diff options
| author | Ossama Othman <ossama-othman@users.noreply.github.com> | 2000-11-16 03:13:34 +0000 |
|---|---|---|
| committer | Ossama Othman <ossama-othman@users.noreply.github.com> | 2000-11-16 03:13:34 +0000 |
| commit | a4c04baea35f52d73649d628a6e66c2abf779a15 (patch) | |
| tree | 03c9ed6e1173a7e6fb06aa9cc482d41bc0c68ec7 | |
| parent | 6b6435e50948071159ca8dd69b80d9cdbf5e7dca (diff) | |
| download | ATCD-a4c04baea35f52d73649d628a6e66c2abf779a15.tar.gz | |
ChangeLogTag:Wed Nov 15 19:11:28 2000 Ossama Othman <ossama@uci.edu>
| -rw-r--r-- | TAO/ChangeLogs/ChangeLog-02a | 11 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/Security.idl | 28 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SecurityAdmin.idl | 11 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SecurityLevel1.idl | 20 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SecurityLevel2.idl | 360 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl | 334 |
6 files changed, 393 insertions, 371 deletions
diff --git a/TAO/ChangeLogs/ChangeLog-02a b/TAO/ChangeLogs/ChangeLog-02a index 93d85162ff5..00929db4079 100644 --- a/TAO/ChangeLogs/ChangeLog-02a +++ b/TAO/ChangeLogs/ChangeLog-02a @@ -1,3 +1,14 @@ +Wed Nov 15 19:11:28 2000 Ossama Othman <ossama@uci.edu> + + * orbsvcs/orbsvcs/Security.idl: + * orbsvcs/orbsvcs/SecurityAdmin.idl: + * orbsvcs/orbsvcs/SecurityLevel1.idl: + * orbsvcs/orbsvcs/SecurityLevel2.idl: + * orbsvcs/orbsvcs/SecurityReplaceabpe.idl: + + Updated against Security Service 1.8 final specification + (security/00-11-03). + Wed Nov 15 18:45:45 2000 Ossama Othman <ossama@uci.edu> * tao/ClientRequestInfo.cpp (target, operation): diff --git a/TAO/orbsvcs/orbsvcs/Security.idl b/TAO/orbsvcs/orbsvcs/Security.idl index 7c216fee76f..53649f1c397 100644 --- a/TAO/orbsvcs/orbsvcs/Security.idl +++ b/TAO/orbsvcs/orbsvcs/Security.idl @@ -1,15 +1,7 @@ // -*- IDL -*- +// // $Id$ -//File: Security.idl -//Part of the Security Service -// Note: if your IDL compiler does not yet support the -// CORBA 2.3 Feature "Escaped Identifiers" (which provides -// for the addition of new keywords to IDL, compile this -// module with the preprocessor definition -// "NO_ESCAPED_IDENTIFIERS". With many compilers this -// would be done a qualifier on the command line, -// something like -DNO_ESCAPED_IDENTIFIERS #ifndef _SECURITY_IDL_ #define _SECURITY_IDL_ @@ -21,10 +13,10 @@ module Security { -#pragma version Security 1.7 +#pragma version Security 1.8 typedef string SecurityName; - typedef sequence <octet> Opaque; + typedef sequence<octet> Opaque; // Constant declarations for Security Service Options const CORBA::ServiceOption SecurityLevel1 = 1; @@ -127,8 +119,7 @@ module Security { struct Right { ExtensibleFamily rights_family; - // string right; // @@ HACK! - string right_string; // @@ HACK! + string the_right; }; typedef sequence <Right> RightsList; @@ -191,6 +182,7 @@ module Security { enum SecurityContextState { SecContextInitialized, SecContextContinued, + SecContextClientEstablished, SecContextEstablished, SecContextEstablishExpired, SecContextExpired, @@ -198,9 +190,9 @@ module Security { }; struct ChannelBindings { - unsigned long initiator_addrtype; + unsigned long initiator_addrtype; sequence<octet> initiator_address; - unsigned long acceptor_addrtype; + unsigned long acceptor_addrtype; sequence<octet> acceptor_address; sequence<octet> application_data; }; @@ -261,7 +253,7 @@ module Security { enum DelegationMode { SecDelModeNoDelegation, // i.e. use own credentials SecDelModeSimpleDelegation, // delegate received credentials - SecDelModeCompositeDelegation // delegate both; + SecDelModeCompositeDelegation // delegate both }; // Association options supported by a given mech type @@ -311,7 +303,7 @@ module Security { typedef unsigned long SelectorType; - const SelectorType InterfaceRef = 1; + const SelectorType InterfaceName = 1; const SelectorType ObjectRef = 2; const SelectorType Operation = 3; const SelectorType Initiator = 4; @@ -320,7 +312,7 @@ module Security { const SelectorType DayOfWeek = 7; // values defined for audit_needed and audit_write are: - // InterfaceRef: object reference + // InterfaceName: CORBA::RepositoryId // ObjectRef: object reference // Operation: op_name // Initiator: Credentials diff --git a/TAO/orbsvcs/orbsvcs/SecurityAdmin.idl b/TAO/orbsvcs/orbsvcs/SecurityAdmin.idl index 8df8080f2df..f215aa6868b 100644 --- a/TAO/orbsvcs/orbsvcs/SecurityAdmin.idl +++ b/TAO/orbsvcs/orbsvcs/SecurityAdmin.idl @@ -1,8 +1,7 @@ // -*- C++ -*- +// // $Id$ -//File: SecurityAdmin.idl -//Part of the Security Service #ifdef _SECURITY_ADMIN_IDL_ #define _SECURITY_ADMIN_IDL_ @@ -90,14 +89,14 @@ module SecurityAdmin { in Security::AuditEventTypeList events, in Security::SelectorValueList selectors, in Security::AuditCombinator audit_combinator - ); + ); void get_audit_selectors ( in CORBA::RepositoryId object_type, in Security::AuditEventTypeList events, in Security::SelectorValueList selectors, in Security::AuditCombinator audit_combinator - ); + ); void set_audit_channel ( in Security::AuditChannelId audit_channel_id @@ -113,14 +112,14 @@ module SecurityAdmin { in CORBA::RepositoryId object_type, in Security::RequiresSupports requires_supports, in Security::CommunicationDirection direction, - in Security::AssociationOptions options + in Security::AssociationOptions options ); Security::AssociationOptions get_association_options( in CORBA::RepositoryID object_type, in Security::RequiresSupports requires_supports, in Security::CommunicationDirection direction - ); + ); }; // interface DelegationPolicy diff --git a/TAO/orbsvcs/orbsvcs/SecurityLevel1.idl b/TAO/orbsvcs/orbsvcs/SecurityLevel1.idl index ee798fd3e42..57eb07f76a8 100644 --- a/TAO/orbsvcs/orbsvcs/SecurityLevel1.idl +++ b/TAO/orbsvcs/orbsvcs/SecurityLevel1.idl @@ -1,8 +1,7 @@ // -*- IDL -*- +// // $Id$ -//File: SecurityLevel1.idl -//Part of the Security Service #ifndef _SECURITY_LEVEL_1_IDL_ #define _SECURITY_LEVEL_1_IDL_ @@ -13,17 +12,18 @@ module SecurityLevel1 { -# pragma version SecurityLevel1 1.5 +# pragma version SecurityLevel1 1.8 - local interface Current : CORBA::Current { // Locality Constrained + local interface Current : CORBA::Current { // Locality Constrained +# pragma version Current 1.8 + + // thread specific operations - // thread specific operations + Security::AttributeList get_attributes ( + in Security::AttributeTypeList attributes + ); - Security::AttributeList get_attributes ( - in Security::AttributeTypeList attributes - ); - - }; + }; }; #pragma prefix "" diff --git a/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl b/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl index 748ef407428..59fc4c8cdb2 100644 --- a/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl +++ b/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl @@ -1,8 +1,7 @@ // -*- IDL -*- +// // $Id$ -//File: SecurityLevel2.idl -//Part of the Security Service #ifndef _SECURITY_LEVEL_2_IDL_ #define _SECURITY_LEVEL_2_IDL_ @@ -15,242 +14,263 @@ module SecurityLevel2 { # pragma version SecurityLevel2 1.8 - // Forward declaration of interfaces - local interface PrincipalAuthenticator; - local interface Credentials; - local interface Current; + // Forward declaration of interfaces + local interface PrincipalAuthenticator; + local interface Credentials; + local interface Current; - // Interface PrincipalAuthenticator - local interface PrincipalAuthenticator { // Locality Constrained -# pragma version PrincipalAuthenticator 1.5 - Security::AuthenticationStatus authenticate ( - in Security::AuthenticationMethod method, - in Security::MechanismType mechanism, - in Security::SecurityName security_name, - in any auth_data, - in Security::AttributeList privileges, - out Credentials creds, - out any continuation_data, - out any auth_specific_data - ); + // Interface PrincipalAuthenticator + local interface PrincipalAuthenticator { +# pragma version PrincipalAuthenticator 1.8 - Security::AuthenticationStatus continue_authentication ( - in any response_data, - in Credentials creds, - out any continuation_data, - out any auth_specific_data - ); - }; + Security::AuthenticationMethodList + get_supported_authen_methods( + in Security::MechanismType mechanism + ); + Security::AuthenticationStatus authenticate ( + in Security::AuthenticationMethod method, + in Security::MechanismType mechanism, + in Security::SecurityName security_name, + in any auth_data, + in Security::AttributeList privileges, + out Credentials creds, + out any continuation_data, + out any auth_specific_data + ); - // Interface Credentials - local interface Credentials { // Locality Constrained + Security::AuthenticationStatus continue_authentication ( + in any response_data, + in Credentials creds, + out any continuation_data, + out any auth_specific_data + ); + }; -# pragma version Credentials 1.7 - Credentials copy (); + // Interface Credentials + local interface Credentials { +# pragma version Credentials 1.8 - void destroy(); + Credentials copy (); - readonly attribute Security::InvocationCredentialsType - credentials_type; + void destroy(); - readonly attribute Security::AuthenticationStatus - authentication_state; + readonly attribute Security::InvocationCredentialsType + credentials_type; - readonly attribute Security::MechanismType mechanism; + readonly attribute Security::AuthenticationStatus + authentication_state; - attribute Security::AssociationOptions - accepting_options_supported; + readonly attribute Security::MechanismType mechanism; - attribute Security::AssociationOptions - accepting_options_required; + attribute Security::AssociationOptions + accepting_options_supported; - attribute Security::AssociationOptions - invocation_options_supported; + attribute Security::AssociationOptions + accepting_options_required; - attribute Security::AssociationOptions - invocation_options_required; + attribute Security::AssociationOptions + invocation_options_supported; - boolean get_security_feature( - in Security::CommunicationDirection direction, - in Security::SecurityFeature feature - ); + attribute Security::AssociationOptions + invocation_options_required; + boolean get_security_feature( + in Security::CommunicationDirection direction, + in Security::SecurityFeature feature + ); - boolean set_attributes ( - in Security::AttributeList requested_attributes, - out Security::AttributeList actual_privilegesactual_attributes - ); - Security::AttributeList get_attributes ( - in Security::AttributeTypeList attributes - ); + boolean set_attributes ( + in Security::AttributeList requested_attributes, + out Security::AttributeList actual_privilegesactual_attributes + ); - boolean is_valid ( - out Security::UtcT expiry_time - ); + Security::AttributeList get_attributes ( + in Security::AttributeTypeList attributes + ); - boolean refresh ( - in any refresh_data - ); - }; + boolean is_valid ( + out Security::UtcT expiry_time + ); - typedef sequence <Credentials> CredentialsList; + boolean refresh ( + in any refresh_data + ); + }; - local interface ReceivedCredentials : Credentials { // Locality Constrained + typedef sequence <Credentials> CredentialsList; -# pragma version ReceivedCredentials 1.5 + local interface ReceivedCredentials : Credentials { - readonly attribute Credentials accepting_credentials; +# pragma version ReceivedCredentials 1.8 - readonly attribute Security::AssociationOptions - association_options_used; + readonly attribute Credentials accepting_credentials; - readonly attribute Security::DelegationState delegation_state; + readonly attribute Security::AssociationOptions + association_options_used; - readonly attribute Security::DelegationMode - delegation_mode; - }; + readonly attribute Security::DelegationState delegation_state; - local interface TargetCredentials : Credentials { // Locality Constrained - readonly attribute Credentials initiating_credentials; + readonly attribute Security::DelegationMode delegation_mode; - readonly attribute Security::AssociationOptions - association_options_used; - }; + }; - // RequiredRights Interface - interface RequiredRights{ + local interface TargetCredentials : Credentials { - void get_required_rights( - in Object obj, - in CORBA::Identifier operation_name, - in CORBA::RepositoryId interface_name, - out Security::RightsList rights, - out Security::RightsCombinator rights_combinator - ); +# pragma version TargetCredentials 1.8 - void set_required_rights( - in CORBA::Identifier operation_name, - in CORBA::RepositoryId interface_name, - in Security::RightsList rights, - in Security::RightsCombinator rights_combinator - ); - }; + readonly attribute Credentials initiating_credentials; + readonly attribute Security::AssociationOptions + association_options_used; - // interface audit channel - local interface AuditChannel { // Locality Constrained + }; + + // RequiredRights Interface + interface RequiredRights{ + + void get_required_rights( + in Object obj, + in CORBA::Identifier operation_name, + in CORBA::RepositoryId interface_name, + out Security::RightsList rights, + out Security::RightsCombinator rights_combinator + ); + + void set_required_rights( + in CORBA::Identifier operation_name, + in CORBA::RepositoryId interface_name, + in Security::RightsList rights, + in Security::RightsCombinator rights_combinator + ); + }; + + + // interface audit channel + local interface AuditChannel { # pragma version AuditChannel 1.8 - void audit_write ( - in Security::AuditEventType event_type, - in CredentialsList creds, - in Security::UtcT time, - in Security::SelectorValueList descriptors, - in any event_specific_data - ); + void audit_write ( + in Security::AuditEventType event_type, + in CredentialsList creds, + in Security::UtcT time, + in Security::SelectorValueList descriptors, + in any event_specific_data + ); + + readonly attribute Security::AuditChannelId audit_channel_id; + + }; + + + // interface for Audit Decision + local interface AuditDecision { + +# pragma version AuditDecision 1.8 + + boolean audit_needed ( + in Security::AuditEventType event_type, + in Security::SelectorValueList value_list + ); + + readonly attribute AuditChannel audit_channel; - readonly attribute Security::AuditChannelId audit_channel_id; - }; + }; - // interface for Audit Decision - local interface AuditDecision { // Locality Constrained + local interface AccessDecision { - boolean audit_needed ( - in Security::AuditEventType event_type, - in Security::SelectorValueList value_list - ); +# pragma version AccessDecision 1.8 - readonly attribute AuditChannel audit_channel; - }; + boolean access_allowed ( + in SecurityLevel2::CredentialsList cred_list, + in Object target, + in CORBA::Identifier operation_name, + in CORBA::Identifier target_interface_name + ); + }; - interface AccessDecision { // Locality Constrained + // Policy interfaces to control bindings - boolean access_allowed ( - in SecurityLevel2::CredentialsList cred_list, - in Object target, - in CORBA::Identifier operation_name, - in CORBA::Identifier target_interface_name - ); - }; + local interface QOPPolicy : CORBA::Policy { +# pragma version QOPPolicy 1.8 + readonly attribute Security::QOP qop; + }; - // Policy interfaces to control bindings + local interface MechanismPolicy : CORBA::Policy { +# pragma version MechanismPolicy 1.8 + readonly attribute Security::MechanismTypeList mechanisms; + }; - local interface QOPPolicy : CORBA::Policy { // Locality Constrained - readonly attribute Security::QOP qop; - }; + local interface InvocationCredentialsPolicy : CORBA::Policy { +# pragma version InvocationCredentialsPolicy 1.8 + readonly attribute CredentialsList creds; + }; - local interface MechanismPolicy : CORBA::Policy { // Locality Constrained - readonly attribute Security::MechanismTypeList mechanisms; - }; + local interface EstablishTrustPolicy : CORBA::Policy { +# pragma version EstablishTrustPolicy 1.8 + readonly attribute Security::EstablishTrust trust; + }; - local interface InvocationCredentialsPolicy : CORBA::Policy { - // Locality Constrained - readonly attribute CredentialsList creds; - }; + local interface DelegationDirectivePolicy : CORBA::Policy { +# pragma version DelegationDirectivePolicy 1.8 + readonly attribute Security::DelegationDirective delegation_directive; + }; - local interface EstablishTrustPolicy : CORBA::Policy { // Locality Constrained - readonly attribute Security::EstablishTrust trust; - }; + local interface SecurityManager { - local interface DelegationDirectivePolicy : CORBA::Policy { - // Locality Constrained - readonly attribute Security::DelegationDirective - delegation_directive; - }; +# pragma version SecurityManager 1.8 - local interface SecurityManager { + // Process/Capsule/ORB Instance specific operations - // Process/Capsule/ORB Instance specific operations + readonly attribute Security::MechandOptionsList + supported_mechanisms; - readonly attribute Security::MechandOptionsList - supported_mechanisms; + readonly attribute CredentialsList own_credentials; - readonly attribute CredentialsList own_credentials; + readonly attribute RequiredRights + required_rights_object; - readonly attribute RequiredRights - required_rights_object; + readonly attribute PrincipalAuthenticator + principal_authenticator; - readonly attribute PrincipalAuthenticator - principal_authenticator; + readonly attribute AccessDecision + access_decision; - readonly attribute AccessDecision - access_decision; + readonly attribute AuditDecision + audit_decision; - readonly attribute AuditDecision - audit_decision; + TargetCredentials get_target_credentials ( + in Object obj_ref + ); - TargetCredentials get_target_credentials ( - in Object obj_ref - ); + void remove_own_credentials( + in Credentials creds + ); - void remove_own_credentials( - in Credentials creds - ); + CORBA::Policy get_security_policy ( + in CORBA::PolicyType policy_type + ); + }; - CORBA::Policy get_security_policy ( - in CORBA::PolicyType policy_type - ); - }; + // Interface Current derived from SecurityLevel1::Current providing + // additional operations on Current at this security level. + // This is implemented by the ORB + local interface Current : SecurityLevel1::Current { - // Interface Current derived from SecurityLevel1::Current providing - // additional operations on Current at this security level. - // This is implemented by the ORB - local interface Current : SecurityLevel1::Current { // Locality Constrained +# pragma version Current 1.8 -# pragma version Current 1.7 + // Thread specific - // Thread specific + readonly attribute ReceivedCredentials received_credentials; - readonly attribute ReceivedCredentials received_credentials; + }; - }; }; #pragma prefix "" diff --git a/TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl b/TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl index 7f873772a69..72fc2267a86 100644 --- a/TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl +++ b/TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl @@ -1,9 +1,7 @@ // -*- IDL -*- +// // $Id$ -//File: SecurityReplaceable.idl -//Part of the Security Service - #ifndef _SECURITY_REPLACEABLE_IDL_ #define _SECURITY_REPLACEABLE_IDL_ @@ -14,221 +12,223 @@ module SecurityReplaceable { -# pragma version SecurityReplacable 1.7 +# pragma version SecurityReplacable 1.8 - local interface SecurityContext; - local interface ClientSecurityContext; - local interface ServerSecurityContext; + local interface SecurityContext; + local interface ClientSecurityContext; + local interface ServerSecurityContext; - local interface Vault { // Locality Constrained + local interface Vault { -# pragma version Vault 1.7 +# pragma version Vault 1.8 - Security::AuthenticationMethodList - get_supported_authen_methods( - in Security::MechanismType mechanism - ); - - readonly attribute Security::OIDList supported_mech_oids; + Security::AuthenticationMethodList + get_supported_authen_methods( + in Security::MechanismType mechanism + ); - Security::AuthenticationStatus acquire_credentials( - in Security::AuthenticationMethod method, - in Security::MechanismType mechanism, - in Security::SecurityName security_name, - in any auth_data, - in Security::AttributeList privileges, - out SecurityLevel2::Credentials creds, - out any continuation_data, - out any auth_specific_data - ); + readonly attribute Security::OIDList supported_mech_oids; - Security::AuthenticationStatus continue_credentials_acquisition( - in any response_data, - in SecurityLevel2::Credentials creds, - out any continuation_data, - out any auth_specific_data - ); + Security::AuthenticationStatus acquire_credentials ( + in Security::AuthenticationMethod method, + in Security::MechanismType mechanism, + in Security::SecurityName security_name, + in any auth_data, + in Security::AttributeList privileges, + out SecurityLevel2::Credentials creds, + out any continuation_data, + out any auth_specific_data + ); - IOP::TaggedComponentList create_ior_components( - in SecurityLevel2::Credentials creds_list - ); + Security::AuthenticationStatus continue_credentials_acquisition ( + in any response_data, + in SecurityLevel2::Credentials creds, + out any continuation_data, + out any auth_specific_data + ); + IOP::TaggedComponentList create_ior_components( + in SecurityLevel2::Credentials creds_list + ); - Security::AssociationStatus init_security_context ( - in SecurityLevel2::Credentials creds, - in Security::SecurityName target_security_name, - in Object target, - in Security::DelegationMode delegation_mode, - in Security::OptionsDirectionPairList association_options, - in Security::MechanismType mechanism, - in Security::Opaque comp_data, //from IOR - in Security::ChannelBindings chan_binding, - out Security::OpaqueBuffer security_token, - out ClientSecurityContext security_context - ); - Security::AssociationStatus accept_security_context ( - in SecurityLevel2::CredentialsList creds_list, - in Security::ChannelBindings chan_bindings, - in Security::Opaque in_token, - out Security::Opaque out_token - ); + Security::AssociationStatus init_security_context ( + in SecurityLevel2::Credentials creds, + in Security::SecurityName target_security_name, + in Object target, + in Security::DelegationMode delegation_mode, + in Security::OptionsDirectionPairList association_options, + in Security::MechanismType mechanism, + in Security::Opaque comp_data, //from IOR + in Security::ChannelBindings chan_binding, + out Security::OpaqueBuffer security_token, + out ClientSecurityContext security_context + ); - Security::MechandOptionsList get_supported_mechs (); - }; + Security::AssociationStatus accept_security_context ( + in SecurityLevel2::CredentialsList creds_list, + in Security::ChannelBindings chan_bindings, + in Security::Opaque in_token, + out Security::Opaque out_token + ); + Security::MechandOptionsList get_supported_mechs (); - local interface SecurityContext { // Locality Constrained + }; -# pragma version SecurityContext 1.5 - readonly attribute Security::SecurityContextType - context_type; + local interface SecurityContext { - readonly attribute Security::SecurityContextState - context_state; +# pragma version SecurityContext 1.8 - readonly attribute Security::MechanismType - mechanism; + readonly attribute Security::SecurityContextType + context_type; - readonly attribute boolean supports_refresh; + readonly attribute Security::SecurityContextState + context_state; - readonly attribute Security::ChannelBindings chan_binding; + readonly attribute Security::MechanismType + mechanism; - readonly attribute SecurityLevel2::ReceivedCredentials - received_credentials; + readonly attribute Security::ChannelBindings chan_binding; - Security::AssociationStatus continue_security_context ( - in Security::OpaqueBuffer in_token, - out Security::OpaqueBuffer out_token - ); + readonly attribute SecurityLevel2::ReceivedCredentials + received_credentials; - void protect_message ( - in Security::OpaqueBuffer message, - in Security::QOP qop, - out Security::OpaqueBuffer text_buffer, - out Security::OpaqueBuffer token - ); + Security::AssociationStatus continue_security_context ( + in Security::OpaqueBuffer in_token, + out Security::OpaqueBuffer out_token + ); - boolean reclaim_message ( - in Security::Opaque text_buffer, - in Security::Opaque token, - out Security::QOP qop, - out Security::Opaque message - ); + void protect_message ( + in Security::OpaqueBuffer message, + in Security::QOP qop, + out Security::OpaqueBuffer text_buffer, + out Security::OpaqueBuffer token + ); - boolean is_valid ( - out Security::UtcT expiry_time - ); + boolean reclaim_message ( + in Security::Opaque text_buffer, + in Security::Opaque token, + out Security::QOP qop, + out Security::Opaque message + ); - boolean refresh_security_context ( - in any refresh_data, - out Security::OpaqueBuffer out_token - ); + boolean is_valid ( + out Security::UtcT expiry_time + ); - boolean process_refresh_token ( - in Security::OpaqueBuffer refresh_token - ); + boolean discard_security_context ( + in Security::Opaque discard_data, + out Security::OpaqueBuffer out_token + ); - boolean discard_security_context ( - in Security::Opaque discard_data, - out Security::OpaqueBuffer out_token - ); + boolean process_discard_token ( + in Security::OpaqueBuffer discard_token + ); - boolean process_discard_token ( - in Security::OpaqueBuffer discard_token - ); + }; - }; + local interface ClientSecurityContext : SecurityContext { - local interface ClientSecurityContext : SecurityContext { - // Locality Constrained +# pragma version ClientSecurityContext 1.8 - readonly attribute Security::AssociationOptions - association_options_used; + readonly attribute Security::AssociationOptions + association_options_used; - readonly attribute Security::DelegationMode - delegation_mode; + readonly attribute Security::DelegationMode + delegation_mode; - readonly attribute Security::Opaque comp_data; + readonly attribute Security::Opaque comp_data; - readonly attribute SecurityLevel2::Credentials - client_credentials; + readonly attribute SecurityLevel2::Credentials + client_credentials; - readonly attribute Security::AssociationOptions - server_options_supported; + readonly attribute Security::AssociationOptions + server_options_supported; - readonly attribute Security::AssociationOptions - server_options_required; + readonly attribute Security::AssociationOptions + server_options_required; - readonly attribute Security::Opaque server_security_name; - }; + readonly attribute Security::Opaque server_security_name; - local interface ServerSecurityContext : SecurityContext { - // Locality Constrained + }; - readonly attribute Security::AssociationOptions - association_options_used; + local interface ServerSecurityContext : SecurityContext { - readonly attribute Security::DelegationMode - delegation_mode; +# pragma version ServerSecurityContext 1.8 - readonly attribute SecurityLevel2::Credentials - server_credentials; + readonly attribute Security::AssociationOptions + association_options_used; - readonly attribute Security::AssociationOptions - server_options_supported; + readonly attribute Security::DelegationMode + delegation_mode; - readonly attribute Security::AssociationOptions - server_options_required; + readonly attribute SecurityLevel2::Credentials + server_credentials; - readonly attribute Security::Opaque server_security_name; - }; + readonly attribute Security::AssociationOptions + server_options_supported; - interface RequiredRights { - void get_required_rights( - in CORBA::Identifier operation_name, - in CORBA::RepositoryId interface_name, - out Security::RightsList rights, - out Security::RightsCombinator rights_combinator - ); + readonly attribute Security::AssociationOptions + server_options_required; - void set_required_rights( - in CORBA::Identifier operation_name, - in CORBA::RepositoryId interface_name, - in Security::RightsList rights, - in Security::RightsCombinator rights_combinator - ); - }; - - interface AuditChannel { // Locality Constrained - void audit_write ( - in Security::AuditEventType event_type, - in SecurityLevel2::CredentialsList creds_list, - in Security::UtcT time, - in Security::SelectorValueList descriptors, - in Security::Opaque event_specific_data - ); + readonly attribute Security::Opaque server_security_name; - readonly attribute Security::AuditChannelId audit_channel_id; - }; + }; - interface AuditDecision { // Locality Constrained - boolean audit_needed ( - in Security::AuditEventType event_type, - in Security::SelectorValueList value_list - ); + interface RequiredRights { + + void get_required_rights( + in CORBA::Identifier operation_name, + in CORBA::RepositoryId interface_name, + out Security::RightsList rights, + out Security::RightsCombinator rights_combinator + ); + + void set_required_rights( + in CORBA::Identifier operation_name, + in CORBA::RepositoryId interface_name, + in Security::RightsList rights, + in Security::RightsCombinator rights_combinator + ); + + }; + + local interface AuditChannel { - readonly attribute AuditChannel audit_channel; - }; + void audit_write ( + in Security::AuditEventType event_type, + in SecurityLevel2::CredentialsList creds_list, + in Security::UtcT time, + in Security::SelectorValueList descriptors, + in Security::Opaque event_specific_data + ); - interface AccessDecision { // Locality Constrained - boolean access_allowed ( - in SecurityLevel2::CredentialsList cred_list, - in CORBA::Identifier operation_name, - in CORBA::Identifier target_interface_name + readonly attribute Security::AuditChannelId audit_channel_id; + + }; + + local interface AuditDecision { + + boolean audit_needed ( + in Security::AuditEventType event_type, + in Security::SelectorValueList value_list + ); + + readonly attribute AuditChannel audit_channel; + + }; + + local interface AccessDecision { + + boolean access_allowed ( + in SecurityLevel2::CredentialsList cred_list, + in CORBA::Identifier operation_name, + in CORBA::Identifier target_interface_name ); - }; + + }; }; |