// -*- IDL -*- // // $Id$ #ifndef _SECURITY_REPLACEABLE_IDL_ #define _SECURITY_REPLACEABLE_IDL_ #include "orbsvcs/SecurityLevel2.idl" #include "tao/IOP.pidl" #pragma prefix "omg.org" module SecurityReplaceable { # pragma version SecurityReplaceable 1.8 local interface SecurityContext; local interface ClientSecurityContext; local interface ServerSecurityContext; local interface Vault { # pragma version Vault 1.8 Security::AuthenticationMethodList get_supported_authen_methods( in Security::MechanismType mechanism ); readonly attribute Security::OIDList supported_mech_oids; Security::AuthenticationStatus acquire_credentials ( in Security::AuthenticationMethod method, in Security::MechanismType mechanism, in Security::SecurityName security_name, in any auth_data, in Security::AttributeList privileges, out SecurityLevel2::Credentials creds, out any continuation_data, out any auth_specific_data ); Security::AuthenticationStatus continue_credentials_acquisition ( in any response_data, in SecurityLevel2::Credentials creds, out any continuation_data, out any auth_specific_data ); IOP::TaggedComponentList create_ior_components( in SecurityLevel2::Credentials creds_list ); Security::AssociationStatus init_security_context ( in SecurityLevel2::Credentials creds, in Security::SecurityName target_security_name, in Object target, in Security::DelegationMode delegation_mode, in Security::OptionsDirectionPairList association_options, in Security::MechanismType mechanism, in Security::Opaque comp_data, //from IOR in Security::ChannelBindings chan_binding, out Security::OpaqueBuffer security_token, out ClientSecurityContext security_context ); Security::AssociationStatus accept_security_context ( in SecurityLevel2::CredentialsList creds_list, in Security::ChannelBindings chan_bindings, in Security::Opaque in_token, out Security::Opaque out_token ); Security::MechandOptionsList get_supported_mechs (); }; local interface SecurityContext { # pragma version SecurityContext 1.8 readonly attribute Security::SecurityContextType context_type; readonly attribute Security::SecurityContextState context_state; readonly attribute Security::MechanismType mechanism; readonly attribute Security::ChannelBindings chan_binding; readonly attribute SecurityLevel2::ReceivedCredentials received_credentials; Security::AssociationStatus continue_security_context ( in Security::OpaqueBuffer in_token, out Security::OpaqueBuffer out_token ); void protect_message ( in Security::OpaqueBuffer message, in Security::QOP qop, out Security::OpaqueBuffer text_buffer, out Security::OpaqueBuffer token ); boolean reclaim_message ( in Security::Opaque text_buffer, in Security::Opaque token, out Security::QOP qop, out Security::Opaque message ); boolean is_valid ( out Security::UtcT expiry_time ); boolean discard_security_context ( in Security::Opaque discard_data, out Security::OpaqueBuffer out_token ); boolean process_discard_token ( in Security::OpaqueBuffer discard_token ); }; local interface ClientSecurityContext : SecurityContext { # pragma version ClientSecurityContext 1.8 readonly attribute Security::AssociationOptions association_options_used; readonly attribute Security::DelegationMode delegation_mode; readonly attribute Security::Opaque comp_data; readonly attribute SecurityLevel2::Credentials client_credentials; readonly attribute Security::AssociationOptions server_options_supported; readonly attribute Security::AssociationOptions server_options_required; readonly attribute Security::Opaque server_security_name; }; local interface ServerSecurityContext : SecurityContext { # pragma version ServerSecurityContext 1.8 readonly attribute Security::AssociationOptions association_options_used; readonly attribute Security::DelegationMode delegation_mode; readonly attribute SecurityLevel2::Credentials server_credentials; readonly attribute Security::AssociationOptions server_options_supported; readonly attribute Security::AssociationOptions server_options_required; readonly attribute Security::Opaque server_security_name; }; interface RequiredRights { void get_required_rights( in CORBA::Identifier operation_name, in CORBA::RepositoryId interface_name, out Security::RightsList rights, out Security::RightsCombinator rights_combinator ); void set_required_rights( in CORBA::Identifier operation_name, in CORBA::RepositoryId interface_name, in Security::RightsList rights, in Security::RightsCombinator rights_combinator ); }; local interface AuditChannel { void audit_write ( in Security::AuditEventType event_type, in SecurityLevel2::CredentialsList creds_list, in Security::UtcT time, in Security::SelectorValueList descriptors, in Security::Opaque event_specific_data ); readonly attribute Security::AuditChannelId audit_channel_id; }; local interface AuditDecision { boolean audit_needed ( in Security::AuditEventType event_type, in Security::SelectorValueList value_list ); readonly attribute AuditChannel audit_channel; }; local interface AccessDecision { boolean access_allowed ( in SecurityLevel2::CredentialsList cred_list, in CORBA::Identifier operation_name, in CORBA::Identifier target_interface_name ); }; }; #pragma prefix "" #endif /* _SECURITY_REPLACEABLE_IDL_ */