanismType = 1; // privilege types supported in standard access policy const CORBA::ServiceDetailType SecurityAttribute = 2; // extensible families for standard data types struct ExtensibleFamily { unsigned short family_definer; unsigned short family; }; // security association mechanism type typedef string MechanismType; struct SecurityMechandName { MechanismType mech_type; SecurityName security_name; }; typedef sequence MechanismTypeList; typedef sequence SecurityMechandNameList; // security attributes typedef unsigned long SecurityAttributeType; // other attributes; family = 0 const SecurityAttributeType AuditId = 1; const SecurityAttributeType AccountingId = 2; const SecurityAttributeType NonRepudiationId = 3; // privilege attributes; family = 1 const SecurityAttributeType Public = 1; const SecurityAttributeType AccessId = 2; const SecurityAttributeType PrimaryGroupId = 3; const SecurityAttributeType GroupId = 4; const SecurityAttributeType Role = 5; const SecurityAttributeType AttributeSet = 6; const SecurityAttributeType Clearance = 7; const SecurityAttributeType Capability = 8; struct AttributeType { ExtensibleFamily attribute_family; SecurityAttributeType attribute_type; }; typedef sequence AttributeTypeList; struct SecAttribute { AttributeType attribute_type; Opaque defining_authority; Opaque value; // the value of this attribute can be // interpreted only with knowledge of type }; typedef sequence AttributeList; // Authentication return status enum AuthenticationStatus { SecAuthSuccess, SecAuthFailure, SecAuthContinue, SecAuthExpired }; // Association return status enum AssociationStatus { SecAssocSuccess, SecAssocFailure, SecAssocContinue }; // Authentication method typedef unsigned long AuthenticationMethod; // Credential types which can be set as Current default enum CredentialType { SecInvocationCredentials, SecNRCredentials }; // Declarations related to Rights struct Right { ExtensibleFamily rights_family; string right; }; typedef sequence RightsList; enum RightsCombinator { SecAllRights, SecAnyRight }; // Delegation related enum DelegationState { SecInitiator, SecDelegate }; // pick up from TimeBase typedef TimeBase::UtcT UtcT; typedef TimeBase::IntervalT IntervalT; typedef TimeBase::TimeT TimeT; // Security features available on credentials. enum SecurityFeature { SecNoDelegation, SecSimpleDelegation, SecCompositeDelegation, SecNoProtection, SecIntegrity, SecConfidentiality, SecIntegrityAndConfidentiality, SecDetectReplay, SecDetectMisordering, SecEstablishTrustInTarget }; // Security feature-value struct SecurityFeatureValue { SecurityFeature feature; boolean value; }; typedef sequence SecurityFeatureValueList; // Quality of protection which can be specified // for an object reference and used to protect messages enum QOP { SecQOPNoProtection, SecQOPIntegrity, SecQOPConfidentiality, SecQOPIntegrityAndConfidentiality }; // Association options which can be administered // on secure invocation policy and used to // initialize security context typedef unsigned short AssociationOptions; const AssociationOptions NoProtection = 1; const AssociationOptions Integrity = 2; const AssociationOptions Confidentiality = 4; const AssociationOptions DetectReply = 8; const AssociationOptions DetectMisordering = 16; const AssociationOptions EstablishTrustInTarget = 32; const AssociationOptions EstablishTrustInClient = 64; // Flag to indicate whether association options being // administered are the "required" or "supported" set enum RequiresSupports { SecRequires, SecSupports }; // Direction of communication for which // secure invocation policy applies enum CommunicationDirection { SecDirectionBoth, SecDirectionRequest, SecDirectionReply }; // AssociationOptions-Direction pair struct OptionsDirectionPair { AssociationOptions options; CommunicationDirection direction; }; typedef sequence OptionsDirectionPairList; // Delegation mode which can be administered enum DelegationMode { SecDelModeNoDelegation, // i.e. use own credentials SecDelModeSimpleDelegation, // delegate received credentials SecDelModeCompositeDelegation // delegate both; }; // Association options supported by a given mech type struct MechandOptions { MechanismType mechanism_type; AssociationOptions options_supported; }; typedef sequence MechandOptionsList; // Audit typedef unsigned long AuditChannelId; typedef unsigned short EventType; const EventType AuditAll = 0; const EventType AuditPrincipalAuth = 1; const EventType AuditSessionAuth = 2; const EventType AuditAuthorization = 3; const EventType AuditInvocation = 4; const EventType AuditSecEnvChange = 5; const EventType AuditPolicyChange = 6; const EventType AuditObectjCreation = 7; const EventType AuditObjectDestruction = 8; const EventType AuditNonRepudiation = 9; struct AuditEventType { ExtensibleFamily event_family; EventType event_type; }; typedef sequence AuditEventTypeList; typedef unsigned long SelectorType; const SelectorType InterfaceRef = 1; const SelectorType ObjectRef = 2; const SelectorType Operation = 3; const SelectorType Initiator = 4; const SelectorType SuccessFailure = 5; const SelectorType Time = 6; // values defined for audit_needed and audit_write are: // InterfaceRef: object reference // ObjectRef: object reference // Operation: op_name // Initiator: Credentials // SuccessFailure: boolean // Time: utc time on audit_write; time picked up from // environment in audit_needed if required struct SelectorValue { SelectorType selector; any value; }; typedef sequence SelectorValueList; // Constant declaration for valid Security Policy Types // General administrative policies const CORBA::PolicyType SecClientInvocationAccess = 1; const CORBA::PolicyType SecTargetInvocationAccess = 2; const CORBA::PolicyType SecApplicationAccess = 3; const CORBA::PolicyType SecClientInvocationAudit = 4; const CORBA::PolicyType SecTargetInvocationAudit = 5; const CORBA::PolicyType SecApplicationAudit = 6; const CORBA::PolicyType SecDelegation = 7; const CORBA::PolicyType SecClientSecureInvocation = 8; const CORBA::PolicyType SecTargetSecureInvocation = 9; const CORBA::PolicyType SecNonRepudiation = 10; // Policies used to control attributes of a binding to a target const CORBA::PolicyType SecQOPPolicy = 11; const CORBA::PolicyType SecMechanismsPolicy = 12; const CORBA::PolicyType SecCredentialsPolicy = 13; const CORBA::PolicyType SecFeaturesPolicy = 14; }; #endif /* _SECURITY_IDL */