1 files changed, 237 insertions, 0 deletions

diff --git a/TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl b/TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl
new file mode 100644
index 00000000000..c7beeefd060
--- /dev/null
+++ b/TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl
@@ -0,0 +1,237 @@
+// -*- IDL -*-
+//
+// $Id$
+
+#ifndef _SECURITY_REPLACEABLE_IDL_
+#define _SECURITY_REPLACEABLE_IDL_
+
+#include "orbsvcs/SecurityLevel2.idl"
+#include "tao/IOP.pidl"
+
+#pragma prefix "omg.org"
+
+module SecurityReplaceable {
+
+#   pragma version SecurityReplaceable 1.8
+
+  local interface SecurityContext;
+  local interface ClientSecurityContext;
+  local interface ServerSecurityContext;
+
+  local interface Vault {
+
+# pragma version Vault 1.8
+
+    Security::AuthenticationMethodList
+    get_supported_authen_methods(
+      in   Security::MechanismType             mechanism
+    );
+
+    readonly attribute Security::OIDList supported_mech_oids;
+
+    Security::AuthenticationStatus acquire_credentials (
+      in   Security::AuthenticationMethod      method,
+      in   Security::MechanismType             mechanism,
+      in   Security::SecurityName              security_name,
+      in   any                                 auth_data,
+      in   Security::AttributeList             privileges,
+      out  SecurityLevel2::Credentials         creds,
+      out  any                                 continuation_data,
+      out  any                                 auth_specific_data
+    );
+
+    Security::AuthenticationStatus continue_credentials_acquisition (
+      in   any                                 response_data,
+      in   SecurityLevel2::Credentials         creds,
+      out  any                                 continuation_data,
+      out  any                                 auth_specific_data
+    );
+
+    IOP::TaggedComponentList create_ior_components(
+      in   SecurityLevel2::Credentials         creds_list
+    );
+
+
+    Security::AssociationStatus init_security_context (
+      in   SecurityLevel2::Credentials        creds,
+      in   Security::SecurityName             target_security_name,
+      in   Object                             target,
+      in   Security::DelegationMode           delegation_mode,
+      in   Security::OptionsDirectionPairList association_options,
+      in   Security::MechanismType            mechanism,
+      in   Security::Opaque                   comp_data, //from IOR
+      in   Security::ChannelBindings          chan_binding,
+      out  Security::OpaqueBuffer             security_token,
+      out  ClientSecurityContext              security_context
+    );
+
+    Security::AssociationStatus accept_security_context (
+      in   SecurityLevel2::CredentialsList    creds_list,
+      in   Security::ChannelBindings          chan_bindings,
+      in   Security::Opaque                   in_token,
+      out  Security::Opaque                   out_token
+    );
+
+    Security::MechandOptionsList get_supported_mechs ();
+
+  };
+
+
+  local interface SecurityContext {
+
+#   pragma version SecurityContext 1.8
+
+    readonly attribute Security::SecurityContextType
+      context_type;
+
+    readonly attribute Security::SecurityContextState
+      context_state;
+
+    readonly attribute Security::MechanismType
+      mechanism;
+
+    readonly attribute Security::ChannelBindings chan_binding;
+
+    readonly attribute SecurityLevel2::ReceivedCredentials
+      received_credentials;
+
+    Security::AssociationStatus continue_security_context (
+      in   Security::OpaqueBuffer      in_token,
+      out  Security::OpaqueBuffer      out_token
+    );
+
+    void protect_message (
+      in   Security::OpaqueBuffer      message,
+      in   Security::QOP               qop,
+      out  Security::OpaqueBuffer      text_buffer,
+      out  Security::OpaqueBuffer      token
+    );
+
+    boolean reclaim_message (
+      in   Security::Opaque            text_buffer,
+      in   Security::Opaque            token,
+      out  Security::QOP               qop,
+      out  Security::Opaque            message
+    );
+
+    boolean is_valid (
+      out  Security::UtcT              expiry_time
+    );
+
+    boolean discard_security_context (
+      in   Security::Opaque            discard_data,
+      out  Security::OpaqueBuffer      out_token
+    );
+
+    boolean process_discard_token (
+      in   Security::OpaqueBuffer      discard_token
+    );
+
+  };
+
+  local interface ClientSecurityContext : SecurityContext {
+
+# pragma version ClientSecurityContext 1.8
+
+    readonly attribute Security::AssociationOptions
+      association_options_used;
+
+    readonly attribute Security::DelegationMode
+      delegation_mode;
+
+    readonly attribute Security::Opaque comp_data;
+
+    readonly attribute SecurityLevel2::Credentials
+      client_credentials;
+
+    readonly attribute Security::AssociationOptions
+      server_options_supported;
+
+    readonly attribute Security::AssociationOptions
+      server_options_required;
+
+    readonly attribute Security::Opaque server_security_name;
+
+  };
+
+  local interface ServerSecurityContext : SecurityContext {
+
+#   pragma version ServerSecurityContext 1.8
+
+    readonly attribute Security::AssociationOptions
+      association_options_used;
+
+    readonly attribute Security::DelegationMode
+      delegation_mode;
+
+    readonly attribute SecurityLevel2::Credentials
+      server_credentials;
+
+    readonly attribute Security::AssociationOptions
+      server_options_supported;
+
+    readonly attribute Security::AssociationOptions
+      server_options_required;
+
+    readonly attribute Security::Opaque server_security_name;
+
+  };
+
+  interface RequiredRights {
+
+    void get_required_rights(
+      in   CORBA::Identifier           operation_name,
+      in   CORBA::RepositoryId         interface_name,
+      out  Security::RightsList        rights,
+      out  Security::RightsCombinator  rights_combinator
+    );
+
+    void set_required_rights(
+      in   CORBA::Identifier           operation_name,
+      in   CORBA::RepositoryId         interface_name,
+      in   Security::RightsList        rights,
+      in   Security::RightsCombinator  rights_combinator
+    );
+
+  };
+
+  local interface AuditChannel {
+
+    void audit_write (
+      in   Security::AuditEventType        event_type,
+      in   SecurityLevel2::CredentialsList creds_list,
+      in   Security::UtcT                  time,
+      in   Security::SelectorValueList     descriptors,
+      in   Security::Opaque                event_specific_data
+    );
+
+    readonly attribute Security::AuditChannelId audit_channel_id;
+
+  };
+
+  local interface AuditDecision {
+
+    boolean audit_needed (
+      in   Security::AuditEventType        event_type,
+      in   Security::SelectorValueList     value_list
+    );
+
+    readonly attribute AuditChannel audit_channel;
+
+  };
+
+  local interface AccessDecision {
+
+    boolean access_allowed (
+      in   SecurityLevel2::CredentialsList cred_list,
+      in   CORBA::Identifier               operation_name,
+      in   CORBA::Identifier               target_interface_name
+      );
+
+  };
+
+};
+
+#pragma prefix ""
+
+#endif /* _SECURITY_REPLACEABLE_IDL_ */