1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
|
// -*- C++ -*-
// $Id$
//File: SecurityReplaceable.idl
//Part of the Security Service
#ifndef _SECURITY_REPLACEABLE_IDL_
#define _SECURITY_REPLACEABLE_IDL_
#include <SecurityLevel2.idl>
#include <tao/IOP.pidl>
#pragma prefix "omg.org"
module SecurityReplaceable {
//# pragma version SecurityReplacable 1.7
local interface SecurityContext;
local interface ClientSecurityContext;
local interface ServerSecurityContext;
local interface Vault { // Locality Constrained
//# pragma version Vault 1.7
Security::AuthenticationMethodList
get_supported_authen_methods(
in Security::MechanismType mechanism
);
readonly attribute Security::OIDList supported_mech_oids;
Security::AuthenticationStatus acquire_credentials(
in Security::AuthenticationMethod method,
in Security::MechanismType mechanism,
in Security::SecurityName security_name,
in any auth_data,
in Security::AttributeList privileges,
out SecurityLevel2::Credentials creds,
out any continuation_data,
out any auth_specific_data
);
Security::AuthenticationStatus continue_credentials_acquisition(
in any response_data,
in SecurityLevel2::Credentials creds,
out any continuation_data,
out any auth_specific_data
);
IOP::TaggedComponentList create_ior_components(
in SecurityLevel2::Credentials creds_list
);
Security::AssociationStatus init_security_context (
in SecurityLevel2::Credentials creds,
in Security::SecurityName target_security_name,
in Object target,
in Security::DelegationMode delegation_mode,
in Security::OptionsDirectionPairList association_options,
in Security::MechanismType mechanism,
in Security::Opaque comp_data, //from IOR
in Security::ChannelBindings chan_binding,
out Security::OpaqueBuffer security_token,
out ClientSecurityContext security_context
);
Security::AssociationStatus accept_security_context (
in SecurityLevel2::CredentialsList creds_list,
in Security::ChannelBindings chan_bindings,
in Security::Opaque in_token,
out Security::Opaque out_token
);
Security::MechandOptionsList get_supported_mechs ();
};
local interface SecurityContext { // Locality Constrained
//# pragma version SecurityContext 1.5
readonly attribute Security::SecurityContextType
context_type;
readonly attribute Security::SecurityContextState
context_state;
readonly attribute Security::MechanismType
mechanism;
readonly attribute boolean supports_refresh;
readonly attribute Security::ChannelBindings chan_binding;
readonly attribute SecurityLevel2::ReceivedCredentials
received_credentials;
Security::AssociationStatus continue_security_context (
in Security::OpaqueBuffer in_token,
out Security::OpaqueBuffer out_token
);
void protect_message (
in Security::OpaqueBuffer message,
in Security::QOP qop,
out Security::OpaqueBuffer text_buffer,
out Security::OpaqueBuffer token
);
boolean reclaim_message (
in Security::Opaque text_buffer,
in Security::Opaque token,
out Security::QOP qop,
out Security::Opaque message
);
boolean is_valid (
out Security::UtcT expiry_time
);
boolean refresh_security_context (
in any refresh_data,
out Security::OpaqueBuffer out_token
);
boolean process_refresh_token (
in Security::OpaqueBuffer refresh_token
);
boolean discard_security_context (
in Security::Opaque discard_data,
out Security::OpaqueBuffer out_token
);
boolean process_discard_token (
in Security::OpaqueBuffer discard_token
);
};
local interface ClientSecurityContext : SecurityContext {
// Locality Constrained
readonly attribute Security::AssociationOptions
association_options_used;
readonly attribute Security::DelegationMode
delegation_mode;
readonly attribute Security::Opaque comp_data;
readonly attribute SecurityLevel2::Credentials
client_credentials;
readonly attribute Security::AssociationOptions
server_options_supported;
readonly attribute Security::AssociationOptions
server_options_required;
readonly attribute Security::Opaque server_security_name;
};
local interface ServerSecurityContext : SecurityContext {
// Locality Constrained
readonly attribute Security::AssociationOptions
association_options_used;
readonly attribute Security::DelegationMode
delegation_mode;
readonly attribute SecurityLevel2::Credentials
server_credentials;
readonly attribute Security::AssociationOptions
server_options_supported;
readonly attribute Security::AssociationOptions
server_options_required;
readonly attribute Security::Opaque server_security_name;
};
interface RequiredRights {
void get_required_rights(
in CORBA::Identifier operation_name,
in CORBA::RepositoryId interface_name,
out Security::RightsList rights,
out Security::RightsCombinator rights_combinator
);
void set_required_rights(
in CORBA::Identifier operation_name,
in CORBA::RepositoryId interface_name,
in Security::RightsList rights,
in Security::RightsCombinator rights_combinator
);
};
interface AuditChannel { // Locality Constrained
void audit_write (
in Security::AuditEventType event_type,
in SecurityLevel2::CredentialsList creds_list,
in Security::UtcT time,
in Security::SelectorValueList descriptors,
in Security::Opaque event_specific_data
);
readonly attribute Security::AuditChannelId audit_channel_id;
};
interface AuditDecision { // Locality Constrained
boolean audit_needed (
in Security::AuditEventType event_type,
in Security::SelectorValueList value_list
);
readonly attribute AuditChannel audit_channel;
};
interface AccessDecision { // Locality Constrained
boolean access_allowed (
in SecurityLevel2::CredentialsList cred_list,
in CORBA::Identifier operation_name,
in CORBA::Identifier target_interface_name
);
};
};
#endif /* _SECURITY_REPLACEABLE_IDL_ */
|
