summaryrefslogtreecommitdiff
path: root/trunk/TAO/orbsvcs/orbsvcs/SL3CSI.idl
diff options
context:
space:
mode:
Diffstat (limited to 'trunk/TAO/orbsvcs/orbsvcs/SL3CSI.idl')
-rw-r--r--trunk/TAO/orbsvcs/orbsvcs/SL3CSI.idl353
1 files changed, 353 insertions, 0 deletions
diff --git a/trunk/TAO/orbsvcs/orbsvcs/SL3CSI.idl b/trunk/TAO/orbsvcs/orbsvcs/SL3CSI.idl
new file mode 100644
index 00000000000..3f6f3981d43
--- /dev/null
+++ b/trunk/TAO/orbsvcs/orbsvcs/SL3CSI.idl
@@ -0,0 +1,353 @@
+//tabstop=4
+//***********************************************************************
+// ORBAsec SL3
+// ----------------------------------------------------------------------
+// Copyright (C) 2001 Adiron, LLC.
+// All rights reserved.
+// ----------------------------------------------------------------------
+// $Id$
+//***********************************************************************
+#ifndef _SL3CSIArgs_IDL_
+#define _SL3CSIArgs_IDL_
+#include <SL3/SecurityLevel3.idl>
+#include <SL3/Trust.idl>
+#include <SL3/UserPassword.idl>
+#include <SL3/TransportSecurity.idl>
+#include <SL3/SL3AQArgs.idl>
+#include <SL3OMG/ATLAS.idl>
+#include <SL3/SL3Authorization.idl>
+#include <SL3/ATLASCache.idl>
+
+#pragma prefix "adiron.com"
+
+/**
+ * This module contains structures and a factory interface to
+ * create tagged argument lists that will be given to the
+ * args parameter of the SecurityLevel3::CredentialsCurator.
+ * <p>
+ * ORBAsec SL3 uses this kind of mechanism because it is the
+ * easiest way to represent optional arguments.
+ * <P>
+ * To alleviate the hassles of dealing with any's and creating
+ * them, there is a factory retrieved by ORB::resolve_initial_references
+ * using "SL3:ArgumentFactory". From this object one may create an
+ * acquisition argument builder. This approach takes most of the work
+ * out of forming the Credentials acquisition argument.
+ * The form of the arguments and their requiredness or optionality
+ * are defined by the specific acquisition mechanisms using them.
+ *
+ * The Credentials Acquired with these arguments handle the
+ * CORBA CSIv2 protocol.
+ */
+module SL3CSI {
+
+ /**
+ * There is currently only one acquisition method for
+ * CSI based Credentials.
+ */
+ const SecurityLevel3::AcquisitionMethod AQM_CSIArgs = "CSIArgs";
+
+ /**
+ * An object of this interface is created by the Argument Factory Object.
+ * It aids in creating the Credentials Acquisition Argument for
+ * CSI based Credentials.
+ */
+ local interface CSIArgBuilder : SL3AQArgs::GenericArgBuilder {
+
+ /**
+ * This operation explicitly disables caching of ATLAS tokens.
+ * This is used in the case where CSI credentials are needed
+ * in order to communicate with an external cache. If cacheing
+ * were enabled in this case, then there would be a cache for
+ * the cache, which gets recursively messy.
+ */
+ void addSetNoLocalCache();
+
+ /**
+ * This operation adds an already existing ATLASCache as an
+ * acquisition argument. This is used in the case where an
+ * externalized cache is to be used. If a cache is not
+ * explicitly added to the argument, then a new cache will
+ * be created by the Credentials Curator.
+ */
+ void addATLASCache(
+ in ATLASCache::AuthTokenCache cache
+ );
+
+ /**
+ * This operation places a user defined Password Generator
+ * in the acquisition argument.
+ */
+ void addUserPasswordCAGenerator(
+ in UserPassword::PasswordGenerator generator
+ );
+
+ /**
+ * This operation places a user defined Password Processor
+ * in the acquisition argument.
+ */
+ void addUserPasswordCAProcessor(
+ in UserPassword::PasswordProcessor processor
+ );
+
+ /**
+ * This operation causes the creation credentials that
+ * have a "quoted" principal. CSI Credentials of this
+ * type will assert the particular principal name to a server.
+ */
+ void addNamedQuotedPrincipal(
+ in SecurityLevel3::PrincipalName principal_name
+ );
+
+ /**
+ * This operation causes the creation credentials that
+ * have a "quoted" principal. CSI Credentials of this
+ * type will assert the particular identity to a server.
+ */
+ void addEncodedQuotedPrincipal(
+ in SecurityLevel3::IdentityStatement identity
+ );
+
+ /**
+ * This operation places a user defined Trust Decider in
+ * the acquisition argument.
+ */
+ void addLocalTrustInServerDecider(
+ in Trust::LocalTrustInServerDecider trust_decider
+ );
+
+ /**
+ * This operation causes CSI Credentials to be created
+ * over a particular transport as if you created the
+ * transport credentials using the
+ * TransportSecurity::CredentialsCurator and used the
+ * addUseTransportCredentials operation of this object.
+ */
+ void addTransportCredentialsAQArgs(
+ in TransportSecurity::MechanismId mechanism_id,
+ in TransportSecurity::AcquisitionMethod acquisition_method,
+ in any acquisition_arguments
+ );
+
+ /**
+ * This operation causes CSI Credentials to be created
+ * over a particular transport credentials that have
+ * already been created by using the
+ * TransportSecurity::CredentialsCurator.
+ */
+ void addUseTransportCredentials(
+ in TransportSecurity::OwnCredentials credentials
+ );
+
+ /**
+ * This operation adds an ATLAS to your CSI Credentials.
+ * ATLAS is the Authorization Token Layer Acquisition Service.
+ * Each ATLAS represents a specific Authorization context, and
+ * is used to give your clients the ability to "log" in, and
+ * present credentials (i.e. an Authorization Token) for which
+ * to work the requests. It also gives the ability for clients
+ * to cache the tokens, so performance will be better.
+ * <p>
+ * None of the arguments can be null.
+ * <p>
+ * The cache_id is the caching Id, according to the ATLAS
+ * specification which must be unique to this authorization
+ * context, amongst all other authorization contexts. If you
+ * do not have a cache id, then this argument should be an
+ * empty octet sequence.
+ * <P>
+ * The token_dispenser is the ATLAS AuthTokenDispenser interface.
+ * This cannot be a "local" object.
+ * <p>
+ * The supports_delegation_by_client and requires_delegation_by_client
+ * arguments tell the client the way in which it
+ * will use the ATLAS. This
+ * information gets put in the ATLAS Profile, which is put
+ * in the IOR of the objects associated with the credentials.
+ * <p>
+ * The token_processor is the "sister" to the ATLAS, as it
+ * understands the tokens that the ATLAS ships out to clients.
+ * It is specific to the Authorization context. It may be
+ * a local object, but also can make remote calls.
+ */
+ void addATLASObject(
+ in ATLAS::ATLASCacheId cache_id,
+ in ATLAS::AuthTokenDispenser token_dispenser,
+ in boolean supports_delegation_by_client,
+ in boolean requires_delegation_by_client,
+ in SL3Authorization::TokenProcessor token_processor
+ );
+
+ };
+
+ /**
+ * This interface is a factory for arguments that will
+ * be in use for ORBAsec credentials acquisition mechanisms.
+ * It is retrievable off the ORB at "SL3:ArgumentFactory"
+ */
+ local interface ArgumentFactory {
+
+ /**
+ * Creates a new CSI Argument Builder object with the specified
+ * Credentials usage.
+ */
+ CSIArgBuilder createCSIArgBuilder(
+ in SecurityLevel3::CredentialsUsage usage
+ );
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * an flag that will disable the creation of the default
+ * ATLASCache.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createSetNoLocalCache();
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * an ATLASCache implementation to use for caching ATLAS
+ * tokens.
+ * <p>
+ * For a description of the arguments, please see the
+ * corresponding operation in the CSIArgBuilder.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createATLASCache(
+ in ATLASCache::AuthTokenCache cache
+ );
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * the following information for acquiring CSI credentials.
+ * <p>
+ * For a description of the arguments, please see the
+ * corresponding operation in the CSIArgBuilder.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createUserPasswordCAGenerator(
+ in UserPassword::PasswordGenerator generator
+ );
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * the following information for acquiring CSI credentials.
+ * <p>
+ * For a description of the arguments, please see the
+ * corresponding operation in the CSIArgBuilder.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createUserPasswordCAProcessor(
+ in UserPassword::PasswordProcessor processor
+ );
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * the following information for acquiring CSI credentials.
+ * <p>
+ * For a description of the arguments, please see the
+ * corresponding operation in the CSIArgBuilder.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createKerberosCAGenerator(
+ );
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * the following information for acquiring CSI credentials.
+ * <p>
+ * For a description of the arguments, please see the
+ * corresponding operation in the CSIArgBuilder.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createKerberosCAProcessor(
+ );
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * the following information for acquiring CSI credentials.
+ * <p>
+ * For a description of the arguments, please see the
+ * corresponding operation in the CSIArgBuilder.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createNamedQuotedPrincipal(
+ in SecurityLevel3::PrincipalName prin_name
+ );
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * the following information for acquiring CSI credentials.
+ * <p>
+ * For a description of the arguments, please see the
+ * corresponding operation in the CSIArgBuilder.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createEncodedQuotedPrincipal(
+ in SecurityLevel3::IdentityStatement prin_name
+ );
+
+ /**
+ * This operation creates a Arg_TrustInServerDecider tagged
+ * argument.
+ */
+ SL3AQArgs::Argument createLocalTrustInServerDecider(
+ in Trust::LocalTrustInServerDecider trust_decider
+ );
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * the following information for acquiring CSI credentials.
+ * <p>
+ * For a description of the arguments, please see the
+ * corresponding operation in the CSIArgBuilder.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createTransportCredentialsAQArgs(
+ in TransportSecurity::MechanismId mechanism_id,
+ in TransportSecurity::AcquisitionMethod acquisition_method,
+ in any acquisition_arguments
+ );
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * the following information for acquiring CSI credentials.
+ * <p>
+ * For a description of the arguments, please see the
+ * corresponding operation in the CSIArgBuilder.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createUseTransportCredentials(
+ in TransportSecurity::OwnCredentials credentials
+ );
+
+ /**
+ * This operation creates a Tagged Argument containing
+ * the following information for acquiring CSI credentials.
+ * <p>
+ * For a description of the arguments, please see the
+ * corresponding operation in the CSIArgBuilder.
+ *
+ * @see CSIArgBuilder
+ */
+ SL3AQArgs::Argument createATLASObject(
+ in ATLAS::ATLASCacheId cache_id,
+ in ATLAS::AuthTokenDispenser token_dispenser,
+ in boolean supports_endorsement_by_client,
+ in boolean requires_endorsement_by_client,
+ in SL3Authorization::TokenProcessor token_processor
+ );
+
+ };
+
+};
+#endif
View Lorry Controller Status