// -*- IDL -*-
//
// $Id$


#ifndef _SECURITY_LEVEL_2_IDL_
#define _SECURITY_LEVEL_2_IDL_

#include <orbsvcs/SecurityLevel1.idl>

#pragma prefix "omg.org"

module SecurityLevel2 {

# pragma version SecurityLevel2 1.8

  // Forward declaration of interfaces
  local interface PrincipalAuthenticator;
  local interface Credentials;
  local interface Current;

  // Interface PrincipalAuthenticator
  local interface PrincipalAuthenticator {
#   pragma version PrincipalAuthenticator 1.8

    Security::AuthenticationMethodList
    get_supported_authen_methods(
      in Security::MechanismType             mechanism
    );

    Security::AuthenticationStatus authenticate (
      in   Security::AuthenticationMethod    method,
      in   Security::MechanismType           mechanism,
      in   Security::SecurityName            security_name,
      in   any                               auth_data,
      in   Security::AttributeList           privileges,
      out  Credentials                       creds,
      out  any                               continuation_data,
      out  any                               auth_specific_data
    );

    Security::AuthenticationStatus continue_authentication (
      in   any                               response_data,
      in   Credentials                       creds,
      out  any                               continuation_data,
      out  any                               auth_specific_data
    );
  };


  // Interface Credentials
  local interface Credentials {
#   pragma version Credentials 1.8

    Credentials copy ();

    void destroy();

    readonly attribute Security::InvocationCredentialsType
      credentials_type;

    readonly attribute Security::AuthenticationStatus
      authentication_state;

    readonly attribute Security::MechanismType mechanism;

    attribute Security::AssociationOptions
      accepting_options_supported;

    attribute Security::AssociationOptions
      accepting_options_required;

    attribute Security::AssociationOptions
      invocation_options_supported;

    attribute Security::AssociationOptions
      invocation_options_required;

    boolean get_security_feature (
      in Security::CommunicationDirection direction,
      in Security::SecurityFeature feature
    );

    boolean set_attributes (
      in Security::AttributeList   requested_attributes,
      out Security::AttributeList  actual_attributes
    );

    Security::AttributeList get_attributes (
      in Security::AttributeTypeList attributes
    );

    boolean is_valid (out Security::UtcT expiry_time);

    boolean refresh (in any refresh_data);

  };

  typedef sequence <Credentials>  CredentialsList;

  local interface ReceivedCredentials : Credentials {

#   pragma version ReceivedCredentials 1.8

    readonly attribute Credentials accepting_credentials;

    readonly attribute Security::AssociationOptions
      association_options_used;

    readonly attribute Security::DelegationState delegation_state;

    readonly attribute Security::DelegationMode  delegation_mode;

  };

  local interface TargetCredentials : Credentials {

#   pragma version TargetCredentials 1.8

    readonly attribute Credentials    initiating_credentials;

    readonly attribute Security::AssociationOptions
      association_options_used;

  };

  // RequiredRights Interface
  interface RequiredRights {

    void get_required_rights(
      in   Object                             obj,
      in   CORBA::Identifier                  operation_name,
      in   CORBA::RepositoryId                interface_name,
      out  Security::RightsList               rights,
      out  Security::RightsCombinator         rights_combinator
    );

    void set_required_rights(
      in   CORBA::Identifier                  operation_name,
      in   CORBA::RepositoryId                interface_name,
      in   Security::RightsList               rights,
      in   Security::RightsCombinator         rights_combinator
    );
  };


  // interface audit channel
  local interface AuditChannel {

# pragma version AuditChannel 1.8

    void audit_write (
      in   Security::AuditEventType            event_type,
      in   CredentialsList                     creds,
      in   Security::UtcT                      time,
      in   Security::SelectorValueList         descriptors,
      in   any                                 event_specific_data
    );

    readonly attribute Security::AuditChannelId audit_channel_id;

  };


  // interface for Audit Decision
  local interface AuditDecision {

#   pragma version AuditDecision 1.8

    boolean audit_needed (
      in   Security::AuditEventType            event_type,
      in   Security::SelectorValueList         value_list
    );

    readonly attribute AuditChannel audit_channel;

  };


  local interface AccessDecision {

#   pragma version AccessDecision 1.8

    boolean access_allowed (
      in   SecurityLevel2::CredentialsList     cred_list,
      in   Object                              target,
      in   CORBA::Identifier                   operation_name,
      in   CORBA::Identifier                   target_interface_name
    );
  };


  // Policy interfaces to control bindings

  local interface QOPPolicy : CORBA::Policy {
#   pragma version QOPPolicy 1.8
    readonly attribute Security::QOP           qop;

  };

  local interface MechanismPolicy : CORBA::Policy {
#   pragma version MechanismPolicy 1.8
    readonly attribute Security::MechanismTypeList mechanisms;
  };

  local interface InvocationCredentialsPolicy : CORBA::Policy {
#   pragma version InvocationCredentialsPolicy 1.8
    readonly attribute CredentialsList creds;
  };

  local interface EstablishTrustPolicy : CORBA::Policy {
#   pragma version EstablishTrustPolicy 1.8
    readonly attribute Security::EstablishTrust trust;
  };

  local interface DelegationDirectivePolicy : CORBA::Policy {
#   pragma version DelegationDirectivePolicy 1.8
    readonly attribute Security::DelegationDirective delegation_directive;
  };

  local interface SecurityManager {

#   pragma version SecurityManager 1.8

    // Process/Capsule/ORB Instance specific operations

    readonly attribute Security::MechandOptionsList
      supported_mechanisms;

    readonly attribute CredentialsList own_credentials;

    readonly attribute RequiredRights
      required_rights_object;

    readonly attribute PrincipalAuthenticator
      principal_authenticator;

    readonly attribute AccessDecision
      access_decision;

    readonly attribute AuditDecision
      audit_decision;

    TargetCredentials get_target_credentials (
      in Object obj_ref
    );

    void remove_own_credentials(
      in Credentials creds
    );

    CORBA::Policy get_security_policy (
      in CORBA::PolicyType policy_type
    );
  };

  // Interface Current derived from SecurityLevel1::Current providing
  // additional operations on Current at this security level.
  // This is implemented by the ORB
  local interface Current : SecurityLevel1::Current {

#    pragma version Current 1.8

    // Thread specific

    readonly attribute ReceivedCredentials received_credentials;

  };

};

#pragma prefix ""

#endif /* _SECURITY_LEVEL_2_IDL_ */