summaryrefslogtreecommitdiffstats
path: root/Schemas/CIM236/DMTF/User
diff options
context:
space:
mode:
Diffstat (limited to 'Schemas/CIM236/DMTF/User')
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AccessControlInformation.mof112
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_Account.mof302
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AccountIdentity.mof25
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AccountManagementCapabilities.mof104
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AccountManagementService.mof152
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AccountMapsToAccount.mof27
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AccountOnSystem.mof23
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AccountSettingData.mof72
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AssignedIdentity.mof20
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AssociatedPrivilege.mof255
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthenticateForUse.mof26
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthenticationRequirement.mof71
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthenticationService.mof16
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthenticationTarget.mof32
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthorizationService.mof11
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthorizationSubject.mof28
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthorizationTarget.mof30
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthorizedPrivilege.mof19
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthorizedSubject.mof28
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthorizedTarget.mof20
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_AuthorizedUse.mof24
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CAHasPublicCertificate.mof21
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CASignsPublicKeyCertificate.mof41
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CertificateAuthority.mof62
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CertificateManagementCapabilities.mof87
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CertificateManagementService.mof607
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CollectionInOrganization.mof21
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CollectionInSystem.mof21
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_Credential.mof48
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CredentialContext.mof59
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CredentialManagementCapabilities.mof72
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CredentialManagementSAP.mof13
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CredentialManagementService.mof10
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_CredentialStore.mof58
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_ElementAsUser.mof37
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_ElementSecuritySensitivity.mof19
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_GatewayPathID.mof39
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_Group.mof52
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_HostedACI.mof29
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_HostedAuthenticationRequirement.mof27
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_IKESecretIsNamed.mof25
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_IPNetworkIdentity.mof48
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_Identity.mof87
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_IdentityContext.mof21
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_IdentityManagementService.mof10
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_KDCIssuesKerberosTicket.mof24
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_KerberosCredential.mof69
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_KerberosKeyDistributionCenter.mof18
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_KerberosTicket.mof67
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_KeyBasedCredentialManagementService.mof142
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_Keystore.mof33
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_LocalCredentialManagementService.mof11
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_LocallyManagedPublicKey.mof26
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_ManagedCredential.mof22
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_ManagesAccount.mof18
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_ManagesAccountOnSystem.mof23
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_MemberPrincipal.mof49
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_MoreGroupInfo.mof21
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_MoreOrgUnitInfo.mof21
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_MoreOrganizationInfo.mof21
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_MorePersonInfo.mof21
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_MoreRoleInfo.mof21
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_NamedCredential.mof88
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_NamedSharedIKESecret.mof91
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_Notary.mof45
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_NotaryVerifiesBiometric.mof30
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_OpaqueManagementDataOwner.mof30
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_OrgStructure.mof23
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_OrgUnit.mof77
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_Organization.mof80
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_OrganizationalEntity.mof10
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_OtherGroupInformation.mof83
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_OtherOrgUnitInformation.mof165
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_OtherOrganizationInformation.mof202
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_OtherPersonInformation.mof405
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_OtherRoleInformation.mof162
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_Person.mof106
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_Privilege.mof174
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementCapabilities.mof84
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementService.mof290
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_PublicKeyCertificate.mof51
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_PublicKeyManagementService.mof11
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_PublicPrivateKeyPair.mof56
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_RequireCredentialsFrom.mof33
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_Role.mof87
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_RoleBasedAuthorizationService.mof179
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_RoleBasedManagementCapabilities.mof28
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_RoleLimitedToTarget.mof22
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SecuritySensitivity.mof108
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SecurityService.mof8
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SecurityServiceForSystem.mof27
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SecurityServiceUsesAccount.mof18
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_ServiceUsesSecurityService.mof21
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SharedCredential.mof67
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SharedSecret.mof68
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SharedSecretIsShared.mof23
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SharedSecretService.mof26
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SignedCredential.mof78
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_StorageClientSettingData.mof64
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_StorageHardwareID.mof31
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_StorageHardwareIDManagementService.mof196
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SystemAdministrator.mof20
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SystemAdministratorGroup.mof19
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_SystemAdministratorRole.mof18
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_TrustHierarchy.mof22
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_UnsignedCredential.mof70
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_UnsignedPublicKey.mof67
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_UserContact.mof83
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_UserEntity.mof10
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_UsersAccess.mof62
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_UsersAccount.mof26
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_UsersCredential.mof28
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_VerificationService.mof12
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_X509CRL.mof61
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_X509Certificate.mof163
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_X509Infrastructure.mof86
116 files changed, 7612 insertions, 0 deletions
diff --git a/Schemas/CIM236/DMTF/User/CIM_AccessControlInformation.mof b/Schemas/CIM236/DMTF/User/CIM_AccessControlInformation.mof
new file mode 100644
index 0000000..157163a
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AccessControlInformation.mof
@@ -0,0 +1,112 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Deprecated { "CIM_AuthorizedPrivilege", "CIM_SecuritySensitivity" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::AccessControl" ),
+ Description (
+ "CIM_AccessControlInformation provides, through its properties "
+ "and its associations, the specification of the access rights "
+ "granted to a set of subject users to a set of target "
+ "resources. The AccessControlInformation class is weak to the "
+ "system (e.g., Computer System or Administrative Domain) for "
+ "which the access controls apply. \n"
+ "\n"
+ "This class is deprecated in lieu of two others: "
+ "AuthorizedPrivilege (defining specific access details) and "
+ "SecuritySensitivity (defining individual security levels). The "
+ "reasons for this are: 1. More specific access details are "
+ "defined in Privilege (the superclass of AuthorizedPrivilege); "
+ "and, 2. SecuritySensitivity allows security levels to be "
+ "applied to other elements than access control information." )]
+class CIM_AccessControlInformation : CIM_LogicalElement {
+
+ [Deprecated { "No value" },
+ Key, Description ( "Hosting system creation class name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_System.CreationClassName" )]
+ string SystemCreationClassName;
+
+ [Deprecated { "No value" },
+ Key, Description ( "Hosting system name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_System.Name" )]
+ string SystemName;
+
+ [Deprecated { "No value" },
+ Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Deprecated { "CIM_AuthorizedPrivilege.InstanceID" },
+ Key, Override ( "Name" ),
+ Description (
+ "The Name property defines the unique label, in the "
+ "context of the hosting system, by which the "
+ "AccessControlInformation is known." ),
+ MaxLen ( 256 )]
+ string Name;
+
+ [Deprecated { "CIM_SecuritySensitivity.SecurityLevel" },
+ Description (
+ "The SecurityClassification property specifies a named "
+ "level of security associated with the "
+ "AccessControlInformation, e.g., \'Confidential\', \'Top "
+ "Secret\', etc." )]
+ string SecurityClassification;
+
+ [Deprecated { "CIM_AuthorizedPrivilege.Activities" },
+ Description (
+ "The AccessType property is an array of string values "
+ "that specifies the type of access for which the "
+ "corresponding permission applies. For example, it can be "
+ "used to specify a generic access such as \'Read-only\', "
+ "\'Read/Write\', etc. for file or record access control "
+ "or it can be used to specifiy an entry point name for "
+ "service access control." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AccessControlInformation.AccessQualifier",
+ "CIM_AccessControlInformation.Permission" }]
+ string AccessType[];
+
+ [Deprecated { "CIM_AuthorizedPrivilege.ActivityQualifiers" },
+ Description (
+ "The AccessQualifier property is an array of string "
+ "values may be used to further qualify the type of access "
+ "for which the corresponding permission applies. For "
+ "example, it may be used to specify a set of parameters "
+ "that are permitted or denied in conjunction with the "
+ "corresponding AccessType entry point name." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AccessControlInformation.AccessType",
+ "CIM_AccessControlInformation.Permission" }]
+ string AccessQualifier[];
+
+ [Deprecated { "CIM_AuthorizedPrivilege" },
+ Description (
+ "The Permission property is an array of string values "
+ "indicating the permission that applies to the "
+ "corresponding AccessType and AccessQualifier array "
+ "values. The values may be extended in subclasses to "
+ "provide more specific access controls. \n"
+ "\n"
+ "This property is deprecated in lieu of the general "
+ "AuthorizedPrivilege class. This is because the "
+ "Permissions, \'Access\' and \'Deny\', are addressed by "
+ "the PrivilegeGranted property, while \'Manage\' maps to "
+ "specific activities with their corresponding qualifiers "
+ "and formats." ),
+ ValueMap { "Unknown", "Allow", "Deny", "Manage" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AccessControlInformation.AccessType",
+ "CIM_AccessControlInformation.AccessQualifier" }]
+ string Permission[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_Account.mof b/Schemas/CIM236/DMTF/User/CIM_Account.mof
new file mode 100644
index 0000000..c69dfcf
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_Account.mof
@@ -0,0 +1,302 @@
+// Copyright (c) 2012 DMTF. All rights reserved.
+ [Version ( "2.35.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "CIM_Account is the information held by a SecurityService to "
+ "track identity and privileges managed by that service. Common "
+ "examples of an Account are the entries in a UNIX /etc/passwd "
+ "file. Several kinds of security services use various "
+ "information from those entries - the /bin/login program uses "
+ "the account name (\'root\') and hashed password to "
+ "authenticate users, and the file service, for instance, uses "
+ "the UserID field (\'0\') and GroupID field (\'0\') to record "
+ "ownership and determine access control privileges on files in "
+ "the file system. This class is defined so as to incorporate "
+ "commonly-used LDAP attributes to permit implementations to "
+ "easily derive this information from LDAP-accessible "
+ "directories. \n"
+ "\n"
+ "The semantics of Account overlap with that of the class, "
+ "CIM_Identity. However, aspects of Account - such as its "
+ "specific tie to a System - are valuable and have been widely "
+ "implemented. For this reason, the Account and Identity classes "
+ "are associated using a subclass of LogicalIdentity "
+ "(AccountIdentity), instead of deprecating the Account class in "
+ "the CIM Schema. When an Account has been authenticated, the "
+ "corresponding Identity\'s TrustEstablished Boolean would be "
+ "set to TRUE. Then, the Identity class can be used as defined "
+ "for authorization purposes." )]
+class CIM_Account : CIM_EnabledLogicalElement {
+
+ [Key, Description ( "The scoping System\'s CCN." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_System.CreationClassName" )]
+ string SystemCreationClassName;
+
+ [Key, Description ( "The scoping System\'s Name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_System.Name" )]
+ string SystemName;
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Override ( "Name" ),
+ Description (
+ "The Name property defines the label by which the object "
+ "is known. The value of this property may be set to be "
+ "the same as that of the UserID property or, in the case "
+ "of an LDAP-derived instance, the Name property value may "
+ "be set to the distinguishedName of the LDAP-accessed "
+ "object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "UserID is the value used by the SecurityService to "
+ "represent identity. For an authentication service, the "
+ "UserID may be the name of the user, or for an "
+ "authorization service the value which serves as a handle "
+ "to a mapping of the identity." ),
+ MaxLen ( 256 )]
+ string UserID;
+
+ [Description (
+ "In the case of an LDAP-derived instance, the ObjectClass "
+ "property value(s) may be set to the objectClass "
+ "attribute values." )]
+ string ObjectClass[];
+
+ [Description (
+ "The Descriptions property values may contain "
+ "human-readable descriptions of the object. In the case "
+ "of an LDAP-derived instance, the description attribute "
+ "may have multiple values that, therefore, cannot be "
+ "placed in the inherited Description property." ),
+ MaxLen ( 1024 )]
+ string Descriptions[];
+
+ [Description (
+ "Based on RFC1274, the host name of the system(s) for "
+ "which the account applies. The host name may be a "
+ "fully-qualified DNS name or it may be an unqualified "
+ "host name." )]
+ string Host[];
+
+ [Description (
+ "This property contains the name of a locality, such as a "
+ "city, county or other geographic region." )]
+ string LocalityName[];
+
+ [Required, Description (
+ "The name of the organization related to the account." )]
+ string OrganizationName[];
+
+ [Description (
+ "The name of an organizational unit related to the account."
+ )]
+ string OU[];
+
+ [Description (
+ "In the case of an LDAP-derived instance, the SeeAlso "
+ "property specifies distinguished name of other Directory "
+ "objects which may be other aspects (in some sense) of "
+ "the same real world object." )]
+ string SeeAlso[];
+
+ [Description (
+ "Based on inetOrgPerson and for directory compatibility, "
+ "the UserCertificate property may be used to specify a "
+ "public key certificate for the person." ),
+ OctetString]
+ string UserCertificate[];
+
+ [Description (
+ "In the case of an LDAP-derived instance, the "
+ "UserPassword property may contain an encrypted password "
+ "used to access the person\'s resources in a directory." ),
+ OctetString]
+ string UserPassword[];
+
+ [Description (
+ "The encryption algorithm (if any) used by the client to "
+ "produce the value in the UserPassword property when "
+ "creating or modifying an instance of CIM_Account. The "
+ "original password is encrypted using the algorithm "
+ "specified in this property, and UserPassword contains "
+ "the resulting encrypted value. In response to an "
+ "operation request that would return the value of the "
+ "UserPassword property to a client, an implementation "
+ "shall instead return an array of length zero.\n"
+ "The value of UserPasswordEncryptionAlgorithm in an "
+ "instance of CIM_Account shall be 0 (\"None\") unless the "
+ "SupportedUserPasswordEncryptionAlgorithms[] property in "
+ "the CIM_AccountManagementCapabilities instance "
+ "associated with the CIM_AccountManagementService "
+ "instance associated with the CIM_Account instance "
+ "contains a non-null entry other than 0 (\"None\").\n"
+ "This property does not prevent the use of encryption at "
+ "the transport, network, or data-link layer to protect "
+ "communications between a management client and the "
+ "server, nor is it meant to encourage communications "
+ "without such encryption.\n"
+ "The supported values for this property are:\n"
+ "- 0 (\"None\"): Indicates that the contents of "
+ "UserPassword are not encrypted.\n"
+ "- 1 (\"Other\"): Indicates that the contents of "
+ "UserPassword are encrypted using an algorithm not "
+ "specifically identified in the value map for this "
+ "property, and that this algorithm is described in OtherUserPasswordEncryptionAlgorithm.\n"
+ "- 2 (\"HTTP Digest MD5(A1)\"): The MD5 hash algorithm, "
+ "applied to the string A1 defined in RFC2617 as the "
+ "concatenation username-value \":\" realm-value \":\" "
+ "passwd, where username-value is provided by the client "
+ "as the value of the UserID property. passwd is the "
+ "underlying user password. realm-value is the HTTP digest "
+ "realm value, and is provided by the server. The "
+ "semantics of the HTTP digest realm are specified in RFC "
+ "2617. The server may surface the realm-value in the "
+ "UserPasswordEncryptionSalt property of "
+ "CIM_AccountManagementCapabilities." ),
+ ValueMap { "0", "1", "2", ".." },
+ Values { "None", "Other", "HTTP Digest MD5(A1)",
+ "DMTF Reserved" },
+ ModelCorrespondence { "CIM_Account.UserPassword",
+ "CIM_Account.OtherUserPasswordEncryptionAlgorithm",
+ "CIM_AccountManagementCapabilities.SupportedUserPasswordEncryptionAlgorithms",
+ "CIM_AccountManagementCapabilities.UserPasswordEncryptionSalt" }]
+ uint16 UserPasswordEncryptionAlgorithm;
+
+ [Description (
+ "If the UserPasswordEncryptionAlgorithm property is set "
+ "to 1 (\"Other\") this property contains a free form "
+ "string that provides more information about the "
+ "encryption algorithm. If UserPasswordEncryptionAlgorithm "
+ "is not set to 1 (\"Other\") this property has no "
+ "meaning." ),
+ ModelCorrespondence {
+ "CIM_Account.UserPasswordEncryptionAlgorithm" }]
+ string OtherUserPasswordEncryptionAlgorithm;
+
+ [Description (
+ "ComplexPasswordRulesEnforced indicates the rules for "
+ "constructing a complex password enforced by the Account.\n"
+ "Minimum Length a minimum length is enforced for "
+ "passwords for the account.\n"
+ "Preclude User ID inclusion precluding the password from "
+ "including the user ID is supported. \n"
+ "Maximum Repeating Characters a limit will be enforced on "
+ "the number of times a character can occur consecutively. \n"
+ "Lower Case Alpha at least one lower case alpha character "
+ "is required. \n"
+ "Upper Case Alpha at least one upper case alpha character "
+ "is required. \n"
+ "Numeric Character at least one numeric character is "
+ "required. \n"
+ "Special Character at least one special character is "
+ "required." ),
+ ValueMap { "2", "3", "4", "5", "6", "7", "8", "..",
+ "0x8000..0xFFFF" },
+ Values { "Minimum Length", "Preclude User ID Inclusion",
+ "Maximum Repeating Characters", "Lower Case Alpha",
+ "Upper Case Alpha", "Numeric Character",
+ "Special Character", "DMTF Reserved", "Vendor Reserved" }]
+ uint16 ComplexPasswordRulesEnforced[];
+
+ [Description (
+ "InactivityTimeout specifies the interval after which if "
+ "an account has been inactive, it shall be Disabled. The "
+ "value may be expressed in interval format, as an "
+ "absolute date-time, or be NULL.\n"
+ "An absolute date-time shall indicate when the password "
+ "will be disabled due to inactivity.\n"
+ "An interval value shall indicate the time remaining "
+ "before the password is disabled due to inactivity.\n"
+ "A value of NULL shall indicate that the Account will not "
+ "be disabled due to inactivity." )]
+ datetime InactivityTimeout;
+
+ [Description (
+ "LastLogin shall be an absolute date-time that specifies "
+ "the last successful authentication that occurred for "
+ "this Account.A value of 99990101000000.000000+000 shall "
+ "indicate the Account has never been used. A value of "
+ "NULL shall indicate the last successful login is "
+ "unknown." )]
+ datetime LastLogin;
+
+ [Description (
+ "MaximumSuccessiveLoginFailures indicates the number of "
+ "successive failed login attempts that shall result in "
+ "the Account being disabled. A value of zero shall "
+ "indicate that the Account will not be disabled due to "
+ "successive failed login attempts." )]
+ uint16 MaximumSuccessiveLoginFailures;
+
+ [Description (
+ "PasswordExpiration indicates the maximum password age "
+ "enforced for the Account. The value may be expressed as "
+ "an absolute date-time as an interval, or may be NULL.\n"
+ "An absolute date-time shall indicate the date and time "
+ "when the password will expire.\n"
+ "An interval value shall indicate the time remaining "
+ "until the password expires.\n"
+ "A value of NULL shall indicate the password never "
+ "expires." )]
+ datetime PasswordExpiration;
+
+ [Description (
+ "PasswordHistoryDepth indicates the number of previous "
+ "passwords that shall be maintained for the Account. The "
+ "Account shall preclude the selection of a password if it "
+ "occurs in the password history. A value of zero shall "
+ "indicate that a password history is not maintained." )]
+ uint16 PasswordHistoryDepth;
+
+ [Description (
+ "UserPasswordEncoding specifies encoding used for the "
+ "UserPassword property.\r\n"
+ "\"kbd\" denotes a string in hexadecimal format "
+ "containing keyboard scan code input. An example of a "
+ "UserPassword structured in this format would be "
+ "\"321539191E1F1F11181320\", which is the representation "
+ "of \"my password\" in US English keyboard scan codes.\n"
+ "\"\rascii\" denotes clear text that complies with the "
+ "ASCII character set. An example would be \"my password\".\n"
+ "\"pin\" denotes that only numeric input in ASCII text is "
+ "allowed for the UserPassword. An example would be \"1234\".\n"
+ "\"UTF-8\" denotes that the UserPassword is a Unicode "
+ "string that is encoded using UTF-8 character set.\n"
+ "\"UTF-16\" denotes that the UserPassword is a Unicode "
+ "string that is encoded using UTF-16 character set. The "
+ "byte order mark (BOM) shall be the first character of "
+ "the string.\n"
+ "\"UTF-16LE\" denotes that the UserPassword is a Unicode "
+ "string that is encoded using UTF-16 character set in "
+ "little-endian byte order.\n"
+ "\"UTF-16BE\" denotes that the UserPassword is a Unicode "
+ "string that is encoded using UTF-16 character set in "
+ "big-endian byte order.\n"
+ "\"UCS-2\" denotes that the UserPassword is a Unicode "
+ "string that is encoded using UCS-2 character set.\n"
+ "\"UCS-2LE\" denotes that the UserPassword is a Unicode "
+ "string that is encoded using UCS-2 character set in "
+ "little endian byte order.\n"
+ "\"UCS-2BE\" denotes that the UserPassword is a Unicode "
+ "string that is encoded using UCS-2 character set in big "
+ "endian byte order." ),
+ ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11", "..", "65536..4294967295" },
+ Values { "ascii", "kbd", "pin", "UTF-8", "UTF-16",
+ "UTF-16LE", "UTF-16BE", "UCS-2", "USC-2LE", "UCS-2BE",
+ "DMTF Reserved", "Vendor Reserved" }]
+ uint32 UserPasswordEncoding;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AccountIdentity.mof b/Schemas/CIM236/DMTF/User/CIM_AccountIdentity.mof
new file mode 100644
index 0000000..34dd4d2
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AccountIdentity.mof
@@ -0,0 +1,25 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_ConcreteIdentity" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "CIM_AccountIdentity relates a system Account with the Identity "
+ "that is established. Since Account also carries Identity "
+ "semantics, the LogicalIdentity association is defined as the "
+ "superclass of this association. This association does not add "
+ "any constraints or semantics to ConcreteIdentity. As a result, "
+ "it is deprecated." )]
+class CIM_AccountIdentity : CIM_LogicalIdentity {
+
+ [Deprecated { "CIM_ConcreteIdentity.SystemElement" },
+ Override ( "SystemElement" ),
+ Description ( "The Account that establishes Identity." )]
+ CIM_Account REF SystemElement;
+
+ [Deprecated { "CIM_ConcreteIdentity.SameElement" },
+ Override ( "SameElement" ),
+ Description ( "The Identity established by the Account." )]
+ CIM_Identity REF SameElement;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AccountManagementCapabilities.mof b/Schemas/CIM236/DMTF/User/CIM_AccountManagementCapabilities.mof
new file mode 100644
index 0000000..121e8e5
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AccountManagementCapabilities.mof
@@ -0,0 +1,104 @@
+// Copyright (c) 2012 DMTF. All rights reserved.
+ [Version ( "2.35.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "AccountManagementCapabilities describes the capabilities "
+ "supported for managing Accounts associated with an instance of "
+ "AccountManagementService. AccountManagementCapabilities is "
+ "associated with an instance of AccountManagementService "
+ "through the ElementCapabilities association." )]
+class CIM_AccountManagementCapabilities : CIM_EnabledLogicalElementCapabilities {
+
+ [Description (
+ "OperationsSupported describes the type of operations "
+ "that are supported for an Account associated with the AccountManagementService.\n"
+ "\"Create\" indicates the AccountManagementService may be "
+ "used to create new accounts.\n"
+ "\"Modify\" indicates that the associated Accounts may be modified.\n"
+ "\"Delete\" indicates that associated Accounts may be "
+ "deleted." ),
+ ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "..", "0x8000..0xFFFF" },
+ Values { "Create", "Modify", "Delete", "CreateUserContact",
+ "CreateUserContactByIdentity", "ModifyUserContact",
+ "DeleteUserContact", "GetAccount", "GetUserContact",
+ "DMTF Reserved", "Vendor Reserved" }]
+ uint16 OperationsSupported[];
+
+ [Description (
+ "Additional implementation-specific algorithms that a "
+ "client may use to encrypt a value in the UserPassword "
+ "property when creating or modifying an instance of "
+ "CIM_Account. If this property is non-NULL, a client may "
+ "select an algorithm in it by setting "
+ "CIM_Account.UserPasswordEncryptionAlgorithm to 1 "
+ "(\"Other\") and setting "
+ "CIM_Account.OtherUserPasswordEncryptionAlgorithm to the "
+ "value of the selected algorithm string." ),
+ ModelCorrespondence {
+ "CIM_Account.OtherUserPasswordEncryptionAlgorithm",
+ "CIM_AccountManagementCapabilities.SupportedUserPasswordEncryptionAlgorithms" }]
+ string OtherSupportedUserPasswordEncryptionAlgorithms[];
+
+ [Description (
+ "This property enumerates encryption algorithms that a "
+ "client may use to encrypt a value in the UserPassword "
+ "property when creating or modifying an instance of "
+ "CIM_Account. This capability is aimed at ensuring some "
+ "measure of confidentiality when the password is "
+ "transferred over an unencrypted transport protocol. An "
+ "implementation may elect to accept only encrypted "
+ "passwords, without regard to whether the transport "
+ "protocol is encrypted. Similarly, a a client may elect "
+ "to always provide encrypted passwords to implementations "
+ "that accept either unencrypted or encrypted passwords, "
+ "even if the underlying transport protocol is encrypted.\n"
+ "See CIM_Account property UserPasswordEncryptionAlgorithm "
+ "for a description of each enum value." ),
+ ValueMap { "0", "1", "2", ".." },
+ Values { "None", "Other", "HTTP Digest MD5(A1)",
+ "DMTF Reserved" },
+ ModelCorrespondence {
+ "CIM_Account.UserPasswordEncryptionAlgorithm",
+ "CIM_AccountManagementCapabilities.OtherSupportedUserPasswordEncryptionAlgorithms" }]
+ uint16 SupportedUserPasswordEncryptionAlgorithms[];
+
+ [Description (
+ "A value unique to the specific WBEM server that may be "
+ "used in the selected UserPassword encryption algorithm "
+ "to ensure a value that is unique among all WBEM servers "
+ "even if a user uses the same password on multiple WBEM "
+ "servers." ),
+ ModelCorrespondence {
+ "CIM_Account.UserPasswordEncryptionAlgorithm" }]
+ string UserPasswordEncryptionSalt;
+
+ [Description (
+ "MaximumAccountsSupported shall indicate the maximum "
+ "number of accounts that may be managed by the associated "
+ "instance of CIM_AccountManagementService. Note that if "
+ "multiple instances of CIM_AccountManagementService "
+ "manage the accounts of a system, the total maximum "
+ "number of accounts supported on the system is the sum of "
+ "MaximumAccountsSupported for all of the instances of "
+ "CIM_AccountManagementService. A value of zero shall "
+ "indicate that the maximum number of accounts is unknown "
+ "or that a maximum number of accounts is not enforced." )]
+ uint16 MaximumAccountsSupported;
+
+ [Description (
+ "This property enumerates encoding algorithms that a "
+ "client may use to encode the UserPassword property when "
+ "creating or modifying an instance of CIM_Account. See "
+ "CIM_Account property UserPasswordEncoding for a "
+ "description of each enum value." ),
+ ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11", "..", "65536..4294967295" },
+ Values { "ascii", "kbd", "pin", "UTF-8", "UTF-16",
+ "UTF-16LE", "UTF-16BE", "UCS-2", "UCS-2LE", "UCS-2BE",
+ "DMTF Reserved", "Vendor Reserved" },
+ ModelCorrespondence { "CIM_Account.UserPasswordEncoding" }]
+ uint32 SupportedUserPasswordEncodings[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AccountManagementService.mof b/Schemas/CIM236/DMTF/User/CIM_AccountManagementService.mof
new file mode 100644
index 0000000..49764e0
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AccountManagementService.mof
@@ -0,0 +1,152 @@
+// Copyright (c) 2012 DMTF. All rights reserved.
+ [Version ( "2.35.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "CIM_AccountManagementService creates, manages, and if "
+ "necessary destroys Accounts on behalf of other "
+ "SecuritySerices." )]
+class CIM_AccountManagementService : CIM_SecurityService {
+
+
+ [Description (
+ "CreateAccount creates an Account on the specified "
+ "ComputerSystem. Upon successful completion of the "
+ "method, there shall be a newly created instance of "
+ "CIM_Account associated through the CIM_AccountOnSystem "
+ "association with the instance of ComputerSystem "
+ "identified by the System parameter such that each "
+ "property of the CIM_Account instance has the value of "
+ "the corresponding property of the template instance "
+ "specified by the AccountTemplate parameter and the "
+ "CIM_Account instance is associated with this instance of "
+ "CIM_AccountManagementService through the "
+ "CIM_ServiceAffectsElement association.\n"
+ "Instances of CIM_Identity may be created by the method "
+ "and associated with the instance of CIM_Account through "
+ "CIM_AssignedIdentity. If one or more instances of "
+ "CIM_Identity are created, a reference to each shall be "
+ "returned in the Identities parameter, otherwise the "
+ "Identities parameter shall be NULL upon method "
+ "completion." ),
+ ValueMap { "0", "1", "2", "..", "32768..65535" },
+ Values { "Completed with No Error", "Not Supported",
+ "Failed", "Method Reserved", "Vendor Specific" }]
+ uint32 CreateAccount(
+ [Required, Description (
+ "The scoping ComputerSystem in which to create the Account."
+ )]
+ CIM_ComputerSystem REF System,
+ [Required, Description (
+ "AccountTemplate is a template for the desired "
+ "Account to be created." ),
+ EmbeddedInstance ( "CIM_Account" )]
+ string AccountTemplate,
+ [IN ( false ), OUT, Description (
+ "Reference to the instance of CIM_Account created "
+ "when the method returns a value of 0." )]
+ CIM_Account REF Account,
+ [IN ( false ), OUT, Description (
+ "Reference to the instances of CIM_Identity created "
+ "when the method returns a value of 0. NULL if no "
+ "such instances are created." )]
+ CIM_Identity REF Identities[]);
+
+ [Description (
+ "CreateUserContact creates a UserContact for the "
+ "specified system. Upon successful completion of the "
+ "method, there shall be a newly created instance of "
+ "CIM_UserContact associated to an instance of "
+ "CIM_Identity through CIM_AssignedIdentity. A "
+ "CIM_Identity instance may be created by the method or "
+ "may be one that already existed that represented this "
+ "user." ),
+ ValueMap { "0", "1", "2", ".." },
+ Values { "Completed with No Error", "Not Supported",
+ "Failed", "Method Reserved" }]
+ uint32 CreateUserContact(
+ [Required, Description (
+ "The scoping ComputerSystem in which to create the Account."
+ )]
+ CIM_ComputerSystem REF System,
+ [Required, Description (
+ "UserContactTemplate is a template for the desired "
+ "UserContact to be created" ),
+ EmbeddedInstance ( "CIM_UserContact" )]
+ string UserContactTemplate,
+ [In ( false ), Out, Description (
+ "Reference to the instance of CIM_UserContact "
+ "created when the method returns a value of 0" )]
+ CIM_UserContact REF UserContact,
+ [In ( false ), Out, Description (
+ "Reference to the instances of CIM_Identity when "
+ "the method returns a value of 0. These instances "
+ "may not be created as a part of the execution of "
+ "this method. These instances may already exist "
+ "prior to the invocation of this method." )]
+ CIM_Identity REF Identities[]);
+
+ [Description (
+ "CreateUserContactByIdentity creates a UserContact for "
+ "the specificed system using the specified Identity. Upon "
+ "successful completion of the method, there shall be a "
+ "newly created instance of CIM_UserContact associated to "
+ "the instance of CIM_Identity specified through "
+ "CIM_AssignedIdentity." ),
+ ValueMap { "0", "1", "2", ".." },
+ Values { "Completed with No Error", "Not Supported",
+ "Failed", "Method Reserved" }]
+ uint32 CreateUserContactByIdentity(
+ [Required, Description (
+ "The scoping ComputerSystem in which to create the Account."
+ )]
+ CIM_ComputerSystem REF System,
+ [Required, Description (
+ "UserContactTemplate is a template for the desired "
+ "UserContact to be created." ),
+ EmbeddedInstance ( "CIM_UserContact" )]
+ string UserContactTemplate,
+ [Required, Description (
+ "A Reference to a existing CIM_Identity instance to "
+ "be associated to the newly created CIM_UserContact "
+ "instance." )]
+ CIM_Identity REF Identity,
+ [In ( false ), Out, Description (
+ "Reference to the instance of CIM_UserContact "
+ "created when the method returns a value of 0. This "
+ "value shall be NULL if the method returns a value "
+ "other than 0." )]
+ CIM_UserContact REF UserContact);
+
+ [Description (
+ "GetAccounts will retrieve the CIM_Account reference that "
+ "match the supplied UserID." ),
+ ValueMap { "0", "1", "2", ".." },
+ Values { "Completed with No Error", "Not Supported",
+ "Failed", "Method Reserved" }]
+ uint32 GetAccounts(
+ [Description (
+ "The UserID for the CIM_Account instances to be retrieved."
+ )]
+ string UserID,
+ [In ( false ), Out, Description (
+ "An array of references to the instances of "
+ "CIM_Account that have the supplied UserID." )]
+ CIM_Account REF Accounts[]);
+
+ [Description (
+ "GetUserContacts will retrieve the CIM_UserContact "
+ "references that match the supplied UserID." ),
+ ValueMap { "0", "1", "2", ".." },
+ Values { "Completed with No Error", "Not Supported",
+ "Failed", "Method Reserved" }]
+ uint32 GetUserContacts(
+ [Description (
+ "The UserID for the CIM_UserContact instances to be retrieved."
+ )]
+ string UserID,
+ [In ( false ), Out, Description (
+ "An array of references to the UserContact "
+ "instances that have the supplied UserID." )]
+ CIM_UserContact REF UserContacts[]);
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AccountMapsToAccount.mof b/Schemas/CIM236/DMTF/User/CIM_AccountMapsToAccount.mof
new file mode 100644
index 0000000..6e961ab
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AccountMapsToAccount.mof
@@ -0,0 +1,27 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "This relationship may be used to associate an Account used by "
+ "an AuthenticationService to an Account used for Authorization. "
+ "For instance, this mapping occurs naturally in the UNIX "
+ "/etc/passwd file, where the AuthenticationService Account "
+ "(\'root\') is mapped to the AuthorizationService Account "
+ "(\'0\'). The two are separate accounts, as evidenced by the "
+ "ability to have another AuthenticationService Account which "
+ "ALSO maps to the AuthorizationService Account (\'0\') without "
+ "ambiguity. This association may be used for other account "
+ "mappings as well such as for coordinating single signon for "
+ "multiple accounts for the same user." )]
+class CIM_AccountMapsToAccount : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Description ( "An Account." )]
+ CIM_Account REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Description ( "A related Account." )]
+ CIM_Account REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AccountOnSystem.mof b/Schemas/CIM236/DMTF/User/CIM_AccountOnSystem.mof
new file mode 100644
index 0000000..64f8ab7
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AccountOnSystem.mof
@@ -0,0 +1,23 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Aggregation, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "A system (e.g., ApplicationSystem, ComputerSystem, "
+ "AdminDomain) aggregates Accounts and scopes the uniqueness of "
+ "the Account names (i.e., userids)." )]
+class CIM_AccountOnSystem : CIM_SystemComponent {
+
+ [Aggregate, Override ( "GroupComponent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description (
+ "The aggregating system also provides name scoping for the Account."
+ )]
+ CIM_System REF GroupComponent;
+
+ [Override ( "PartComponent" ),
+ Weak, Description ( "The subordinate Account." )]
+ CIM_Account REF PartComponent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AccountSettingData.mof b/Schemas/CIM236/DMTF/User/CIM_AccountSettingData.mof
new file mode 100644
index 0000000..c070960
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AccountSettingData.mof
@@ -0,0 +1,72 @@
+// Copyright (c) 2009 DMTF. All rights reserved.
+ [Version ( "2.22.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "CIM_AccountSettingData provides the ability to manage the "
+ "desired configuration for an instance of CIM_Account. When "
+ "associated with an instance of CIM_AccountManagementService, "
+ "this class may be used to constrain the properties of "
+ "instances of CIM_Accountcreated using the service. When "
+ "associated with an instance of CIM_Account, this class may be "
+ "used to manage the configuration of the CIM_Acount instance." )]
+class CIM_AccountSettingData : CIM_SettingData {
+
+ [Description (
+ "ComplexPasswordRulesEnforced indicates the rules for "
+ "constructing a complex password enforced by the Account.\n"
+ "Minimum Length a minimum length is enforced for "
+ "passwords for the account.\n"
+ "Preclude User ID inclusion precluding the password from "
+ "including the user ID is supported. \n"
+ "Maximum Repeating Characters a limit will be enforced on "
+ "the number of times a character can occur consecutively. \n"
+ "Lower Case Alpha at least one lower case alpha character "
+ "is required. \n"
+ "Upper Case Alpha at least one upper case alpha character "
+ "is required. \n"
+ "Numeric Character at least one numeric character is "
+ "required. \n"
+ "Special Character at least one special character is "
+ "required." ),
+ ValueMap { "2", "3", "4", "5", "6", "7", "8", "..",
+ "0x8000..0xFFFF" },
+ Values { "Minimum Length", "Preclude User ID Inclusion",
+ "Maximum Repeating Characters", "Lower Case Alpha",
+ "Upper Case Alpha", "Numeric Character",
+ "Special Character", "DMTF Reserved", "Vendor Reserved" }]
+ uint16 ComplexPasswordRulesEnforced[];
+
+ [Description (
+ "InactivityTimeout specifies the interval after which if "
+ "an account has been inactive, it shall be Disabled. The "
+ "value shall be expressed in interval format or shall be "
+ "NULL. A value of NULL shall indicate that the Account "
+ "will not be disabled due to inactivity." )]
+ datetime InactivityTimeout;
+
+ [Description (
+ "MaximumPasswordExpiration indicates the maximum password "
+ "age enforced for the Account. The value shall be "
+ "expressed in interval format or shall be NULL. A value "
+ "of NULL shall indicate that the password aging is not "
+ "enforced." )]
+ datetime MaximumPasswordExpiration;
+
+ [Description (
+ "MaximumSuccessiveLoginFailures indicates the number of "
+ "successive failed login attempts that shall result in "
+ "the Account being disabled. A value of zero shall "
+ "indicate that the Account will not be disabled due to "
+ "successive failed login attempts." )]
+ uint16 MaximumSuccessiveLoginFailures;
+
+ [Description (
+ "PasswordHistoryDepth indicates the number of previous "
+ "passwords that shall be maintained for the Account. The "
+ "Account shall preclude the selection of a password if it "
+ "occurs in the password history. A value of zero shall "
+ "indicate that a password history is not maintained." )]
+ uint16 PasswordHistoryDepth;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AssignedIdentity.mof b/Schemas/CIM236/DMTF/User/CIM_AssignedIdentity.mof
new file mode 100644
index 0000000..5f73cc8
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AssignedIdentity.mof
@@ -0,0 +1,20 @@
+// Copyright (c) 2006 DMTF. All rights reserved.
+ [Association, Version ( "2.14.0" ),
+ UMLPackagePath ( "CIM::User::Identity" ),
+ Description (
+ "This relationship associates an Identity to a specific "
+ "ManagedElement, whose trust and account information is "
+ "represented." )]
+class CIM_AssignedIdentity {
+
+ [Key, Description (
+ "An Identity of the referenced ManagedElement." )]
+ CIM_Identity REF IdentityInfo;
+
+ [Key, Description (
+ "The ManagedElement assigned to or representing a "
+ "specific Identity." )]
+ CIM_ManagedElement REF ManagedElement;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AssociatedPrivilege.mof b/Schemas/CIM236/DMTF/User/CIM_AssociatedPrivilege.mof
new file mode 100644
index 0000000..db755f6
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AssociatedPrivilege.mof
@@ -0,0 +1,255 @@
+// Copyright (c) 2008 DMTF. All rights reserved.
+ [Association, Version ( "2.22.0" ),
+ UMLPackagePath ( "CIM::User::Privilege" ),
+ Description (
+ "CIM_AssociatedPrivilege is an association that models the "
+ "privileges that a Subject element has to access or authorize "
+ "other elements to access a Target element." )]
+class CIM_AssociatedPrivilege {
+
+ [Key, Description (
+ "The Subject for which privileges are granted or denied." )]
+ CIM_ManagedElement REF Subject;
+
+ [Key, Description (
+ "The target element to which the privileges apply." )]
+ CIM_ManagedElement REF Target;
+
+ [Key, Description (
+ "UseKey is used to distinguish instances in case multiple "
+ "instances of this association exist between the same "
+ "Subject and Target. This may arise, for example, if "
+ "separate instances are created for each management "
+ "domain, or if the Subject has access and authorization "
+ "rights to the Target.\n"
+ "Within the scope of the instantiating Namespace, UseKey "
+ "opaquely and uniquely identifies an instance of this "
+ "class. In order to ensure uniqueness within the "
+ "NameSpace, the value of UseKey should be constructed "
+ "using the following \'preferred\' algorithm: \n"
+ "<OrgID>:<LocalID> \n"
+ "Where <OrgID> and <LocalID> are separated by a colon "
+ "\':\', and where <OrgID> shall include a copyrighted, "
+ "trademarked or otherwise unique name that is owned by "
+ "the business entity creating/defining the UseKey, or is "
+ "a registered ID that is assigned to the business entity "
+ "by a recognized global authority. (This is similar to "
+ "the <Schema Name>_<Class Name> structure of Schema class "
+ "names.) In addition, to ensure uniqueness <OrgID> shall "
+ "not contain a colon (\':\'). When using this algorithm, "
+ "the first colon to appear in UseKey shall appear between "
+ "<OrgID> and <LocalID>. \n"
+ "<LocalID> is chosen by the business entity and should "
+ "not be re-used to identify different underlying "
+ "(real-world) elements. If the above \'preferred\' "
+ "algorithm is not used, the defining entity shall assure "
+ "that the resultant UseKey is not re-used across any "
+ "UseKeys produced by this or other providers for this "
+ "instance\'s NameSpace. \n"
+ "For DMTF defined instances, the \'preferred\' algorithm "
+ "shall be used with the <OrgID> set to \'CIM\'." )]
+ string UseKey;
+
+ [Description (
+ "Boolean indicating whether the Privilege is granted "
+ "(TRUE) or denied (FALSE). The default is to grant "
+ "permission." )]
+ boolean PrivilegeGranted = true;
+
+ [Description (
+ "An enumeration indicating the activities that are "
+ "granted or denied. These activities apply to all "
+ "entities specified in the ActivityQualifiers array.\n"
+ "\"Other\" (1): indicates an activity that is not "
+ "specified in this enumeration.\n"
+ "\"Create\" (2), \"Delete\" (3), \"Detect\" (4), \"Read\" "
+ "(5), \"Write\" (6), \"Execute\" (7): each of these "
+ "values indicates that the Subject is permitted to use an "
+ "operation supported by the Target. They are all "
+ "straightforward except for one, 4=\"Detect\". This value "
+ "indicates that the existence or presence of an entity "
+ "may be determined, but not necessarily specific data "
+ "(which requires the Read privilege to be true). This "
+ "activity is exemplified by \'hidden files\'- if you list "
+ "the contents of a directory, you will not see hidden "
+ "files. However, if you know a specific file name, or "
+ "know how to expose hidden files, then they can be "
+ "\'detected\'. Another example is the ability to define "
+ "search privileges in directory implementations.\n"
+ "\"Deny Create\" (8), \"Deny Delete\" (9), \"Deny Detect\" "
+ "(10), \"Deny Read\" (11), \"Deny Write\" (12), \"Deny "
+ "Execute\" (13): each of these values indicates that the "
+ "Subject is expressly denied permission to use an "
+ "operation supported by the Target.\n"
+ "Authorize to Grant/Deny Authorization (14): this value "
+ "indicates that the Subject is permitted to add any of "
+ "the following values to - or remove any of the following "
+ "values from - the Activities array property in any other "
+ "instance of CIM_AssociatedPrivilege that references the "
+ "same Target: \"Authorize to Create\" (15), \"Authorize "
+ "to Delete\" (16), \"Authorize to Detect\" (17), "
+ "\"Authorize to Read\" (18), \"Authorize to Write\" (19), "
+ "\"Authorize to Execute\" (20), \"Authorize to Deny "
+ "Create\" (21), \"Authorize to Deny Delete\" (22), "
+ "\"Authorize to Deny Detect\" (23), \"Authorize to Deny "
+ "Read\" (24), \"Authorize to Deny Write\" (25), and "
+ "\"Authorize to Deny Execute\" (26).\n"
+ "\"Authorize to Create\" (15), \"Authorize to Delete\" "
+ "(16), \"Authorize to Detect\" (17), \"Authorize to Read\" "
+ "(18), \"Authorize to Write\" (19), \"Authorize to "
+ "Execute\" (20), \"Authorize to Deny Create\" (21), "
+ "\"Authorize to Deny Delete\" (22), \"Authorize to Deny "
+ "Detect\" (23), \"Authorize to Deny Read\" (24), "
+ "\"Authorize to Deny Write\" (25), and \"Authorize to "
+ "Deny Execute\" (26): each of these values indicates that "
+ "the Subject is permitted to add value named in the "
+ "string to - or remove the value from - the Activities "
+ "array property in any other instance of "
+ "CIM_AssociatedPrivilege that references the same Target. "
+ "For example, \"Authorize to Read\" indicates that the "
+ "Subject is permitted to add or remove the value \"Read\", "
+ "and \"Authorize to Deny Read\" indicates that the "
+ "Subject is permitted to add or remove the value \"Deny "
+ "Read\"." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11", "12", "13", "14", "15", "16", "17", "18", "19",
+ "20", "21", "22", "23", "24", "25", "26", "..", "16000.." },
+ Values { "Other", "Create", "Delete", "Detect", "Read",
+ "Write", "Execute", "Deny Create", "Deny Delete",
+ "Deny Detect", "Deny Read", "Deny Write", "Deny Execute",
+ "Authorize to Grant/Deny Authorization",
+ "Authorize to Create", "Authorize to Delete",
+ "Authorize to Detect", "Authorize to Read",
+ "Authorize to Write", "Authorize to Execute",
+ "Authorize to Deny Create", "Authorize to Deny Delete",
+ "Authorize to Deny Detect", "Authorize to Deny Read",
+ "Authorize to Deny Write", "Authorize to Deny Execute",
+ "DMTF Reserved", "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AssociatedPrivilege.ActivityQualifiers" }]
+ uint16 Activities[];
+
+ [Description (
+ "The ActivityQualifiers property is an array of string "
+ "values used to further qualify and specify the "
+ "privileges granted or denied. For example, it is used to "
+ "specify a set of files for which \'Read\'/\'Write\' "
+ "access is permitted or denied. Or, it defines a class\' "
+ "methods that may be \'Executed\'. Details on the "
+ "semantics of the individual entries in "
+ "ActivityQualifiers are provided by corresponding entries "
+ "in the QualifierFormats array." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence { "CIM_AssociatedPrivilege.Activities",
+ "CIM_AssociatedPrivilege.QualifierFormats" }]
+ string ActivityQualifiers[];
+
+ [Description (
+ "Defines the semantics of corresponding entries in the "
+ "ActivityQualifiers array. An example of each of these "
+ "\'formats\' and their use follows: \n"
+ "- 2=Class Name. Example: If the authorization target is "
+ "a CIM Service or a Namespace, then the "
+ "ActivityQualifiers entries can define a list of classes "
+ "that the authorized subject is able to create or delete. \n"
+ "- 3=<Class.>Property. Example: If the authorization "
+ "target is a CIM Service, Namespace or Collection of "
+ "instances, then the ActivityQualifiers entries can "
+ "define the class properties that may or may not be "
+ "accessed. In this case, the class names are specified "
+ "with the property names to avoid ambiguity - since a CIM "
+ "Service, Namespace or Collection could manage multiple "
+ "classes. On the other hand, if the authorization target "
+ "is an individual instance, then there is no possible "
+ "ambiguity and the class name may be omitted. To specify "
+ "ALL properties, the wildcard string \"*\" should be "
+ "used. \n"
+ "- 4=<Class.>Method. This example is very similar to the "
+ "Property one, above. And, as above, the string \"*\" may "
+ "be specified to select ALL methods. \n"
+ "- 5=Object Reference. Example: If the authorization "
+ "target is a CIM Service or Namespace, then the "
+ "ActivityQualifiers entries can define a list of object "
+ "references (as strings) that the authorized subject can "
+ "access. \n"
+ "- 6=Namespace. Example: If the authorization target is a "
+ "CIM Service, then the ActivityQualifiers entries can "
+ "define a list of Namespaces that the authorized subject "
+ "is able to access. \n"
+ "- 7=URL. Example: An authorization target may not be "
+ "defined, but a Privilege could be used to deny access to "
+ "specific URLs by individual Identities or for specific "
+ "Roles, such as the \'under 17\' Role. \n"
+ "- 8=Directory/File Name. Example: If the authorization "
+ "target is a FileSystem, then the ActivityQualifiers "
+ "entries can define a list of directories and files whose "
+ "access is protected. \n"
+ "- 9=Command Line Instruction. Example: If the "
+ "authorization target is a ComputerSystem or Service, "
+ "then the ActivityQualifiers entries can define a list of "
+ "command line instructions that may or may not be "
+ "\'Executed\' by the authorized subjects. \n"
+ "- 10=SCSI Command, using a format of \'CDB=xx[,Page=pp]\'. "
+ "For example, the ability to select the VPD page of the "
+ "Inquiry command is encoded as \'CDB=12,Page=83\' in the "
+ "corresponding ActivityQualifiers entry. A \'*\' may be "
+ "used to indicate all CDBs or Page numbers. \n"
+ "- 11=Packets. Example: The transmission of packets is "
+ "permitted or denied by the Privilege for the target (a "
+ "ComputerSystem, ProtocolEndpoint, Pipe, or other ManagedSystemElement).\n"
+ "- 12=Specification-defined. The semantics are defined in "
+ "a a specification produced by the DMTF or other "
+ "organization. The value of the corresponding "
+ "ActivityQualifiers entry names the specification and the "
+ "organization that produced it, and includes a label that "
+ "unambiguously references the semantic definition within "
+ "the specification. The value of of the corresponding "
+ "ActivityQualifiers entry should be constructed using the "
+ "following \"preferred\" algorithm: \n"
+ "<OrgID>:<SpecID>:<Label>, where <OrgID>, <SpecID>, and "
+ "<Label> are separated by a colon (:), and where <OrgID> "
+ "shall include a copyrighted, trademarked, or otherwise "
+ "unique name that is owned by the business entity that is "
+ "creating or defining the InstanceID or that is a "
+ "registered ID assigned to the business entity by a "
+ "recognized global authority. (This requirement is "
+ "similar to the <Schema Name>_<Class Name> structure of "
+ "Schema class names.) In addition, to ensure uniqueness "
+ "both <OrgID> and <SpecID> shall not contain a colon "
+ "(\':\'). When using this algorithm, the first colon to "
+ "appear in the corresponding ActivityQualifiers entry "
+ "shall appear between <OrgID> and <SpecID> and the second "
+ "colon to appear in the corresponding ActivityQualifiers "
+ "entry shall appear between <SpecID> and <Label>. \n"
+ "<Label> is chosen by the business entity and should not "
+ "be reused to identify different underlying semantics. If "
+ "the above \"preferred\" algorithm is not used, the "
+ "defining entity must assure that the resulting value is "
+ "not reused to refer to a different specification or "
+ "different semantics within defined within the same specification.\n"
+ "For DMTF-defined instances, the \"preferred\" algorithm "
+ "shall be used with the <OrgID> set to \"DMTF\", and the "
+ "<SpecID> set to \"DSPx\", where x is the number of a DSP "
+ "published by the DMTF." ),
+ ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11", "12", "..", "16000.." },
+ Values { "Class Name", "<Class.>Property", "<Class.>Method",
+ "Object Reference", "Namespace", "URL",
+ "Directory/File Name", "Command Line Instruction",
+ "SCSI Command", "Packets", "Specification-defined",
+ "DMTF Reserved", "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AssociatedPrivilege.ActivityQualifiers" }]
+ uint16 QualifierFormats[];
+
+ [Description (
+ "The RepresentsAuthorizationRights flag indicates whether "
+ "the rights defined by this instance shall be interpreted "
+ "as rights of Subjects to access Targets or as rights of "
+ "Subjects to change those rights on/for Targets." )]
+ boolean RepresentsAuthorizationRights = false;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthenticateForUse.mof b/Schemas/CIM236/DMTF/User/CIM_AuthenticateForUse.mof
new file mode 100644
index 0000000..12de2f9
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthenticateForUse.mof
@@ -0,0 +1,26 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "No value" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::AuthenticationReqmt" ),
+ Description (
+ "CIM_AuthenticateForUse is an association used to provide an "
+ "AuthenticationService with the AuthenticationRequirement it "
+ "needs to do its job. This association is unnecessary and "
+ "therefore deprecated, since it is implied that an Identity "
+ "MUST be authenticated (its CurrentlyAuthenticatedBoolean set "
+ "to TRUE) in order to have any Privileges." )]
+class CIM_AuthenticateForUse : CIM_Dependency {
+
+ [Deprecated { "No value" },
+ Override ( "Antecedent" ),
+ Description ( "AuthenticationRequirementfor use." )]
+ CIM_AuthenticationRequirement REF Antecedent;
+
+ [Deprecated { "No value" },
+ Override ( "Dependent" ),
+ Description (
+ "AuthenticationServicethat uses the requirements." )]
+ CIM_AuthenticationService REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthenticationRequirement.mof b/Schemas/CIM236/DMTF/User/CIM_AuthenticationRequirement.mof
new file mode 100644
index 0000000..22f9920
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthenticationRequirement.mof
@@ -0,0 +1,71 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Deprecated { "CIM_AuthenticationCondition",
+ "CIM_AuthenticationRule", "CIM_SecuritySensitivity" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::AuthenticationReqmt" ),
+ Description (
+ "CIM_AuthenticationRequirement provides, through its "
+ "associations, the authentication requirements for access to "
+ "system resources. For a particular set of target resources, "
+ "the AuthenticationService may require that credentials be "
+ "issued by a specific CredentialManagementService. The "
+ "AuthenticationRequirement class is weak to the system (e.g., "
+ "ComputerSystem or Administrative Domain) for which the "
+ "requirements apply. \n"
+ "\n"
+ "Note that this class was defined before the Policy Model "
+ "existed, and is deprecated in lieu of authentication policy - "
+ "specifically, the AuthenticationCondition and "
+ "AuthenticationRule classes. In the updated design, "
+ "AuthenticationCondition describes the specific combinations of "
+ "credentials (or alternative credentials) that are required in "
+ "order to authenticate an Identity. This allows a more explicit "
+ "and flexible description of authentication requirements. Also, "
+ "the definition of \'security classification\' as a property of "
+ "this class was problematic - since it could not be assigned to "
+ "an element in a straight forward fashion. To correct this "
+ "issue, the SecuritySensitivity class (and its association, "
+ "ElementSecuritySensitivity) are defined." )]
+class CIM_AuthenticationRequirement : CIM_LogicalElement {
+
+ [Deprecated { "CIM_AuthenticationRule.SystemCreationClassName" },
+ Key, Description ( "Hosting systemcreation class name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_System.CreationClassName" )]
+ string SystemCreationClassName;
+
+ [Deprecated { "CIM_AuthenticationRule.SystemName" },
+ Key, Description ( "Hosting system name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_System.Name" )]
+ string SystemName;
+
+ [Deprecated { "CIM_AuthenticationRule.CreationClassName" },
+ Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Deprecated { "CIM_AuthenticationRule.PolicyRuleName" },
+ Key, Override ( "Name" ),
+ Description (
+ "The Name property defines the unique label, in the "
+ "context of the hosting system, by which the "
+ "AuthenticationRequirement is known." ),
+ MaxLen ( 256 )]
+ string Name;
+
+ [Deprecated { "CIM_SecuritySensitivity.SecurityLevel" },
+ Description (
+ "The SecurityClassification property specifies a named "
+ "level of security associated with the "
+ "AuthenticationRequirement, e.g., \'Confidential\', \'Top "
+ "Secret\', etc." )]
+ string SecurityClassification;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthenticationService.mof b/Schemas/CIM236/DMTF/User/CIM_AuthenticationService.mof
new file mode 100644
index 0000000..133ccc2
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthenticationService.mof
@@ -0,0 +1,16 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_AuthenticationService verifies users\' identities through "
+ "some means. These services are decomposed into a subclass that "
+ "provides credentials to users and a subclass that provides for "
+ "the verification of the validity of a credential and, perhaps, "
+ "the appropriateness of its use for access to target resources. "
+ "The persistent state information used from one such "
+ "verification to another is maintained in an instance of "
+ "Identity class." )]
+class CIM_AuthenticationService : CIM_SecurityService {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthenticationTarget.mof b/Schemas/CIM236/DMTF/User/CIM_AuthenticationTarget.mof
new file mode 100644
index 0000000..7ead129
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthenticationTarget.mof
@@ -0,0 +1,32 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_PolicySetAppliesToElement" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::AuthenticationReqmt" ),
+ Description (
+ "CIM_AuthenticationTarget is an association used to apply "
+ "authentication requirements for access to specific resources. "
+ "For example, a shared secret may be sufficient for access to "
+ "unclassified resources, but for confidential resources, a "
+ "stronger authentication may be required. Since the "
+ "AuthenticationRequirement class is deprecated in lieu of "
+ "explicit policy rules, this association is similarly "
+ "deprecated to its \'policy\' equivalent." )]
+class CIM_AuthenticationTarget : CIM_Dependency {
+
+ [Deprecated { "CIM_PolicySetAppliesToElement.PolicySet" },
+ Override ( "Antecedent" ),
+ Description (
+ "AuthenticationRequirement that applies to specific resources."
+ )]
+ CIM_AuthenticationRequirement REF Antecedent;
+
+ [Deprecated { "CIM_PolicySetAppliesToElement.ManagedElement" },
+ Override ( "Dependent" ),
+ Description (
+ "Target resources that may be in a Collection or an "
+ "individual ManagedElement. These resources are protected "
+ "by the AuthenticationRequirement." )]
+ CIM_ManagedElement REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthorizationService.mof b/Schemas/CIM236/DMTF/User/CIM_AuthorizationService.mof
new file mode 100644
index 0000000..d17b3f6
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthorizationService.mof
@@ -0,0 +1,11 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_AuthorizationService determines whether an Identity, "
+ "established by an AuthorizationService, is permitted access to "
+ "a resource or set of resources." )]
+class CIM_AuthorizationService : CIM_SecurityService {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthorizationSubject.mof b/Schemas/CIM236/DMTF/User/CIM_AuthorizationSubject.mof
new file mode 100644
index 0000000..9b3c799
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthorizationSubject.mof
@@ -0,0 +1,28 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_AuthorizedSubject" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::AccessControl" ),
+ Description (
+ "CIM_AuthorizationSubject is an association used to apply "
+ "authorization decisions to specific subjects (i.e., users). "
+ "This association is deprecated in lieu of a semantically "
+ "equivalent one, AuthorizedSubject, since one of the referenced "
+ "classes (AccessControlInformation) has been deprecated." )]
+class CIM_AuthorizationSubject : CIM_Dependency {
+
+ [Deprecated { "CIM_AuthorizedSubject.Privilege" },
+ Override ( "Antecedent" ),
+ Description (
+ "AccessControlInformation that applies to a subject set." )]
+ CIM_AccessControlInformation REF Antecedent;
+
+ [Deprecated { "CIM_AuthorizedSubject.PrivilegedElement" },
+ Override ( "Dependent" ),
+ Description (
+ "The subject set may be specified as a collection or as a "
+ "set of associations to ManagedElements that represent "
+ "users." )]
+ CIM_ManagedElement REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthorizationTarget.mof b/Schemas/CIM236/DMTF/User/CIM_AuthorizationTarget.mof
new file mode 100644
index 0000000..b7e1ee6
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthorizationTarget.mof
@@ -0,0 +1,30 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_AuthorizedTarget" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::AccessControl" ),
+ Description (
+ "CIM_AuthorizationTarget is an association used to apply "
+ "authorization decisions to specific target resources. The "
+ "target resources may be aggregated into a collection or may be "
+ "represented as a set of associations to ManagedElements. This "
+ "association is deprecated in lieu of a semantically equivalent "
+ "one, AuthorizedTarget, since one of the referenced classes "
+ "(AccessControlInformation) has been deprecated." )]
+class CIM_AuthorizationTarget : CIM_Dependency {
+
+ [Deprecated { "CIM_AuthorizedTarget.Privilege" },
+ Override ( "Antecedent" ),
+ Description (
+ "AccessControlInformation that applies to the target set." )]
+ CIM_AccessControlInformation REF Antecedent;
+
+ [Deprecated { "CIM_AuthorizedTarget.TargetElement" },
+ Override ( "Dependent" ),
+ Description (
+ "The target set of resources may be specified as a "
+ "collection or as a set of associations to "
+ "ManagedElements that represent target resources." )]
+ CIM_ManagedElement REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthorizedPrivilege.mof b/Schemas/CIM236/DMTF/User/CIM_AuthorizedPrivilege.mof
new file mode 100644
index 0000000..1bcc09a
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthorizedPrivilege.mof
@@ -0,0 +1,19 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::Privilege" ),
+ Description (
+ "Privilege is the base class for all types of activities which "
+ "are granted or denied to a Role or an Identity. "
+ "AuthorizedPrivilege is a subclass defining static renderings "
+ "of authorization policy rules. The association of Roles and "
+ "Identities to AuthorizedPrivilege is accomplished using the "
+ "AuthorizedSubject relationship. The entities that are "
+ "protected are defined using the AuthorizedTarget relationship. \n"
+ "\n"
+ "Note that this class and its AuthorizedSubject/Target "
+ "associations provide a short-hand, static mechanism to "
+ "represent authorization policies." )]
+class CIM_AuthorizedPrivilege : CIM_Privilege {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthorizedSubject.mof b/Schemas/CIM236/DMTF/User/CIM_AuthorizedSubject.mof
new file mode 100644
index 0000000..912cc9c
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthorizedSubject.mof
@@ -0,0 +1,28 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::Privilege" ),
+ Description (
+ "CIM_AuthorizedSubject is an association used to tie specific "
+ "AuthorizedPrivileges to specific subjects (i.e., Identities, "
+ "Roles or Collections of these). At this time, only Identities "
+ "and Roles (or Collections of Identities and Roles) should be "
+ "associated to AuthorizedPrivileges using this relationship. "
+ "Note that any Privileges not explicitly granted to a subject, "
+ "SHOULD be denied." )]
+class CIM_AuthorizedSubject {
+
+ [Key, Description (
+ "The AuthorizedPrivilege either granted or denied to an "
+ "Identity, Role or Collection. Whether the privilege is "
+ "granted or denied is defined by the inherited property, "
+ "CIM_Privilege.PrivilegeGranted." )]
+ CIM_AuthorizedPrivilege REF Privilege;
+
+ [Key, Description (
+ "The Subject for which AuthorizedPrivileges are granted "
+ "or denied. Whether the privilege is granted or denied is "
+ "defined by the property, CIM_Privilege.PrivilegeGranted." )]
+ CIM_ManagedElement REF PrivilegedElement;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthorizedTarget.mof b/Schemas/CIM236/DMTF/User/CIM_AuthorizedTarget.mof
new file mode 100644
index 0000000..9bcd4de
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthorizedTarget.mof
@@ -0,0 +1,20 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::Privilege" ),
+ Description (
+ "CIM_AuthorizedTarget is an association used to tie an "
+ "Identity\'s or Role\'s AuthorizedPrivileges to specific target "
+ "resources." )]
+class CIM_AuthorizedTarget {
+
+ [Key, Description (
+ "The AuthorizedPrivilege affecting the target resource." )]
+ CIM_AuthorizedPrivilege REF Privilege;
+
+ [Key, Description (
+ "The target set of resources to which the "
+ "AuthorizedPrivilege applies." )]
+ CIM_ManagedElement REF TargetElement;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_AuthorizedUse.mof b/Schemas/CIM236/DMTF/User/CIM_AuthorizedUse.mof
new file mode 100644
index 0000000..795b2a9
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_AuthorizedUse.mof
@@ -0,0 +1,24 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "No value" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::AccessControl" ),
+ Description (
+ "CIM_AuthorizedUse is an association used to provide an "
+ "AuthorizationService with the AccessControlInformation it "
+ "needs to do its job. This association is deprecated with no "
+ "proposed replacement, since authorization processing will be "
+ "handled via policy or static checking of Privileges." )]
+class CIM_AuthorizedUse : CIM_Dependency {
+
+ [Deprecated { "No value" },
+ Override ( "Antecedent" ),
+ Description ( "Access Control Information." )]
+ CIM_AccessControlInformation REF Antecedent;
+
+ [Deprecated { "No value" },
+ Override ( "Dependent" ),
+ Description ( "AuthorizationService that uses an ACI." )]
+ CIM_AuthorizationService REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CAHasPublicCertificate.mof b/Schemas/CIM236/DMTF/User/CIM_CAHasPublicCertificate.mof
new file mode 100644
index 0000000..0ff3c00
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CAHasPublicCertificate.mof
@@ -0,0 +1,21 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "A CertificateAuthority may have certificates issued by other "
+ "CAs or self-signed. This association is essentially an "
+ "optimization of the CA having an external identity established "
+ "by itself or another Authority. This maps closely to "
+ "LDAP-based certificate authority implementations." )]
+class CIM_CAHasPublicCertificate : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Description ( "The Certificate used by the CA." )]
+ CIM_PublicKeyCertificate REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Description ( "The CA that uses a Certificate." )]
+ CIM_CertificateAuthority REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CASignsPublicKeyCertificate.mof b/Schemas/CIM236/DMTF/User/CIM_CASignsPublicKeyCertificate.mof
new file mode 100644
index 0000000..0c4d63f
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CASignsPublicKeyCertificate.mof
@@ -0,0 +1,41 @@
+// Copyright (c) 2007, DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_ServiceAffectsElement" },
+ Version ( "2.16.0" ),
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "This relationship associates a CertificateAuthority with the "
+ "certificates it signs." )]
+class CIM_CASignsPublicKeyCertificate : CIM_ManagedCredential {
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectingElement" },
+ Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The CA which signed the certificate." )]
+ CIM_CertificateAuthority REF Antecedent;
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectedElement" },
+ Override ( "Dependent" ),
+ Weak, Description ( "The certificate issued by the CA." )]
+ CIM_PublicKeyCertificate REF Dependent;
+
+ [Deprecated { "No value" },
+ Description ( "The Serial Number." )]
+ string SerialNumber;
+
+ [Deprecated { "No value" },
+ Description ( "The Signature." ),
+ OctetString]
+ uint8 Signature[];
+
+ [Deprecated { "CIM_Credential.Expires" },
+ Description ( "The time it expires." )]
+ datetime Expires;
+
+ [Deprecated { "No value" },
+ Description (
+ "The Authority\'s revocation list distribution points." )]
+ string CRLDistributionPoint[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CertificateAuthority.mof b/Schemas/CIM236/DMTF/User/CIM_CertificateAuthority.mof
new file mode 100644
index 0000000..18103f7
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CertificateAuthority.mof
@@ -0,0 +1,62 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "A Certificate Authority (CA) is a credential management "
+ "service that issues and cryptographically signs certificates. "
+ "It acts as an trusted third-party intermediary in establishing "
+ "trust relationships. The CA authenticates the identity of the "
+ "holder of the \'private\' key, related to the certificate\'s "
+ "\'public\' key." )]
+class CIM_CertificateAuthority : CIM_CredentialManagementService {
+
+ [Description (
+ "The CAPolicyStatement describes what care is taken by "
+ "the CertificateAuthority when signing a new certificate. "
+ "The CAPolicyStatment may be a dot-delimited ASN.1 OID "
+ "string which identifies to the formal policy statement." )]
+ string CAPolicyStatement;
+
+ [Description (
+ "A CRL, or CertificateRevocationList, is a list of "
+ "certificates which the CertificateAuthority has revoked "
+ "and which are not yet expired. Revocation is necessary "
+ "when the private key associated with the public key of a "
+ "certificate is lost or compromised, or when the person "
+ "for whom the certificate is signed no longer is entitled "
+ "to use the certificate." ),
+ OctetString]
+ string CRL[];
+
+ [Description (
+ "Certificate revocation lists may be available from a "
+ "number of distribution points. CRLDistributionPoint "
+ "array values provide URIs for those distribution points." )]
+ string CRLDistributionPoint[];
+
+ [Description (
+ "Certificates refer to their issuing CA by its "
+ "Distinguished Name (as defined in X.501)." ),
+ Dn]
+ string CADistinguishedName;
+
+ [Description (
+ "The frequency, expressed in hours, at which the CA will "
+ "update its Certificate Revocation List. Zero implies "
+ "that the refresh frequency is unknown." ),
+ Units ( "Hours" ),
+ PUnit ( "hour" )]
+ uint8 CRLRefreshFrequency;
+
+ [Description (
+ "The maximum number of certificates in a certificate "
+ "chain permitted for credentials issued by this "
+ "certificate authority or it\'s subordinate CAs. \n"
+ "The MaxChainLength of a superior CA in the trust "
+ "hierarchy should be greater than this value and the "
+ "MaxChainLength of a subordinate CA in the trust "
+ "hierarchy should be less than this value." )]
+ uint8 MaxChainLength;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CertificateManagementCapabilities.mof b/Schemas/CIM236/DMTF/User/CIM_CertificateManagementCapabilities.mof
new file mode 100644
index 0000000..c405986
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CertificateManagementCapabilities.mof
@@ -0,0 +1,87 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_CertificateManagementCapabilities describes the "
+ "capabilities of the associated "
+ "CIM_CertificateManagementService instance(s)." )]
+class CIM_CertificateManagementCapabilities : CIM_CredentialManagementCapabilities {
+
+ [Override ( "SupportedMethods" ),
+ Description (
+ "Each enumeration corresponds to support for the "
+ "like-named method of the associated "
+ "CIM_CertificateManagementService instance(s) for the "
+ "exception of \"DeleteCredentialInstance\" that refers to "
+ "the capability of executing delete operation on the "
+ "instances of the CIM_Credential subclasses." ),
+ ValueMap { "2", "3", "4", "101", "102", "103", "104", "105",
+ "106", "107", "..", "0x8000.." },
+ Values { "ImportPublicPrivateKeyPair", "CreateKeystore",
+ "DeleteCredentialInstance",
+ "CreatCertificateSigningRequest",
+ "CreateSelfSignedCertificate",
+ "ImportEncodedCertificates", "ImportCertificates",
+ "ExportEncodedCertificate", "ApplyCRL", "ApplyDecodedCRL",
+ "DMTF Reserved", "Vendor Specific" }]
+ uint16 SupportedMethods[];
+
+ [Description (
+ "If the AsymmetricKeyGeneration is TRUE, this property "
+ "specifies the possible key algorithms that are supported "
+ "by the methods that generate public/private key pairs in "
+ "the associated CIM_CertificateManagementService "
+ "instance(s)." ),
+ ValueMap { "2", "3", "4", "..", "32768..65535" },
+ Values { "RSA", "DSA", "ECDSA", "DMTF Rserved",
+ "Vendor Reserved" }]
+ uint16 KeyAlgorithmSupported[];
+
+ [Description (
+ "The InputFormatsSupported represents the supported input "
+ "formats for the certificate(s) and Certificate "
+ "Revocation List by the methods in the associated "
+ "CIM_CertificateManagementService instance(s)." ),
+ ValueMap { "2", "3", "4", "5", "..", "32768..65535" },
+ Values { "DER", "PEM", "PKCS7", "PKCS12", "DMTF Rserved",
+ "Vendor Reserved" }]
+ uint16 InputFormatsSupported[];
+
+ [Description (
+ "The OutputFormatsSupported represents the supported "
+ "output formats for the certificate(s) and Certificate "
+ "Revocation List by the methods in the associated "
+ "CIM_CertificateManagementService instance(s)." ),
+ ValueMap { "2", "3", "4", "5", "..", "32768..65535" },
+ Values { "DER", "PEM", "PKCS7", "PKCS12", "DMTF Rserved",
+ "Vendor Reserved" }]
+ uint16 OutputFormatsSupported[];
+
+ [Description (
+ "AsymmetricKeyGeneration property represents the "
+ "capability of the instrumentation to generate asymmetric "
+ "public/private key pair." )]
+ boolean AsymmetricKeyGeneration;
+
+ [Description (
+ "The SupportedSignatureAlgorithms represents the "
+ "supported signature algorithms for the certificate(s) "
+ "and Certificate Revocation List by the methods in the "
+ "associated CIM_CertificateManagementService instance(s). "
+ "This property covers the algorithms specified in the "
+ "RFC3279." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11", "12", "13", "14", "15", "16", "17", "18", "19",
+ "1920..32767", "32768..65535" },
+ Values { "Other", "SHA1withDSA", "SHA1withECDSA",
+ "SHA224withECDSA", "SHA256withECDSA", "SHA384withECDSA",
+ "SHA512withECDSA", "GOST3411withGOST3410",
+ "GOST3411withECGOST3410", "MD2withRSA", "MD5withRSA",
+ "SHA1withRSA", "SHA224withRSA", "SHA256withRSA",
+ "SHA384withRSA", "SHA512withRSA", "RIPEMD160withRSA",
+ "RIPEMD128withRSA", "RIPEMD256withRSA", "DMTF Reserved",
+ "Vendor Reserved" }]
+ uint16 SupportedSignatureAlgorithms[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CertificateManagementService.mof b/Schemas/CIM236/DMTF/User/CIM_CertificateManagementService.mof
new file mode 100644
index 0000000..68ee38e
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CertificateManagementService.mof
@@ -0,0 +1,607 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ ClassConstraint {
+ "/* The constraints below aim to efficiently */ /* represent a singular OctetString. Each of the properties*/ /* is a single encoded string, thus only the first element */ /* needs to be populated. */ inv:self.CreateCertificateSigningRequest.Subject->size()<=1 and self.CreateCertificateSigningRequest.AltSubject->size()<=1 and self.CreateCertificateSigningRequest.CSR->size()=1 and self.CreateSelfSignedCertificate.Subject->size()<=1 and self.CreateSelfSignedCertificate.AltSubject->size()<=1 and self.ImportEncodedCertificates.EncodedCertificates->size()=1 and self.ApplyCRL.EncodedCRL->size()=1 and self.ExportEncodedCertificates.EncodedCertificates->size()=1" },
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_CertificateManagementService is used for managing X509 "
+ "based certificates." )]
+class CIM_CertificateManagementService : CIM_KeyBasedCredentialManagementService {
+
+
+ [Description (
+ "This method is called to request a Certificate Signing "
+ "Request (CSR) based on the Distinguished Name provided "
+ "through Subject parameter. The CSR utilizes PKCS#10 "
+ "structure as defined in RFC2986. If either Subject "
+ "parameter or AltSubject parameter are NULL, the method "
+ "shall return 2 (Error Occured). If the "
+ "PublicPrivateKeyPair parameter is NULL, then 1) "
+ "PublicKeyAlgorithm shall specify the algorithm to be "
+ "used for the public key, 2) the PublicKeySize shall "
+ "specify the length for the public key in bits. If the "
+ "PublicPrivateKeyPair parameter is NOT NULL then the "
+ "following requirements shall apply: 1) the "
+ "PublicKeyAlgorithm shall be NULL, 2) the PublicKeySize "
+ "shall be NULL, 3) the PublicPrivateKeyPair shall "
+ "reference an instance of CIM_UnsignedCredential "
+ "representing the public/ private key pair to be used for "
+ "the CSR. The OutputFormat parameter shall specify the "
+ "output format of the CSR. If the OutputFormat parameter "
+ "has a value that is not equal to any values in the "
+ "OutputFormatsSupported property on the associated "
+ "CIM_CertificateManagementCapabilities instance, then the "
+ "method shall return 2 (Error Occured). Upon the "
+ "successful execution, the CSR output parameter shall "
+ "contain the CSR in PKCS#10 structure." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "..", "4096",
+ "4097..32767", "32768..65535" },
+ Values { "Completed with No Error", "Not Supported",
+ "Error Occured", "Busy", "Invalid Reference",
+ "Invalid Parameter", "Access Denied", "DMTF Reserved",
+ "Job Started", "Method Reserved", "Vendor Specified" }]
+ uint32 CreateCertificateSigningRequest(
+ [IN, Description (
+ "Subject shall contain information as required by "
+ "section 4.1.2.6 of RFC 3280 and shall be formatted "
+ "based on RFC 4514. An example of the value of the "
+ "Subject parameter could be \"CN=Marshall T. Rose, "
+ "O=Dover Beach Consulting, L=Santa Clara, "
+ "ST=California, C=US\"." ),
+ DN]
+ string Subject,
+ [IN, Description (
+ "Alternate subject identifier for the Certificate "
+ "as specified by section 4.2.1.8 of RFC 3280." )]
+ string AltSubject,
+ [IN, Description (
+ "The PublicKeyAlgorithm specifies the algorithm to "
+ "be used for the public key." ),
+ ValueMap { "2", "3", "4", "..", "32768..65535" },
+ Values { "RSA", "DSA", "ECDSA", "DMTF Reserved",
+ "Vendor Reserved" }]
+ uint16 PublicKeyAlgorithm,
+ [IN, Description (
+ "The PublicKeySize shall specify the length for the "
+ "public key in bits." ),
+ PUNIT ( "bit" )]
+ uint16 PublicKeySize,
+ [IN, Description (
+ "The PublicPrivateKeyPair parameter specifies a "
+ "reference to an instance of CIM_UnsignedCredential "
+ "which represents a public private key pair to be "
+ "utilized by the CSR.The CIM_UnsignedCredential "
+ "instance PublicKey and PublicKeyEncoding "
+ "properties shall not be NULL." )]
+ CIM_UnsignedCredential REF PublicPrivateKeyPair,
+ [In, Description (
+ "The ExtendedKeyUsageValue indicates one or more "
+ "purposes for which the certified public key may be "
+ "used in the type specified by the "
+ "ExtendedKeyUsageType parameter." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_CertificateManagementService.CreateCertificateSigningRequest.ExtendedKeyUsageType" }]
+ string ExtendedKeyUsageValue[],
+ [In, Description (
+ "Describes the type for ExtendedKeyUsageValue based "
+ "on the ASN.1 GeneralName types." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9",
+ "..", "32768..65535" },
+ Values { "other", "rfc822Name", "dNSName",
+ "x400Address", "directoryName", "ediPartyName",
+ "uniformResourceIdentifier", "iPAddress",
+ "registeredID", "DMTF Reserved", "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_CertificateManagementService.CreateCertificateSigningRequest.ExtendedKeyUsageValue" }]
+ uint16 ExtendedKeyUsageType[],
+ [In, Description (
+ "The SignatureAlgorithm parameter defines the "
+ "signature algorithm used to sign the "
+ "CertificateRequestInfo as part of the CSR as "
+ "defined in RFC 2986. This parameter covers the "
+ "algorithms specified in the RFC3279." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9",
+ "10", "11", "12", "13", "14", "15", "16", "17",
+ "18", "19", "20..32767", "32768..65535" },
+ Values { "Other", "SHA1withDSA", "SHA1withECDSA",
+ "SHA224withECDSA", "SHA256withECDSA",
+ "SHA384withECDSA", "SHA512withECDSA",
+ "GOST3411withGOST3410", "GOST3411withECGOST3410",
+ "MD2withRSA", "MD5withRSA", "SHA1withRSA",
+ "SHA224withRSA", "SHA256withRSA", "SHA384withRSA",
+ "SHA512withRSA", "RIPEMD160withRSA",
+ "RIPEMD128withRSA", "RIPEMD256withRSA",
+ "DMTF Reserved", "Vendor Reserved" }]
+ uint16 SignatureAlgorithm,
+ [Required, IN, Description (
+ "The OutputFormat property represents the requested "
+ "format of the Certificate Signing Request." ),
+ ValueMap { "2", "3", "..", "32768..65535" },
+ Values { "PEM", "DER", "DMTF Reserved",
+ "Vendor Reserved" }]
+ uint16 OutputFormat,
+ [IN ( false ), OUT, Description (
+ "Contains a reference to the ConcreteJob created to "
+ "track the execution initiated by the method "
+ "invocation. If the method returns 4096 - job "
+ "started, then the parameter shall not have NULL "
+ "value." )]
+ CIM_ConcreteJob REF Job,
+ [Required, IN ( false ), OUT, Description (
+ "The CSR parameter is an output parameter that upon "
+ "successful exection of this method will contain "
+ "the formated Certificate Signing Request.Only the "
+ "first element of the array property shall be "
+ "populated." ),
+ OctetString]
+ string CSR[]);
+
+ [Description (
+ "This method is called to generate to generate a "
+ "self-signed certificate. If either Subject parameter or "
+ "AltSubject parameter are NULL, the method shall return 2 "
+ "(Error Occured). If the PublicPrivateKeyPair parameter "
+ "is NULL, the following numbered requirements shall "
+ "apply: 1) the PublicKeyAlgorithm shall be non-NULL and "
+ "specify the algorithm to be used for the public key, 3) "
+ "the PublicKeySize shall be non-NULL and specify the "
+ "length for the public key in bits. If the "
+ "PublicPrivateKeyPair parameter is not NULL, the "
+ "following numbered requirements shall apply: 1) the "
+ "PublicKeyAlgorithm shall be NULL, 2) the PublicKeySize "
+ "shall be NULL, 3) the PublicPrivateKeyPair shall "
+ "reference an instance of CIM_UnsignedCredential "
+ "representing the public/ private key pair to be used for "
+ "the self signed certificate. Upon successful execution "
+ "the reference to the newly created instance of "
+ "CIM_X509Certificate shall be returned in the "
+ "NewCertificate parameter which represents the "
+ "self-signed certificate with the public/private key pair "
+ "of the size specified by the KeySize parameter. If the "
+ "Keystore parameter is not NULL, this instance shall be "
+ "associated to the instance of CIM_Keystore referenced by "
+ "the Keystore parameter through CIM_MemberOfCollection "
+ "association. If the CredentialContext parameter is not "
+ "NULL, the newly created instance shall be associated "
+ "with the instance of CIM_ManagedElement referenced by "
+ "the CredentialContext parameter through "
+ "CIM_CredentialContext association. If the "
+ "CredentialContext parameter is NULL, the newly created "
+ "instance shall not be associated with the instance of "
+ "CIM_ManagedElement through CIM_CredentialContext "
+ "association." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "..", "4096",
+ "4097..32767", "32768..65535" },
+ Values { "Completed with No Error", "Not Supported",
+ "Error Occured", "Busy", "Invalid Reference",
+ "Invalid Parameter", "Access Denied", "DMTF Reserved",
+ "Job Started", "Method Reserved", "Vendor Specified" }]
+ uint32 CreateSelfSignedCertificate(
+ [IN, Description (
+ "Subject shall contain the information as required "
+ "by section 4.1.2.6 of RFC 3280 and shall be "
+ "formatted based on RFC 4514. An example of the "
+ "value of the Subject parameter could be "
+ "\"CN=Marshall T. Rose, O=Dover Beach Consulting, "
+ "OU=Sales, L=Santa Clara, ST=California, C=US\"." ),
+ DN]
+ string Subject,
+ [IN, Description (
+ "Alternate subject identifier for the Certificate "
+ "as specified by section 4.2.1.8 of RFC 3280." )]
+ string AltSubject,
+ [IN, Description (
+ "The PublicKeyAlgorithm specifies the algorithm to "
+ "be used for the public key." ),
+ ValueMap { "2", "3", "4", "..", "32768..65535" },
+ Values { "RSA", "DSA", "ECDSA", "DMTF Reserved",
+ "Vendor Reserved" }]
+ uint16 PublicKeyAlgorithm,
+ [IN, Description (
+ "The PublicKeySize shall specify the length for the "
+ "public key in bits. The value shall be of power of "
+ "2." ),
+ PUNIT ( "bit" )]
+ uint16 PublicKeySize,
+ [IN, Description (
+ "The PublicPrivateKeyPair parameter specifies a "
+ "reference to an instance of CIM_UnsignedCredential "
+ "which represents a public private key pair to be "
+ "utilized by the newly created selef signed "
+ "certificate. The PublicKey and "
+ "PublicKeyEncodingproperties of the instance of "
+ "CIM_UnsignedCredentialshall be Non-NULL." )]
+ CIM_UnsignedCredential REF PublicPrivateKeyPair,
+ [IN, Description (
+ "The Keystore parameter denotes the reference to "
+ "the instance of CIM_Keystore that represents the "
+ "key store where the new certificate will be added." )]
+ CIM_Keystore REF Keystore,
+ [IN, Description (
+ "The managed element that represents the user or "
+ "owner or the scoping element of the certificate. "
+ "Such managed element could be the web service that "
+ "owns the certificate or uses it for verification "
+ "or account that the certificate is scoped to." )]
+ CIM_ManagedElement REF CredentialContext,
+ [IN, Description (
+ "The usage of the certificate by the managed "
+ "element that the certificate is for or is scoped "
+ "to." ),
+ ValueMap { "2", "3", "4", "6", "7", "8", "..",
+ "32768..65535" },
+ Values { "Owned", "Trusted",
+ "Trusted for Authentication",
+ "Trusted for Authorization",
+ "Trusted for Authentication/Authorization",
+ "Trusted for Third-Party Authentication/Authorization",
+ "DMTF Reserved", "Vendor Reserved" },
+ ModelCorrespondence { "CIM_CredentialContext.Usage" }]
+ uint16 Usage,
+ [In, Description (
+ "The SignatureAlgorithm parameter defines the "
+ "signature algorithm used to sign the "
+ "TBSCertificate as defined in RFC 3280. This "
+ "parameter covers the algorithms specified in the "
+ "RFC3279." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9",
+ "10", "11", "12", "13", "14", "15", "16", "17",
+ "18", "19", "20..32767", "32768..65535" },
+ Values { "Other", "SHA1withDSA", "SHA1withECDSA",
+ "SHA224withECDSA", "SHA256withECDSA",
+ "SHA384withECDSA", "SHA512withECDSA",
+ "GOST3411withGOST3410", "GOST3411withECGOST3410",
+ "MD2withRSA", "MD5withRSA", "SHA1withRSA",
+ "SHA224withRSA", "SHA256withRSA", "SHA384withRSA",
+ "SHA512withRSA", "RIPEMD160withRSA",
+ "RIPEMD128withRSA", "RIPEMD256withRSA",
+ "DMTF Reserved", "Vendor Reserved" }]
+ uint16 SignatureAlgorithm,
+ [IN ( false ), OUT, Description (
+ "Contains a reference to the ConcreteJob created to "
+ "track the execution initiated by the method "
+ "invocation. If the method returns 4096 - job "
+ "started, then the parameter shall not have NULL "
+ "value." )]
+ CIM_ConcreteJob REF Job,
+ [IN ( false ), OUT, Description (
+ "Reference to the newly created instance of "
+ "CIM_X509Certificate representing the self signed "
+ "certificate." )]
+ CIM_X509Certificate REF SelfSignedCertificate);
+
+ [Description (
+ "This method is called to import a certificate or a "
+ "certificate chain using the certificate\'s encoded "
+ "representation. Upon successful execution the array of "
+ "references to the instance(s) of CIM_X509Certificate "
+ "representing the imported certificate or certificate "
+ "chain shall be returned inside the NewCertificates "
+ "output parameter. If the Keystore parameter is not NULL, "
+ "the newly created instance(s) of CIM_X509Certificate "
+ "shall be associated to the instance of the CIM_Keystore "
+ "referenced in the Keystore parameter. If the "
+ "CredentialContext parameter is not NULL, the newly "
+ "created instance(s) of the CIM_X509Certificate shall be "
+ "associated to the insatnces of CIM_ManagedElement "
+ "referenced in the CredentialContext property through the "
+ "CIM_CredentialContext association. If the "
+ "CredentialContext parameter is NULL, the newly created "
+ "instance(s) of the CIM_X509Certificate shall not be "
+ "associated to the insatnces of CIM_ManagedElement "
+ "through the CIM_CredentialContext association." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "..", "4096",
+ "4097..32767", "32768..65535" },
+ Values { "Completed with No Error", "Not Supported",
+ "Error Occured", "Busy", "Invalid Reference",
+ "Invalid Parameter", "Access Denied", "DMTF Reserved",
+ "Job Started", "Method Reserved", "Vendor Specified" }]
+ uint32 ImportEncodedCertificates(
+ [Required, IN, Description (
+ "An array of strings representing octet string of "
+ "an encoded certificate or certificate chain to be "
+ "imported. Only the first element of the array "
+ "property shall be populated, even if a certificate "
+ "chain is imported." ),
+ OctetString]
+ string EncodedCertificates[],
+ [Required, IN, Description (
+ "The Format shall specify the format for the "
+ "encoding that is used by octet string "
+ "EncodedCertificates parameter." ),
+ ValueMap { "2", "3", "4", "5", "..", "32768..65535" },
+ Values { "DER", "PEM", "PKCS7", "PKCS12",
+ "DMTF Reserved", "Vendor Reserved" }]
+ uint16 Format,
+ [IN, Description (
+ "The Keystore parameter denotes the reference to "
+ "the instance of CIM_Keystore that represents the "
+ "key store where the new certificate or certificate "
+ "chain will be added." )]
+ CIM_Keystore REF Keystore,
+ [IN, Description (
+ "The managed element that represents the user or "
+ "owner or the scoping element of the "
+ "certificate(s). Such managed element could be the "
+ "web service that owns the certificate(s) or uses "
+ "it for verification or account that the "
+ "certificate is scoped to." )]
+ CIM_ManagedElement REF CredentialContext,
+ [IN, Description (
+ "The usage of the certificate by the managed "
+ "element that the certificate is for or is scoped "
+ "to. If a certificate chain is imported, the "
+ "sequence of elements in the Usage array shall "
+ "correspond to the sequence of the certificates in "
+ "the EncodedCertificates octet string parameter." ),
+ ValueMap { "2", "3", "4", "6", "7", "8", "..",
+ "32768..65535" },
+ Values { "Owned", "Trusted",
+ "Trusted for Authentication",
+ "Trusted for Authorization",
+ "Trusted for Authentication/Authorization",
+ "Trusted for Third-Party Authentication/Authorization",
+ "DMTF Reserved", "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence { "CIM_CredentialContext.Usage",
+ "CIM_CertificateManagementService.ImportEncodedCertificates.NewCertificates" }]
+ uint16 Usage[],
+ [IN ( false ), OUT, Description (
+ "Contains a reference to the ConcreteJob created to "
+ "track the execution initiated by the method "
+ "invocation. If the method returns 4096 - job "
+ "started, then the parameter shall not have NULL "
+ "value." )]
+ CIM_ConcreteJob REF Job,
+ [Required, IN ( false ), OUT, Description (
+ "Reference to the newly created instance of "
+ "CIM_X509Certificate representing the imported "
+ "certificate or certificate chain." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_CertificateManagementService.ImportEncodedCertificates.Usage" }]
+ CIM_X509Certificate REF NewCertificates[]);
+
+ [Description (
+ "This method is called to import a certificate or a "
+ "certificate chain using an array of embedded instance of "
+ "CIM_X509Certificate. Upon successful execution the array "
+ "of references to the instance(s) of CIM_X509Certificate "
+ "representing the imported certificate or certificate "
+ "chain shall be returned by the NewCertificates output "
+ "parameter. If the Keystore parameter is not NULL, the "
+ "newly created instance(s) of CIM_X509Certificate shall "
+ "be associated to the instance of the CIM_Keystore "
+ "referenced in the Keystore parameter. If the "
+ "CredentialContext parameter is not NULL, the newly "
+ "created instance(s) of the CIM_X509Certificate shall be "
+ "associated to the insatnces of CIM_ManagedElement "
+ "referenced in the CredentialContext property through the "
+ "CIM_CredentialContext association.If the "
+ "CredentialContext parameter is NULL, the newly created "
+ "instance(s) of the CIM_X509Certificate shall not be "
+ "associated to the insatnces of CIM_ManagedElement "
+ "through the CIM_CredentialContext association." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "..", "4096",
+ "4097..32767", "32768..65535" },
+ Values { "Completed with No Error", "Not Supported",
+ "Error Occured", "Busy", "Invalid Reference",
+ "Invalid Parameter", "Access Denied", "DMTF Reserved",
+ "Job Started", "Method Reserved", "Vendor Specified" }]
+ uint32 ImportCertificates(
+ [Required, IN, Description (
+ "An array of embedded instance(s) of "
+ "CIM_X509Certificate that contains the necessary "
+ "information to import a certificate or a "
+ "certificate chain." ),
+ EmbeddedInstance ( "CIM_X509Certificate" )]
+ string InputCertificates[],
+ [IN, Description (
+ "The Keystore parameter denotes the reference to "
+ "the instance of CIM_Keystore that represents the "
+ "key store where the new certificate or certificate "
+ "chain will be added." )]
+ CIM_Keystore REF Keystore,
+ [IN, Description (
+ "The managed element that represents the user or "
+ "owner or the scoping element of the "
+ "certificate(s). Such managed element could be the "
+ "web service that owns the certificate(s) or uses "
+ "it for verification or account that the "
+ "certificate is scoped to." )]
+ CIM_ManagedElement REF CredentialContext,
+ [IN, Description (
+ "The usage of the certificate by the managed "
+ "element that the certificate is for or is scoped "
+ "to. If a certificate chain is imported, the "
+ "sequence of elements in the Usage array shall "
+ "correspond to the sequence of the certificates in "
+ "the InputCertificates array parameter." ),
+ ValueMap { "2", "3", "4", "6", "7", "8", "..",
+ "32768..65535" },
+ Values { "Owned", "Trusted",
+ "Trusted for Authentication",
+ "Trusted for Authorization",
+ "Trusted for Authentication/Authorization",
+ "Trusted for Third-Party Authentication/Authorization",
+ "DMTF Reserved", "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence { "CIM_CredentialContext.Usage",
+ "CIM_CertificateManagementService.ImportCertificates.InputCertificates",
+ "CIM_CertificateManagementService.ImportCertificates.Usage" }]
+ uint16 Usage[],
+ [IN ( false ), OUT, Description (
+ "Contains a reference to the ConcreteJob created to "
+ "track the execution initiated by the method "
+ "invocation. If the method returns 4096 - job "
+ "started, then the parameter shall not have NULL "
+ "value." )]
+ CIM_ConcreteJob REF Job,
+ [Required, IN ( false ), OUT, Description (
+ "Reference to the newly created instance of "
+ "CIM_X509Certificate representing the imported "
+ "certificate or certificate chain." )]
+ CIM_X509Certificate REF NewCertificates[]);
+
+ [Description (
+ "This method is called to export a certificate or a "
+ "certificate chain using the certificate\'s encoded "
+ "representation. Upon successful execution the array of "
+ "unsigned integers representing octet string of the "
+ "exported certificate or certificate chain shall be "
+ "returned inside the EncodedCertificates output parameter "
+ "based on the encoding specified in the EncodingFormat "
+ "parameter." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "..", "4096",
+ "4097..32767", "32768..65535" },
+ Values { "Completed with No Error", "Not Supported",
+ "Error Occured", "Busy", "Invalid Reference",
+ "Invalid Parameter", "Access Denied", "DMTF Reserved",
+ "Job Started", "Method Reserved", "Vendor Specified" }]
+ uint32 ExportEncodedCertificates(
+ [Required, IN, Description (
+ "Reference to the instance(s) of "
+ "CIM_SignedCredential representing the certificate "
+ "or certificate chain to be exported." )]
+ CIM_X509Certificate REF CertificatesToExport[],
+ [Required, IN, Description (
+ "The Format parameter specifies the format of the "
+ "octet string EncodedCertificates parameter." ),
+ ValueMap { "2", "3", "4", "5", "..", "32768..65535" },
+ Values { "DER", "Base64", "PKCS7", "PKCS12",
+ "DMTF Reserved", "Vendor Reserved" }]
+ uint16 Format,
+ [IN ( false ), OUT, Description (
+ "Contains a reference to the ConcreteJob created to "
+ "track the execution initiated by the method "
+ "invocation. If the method returns 4096 - job "
+ "started, then the parameter shall not have NULL "
+ "value." )]
+ CIM_ConcreteJob REF Job,
+ [Required, IN ( false ), OUT, Description (
+ "An array of strings representing octet string of "
+ "an exported encoded certificate or certificate "
+ "chain. Only the first element of the array "
+ "property shall be populated, even if a certificate "
+ "chain is exported." ),
+ OctetString]
+ string EncodedCertificates[]);
+
+ [Description (
+ "This method is called to apply Certificate Revocation "
+ "List (CRL) using an encoded format. Upon successful "
+ "execution the references to the instance(s) of "
+ "CIM_X509CRL representing the applied CRL shall be "
+ "returned inside the AppliedCRL output parameter. If the "
+ "Keystore parameter is not NULL, the newly created "
+ "instance(s) of CIM_X509CRL shall be associated to the "
+ "instance of the CIM_Keystore referenced in the Keystore "
+ "parameter. The newly created instance(s) of the "
+ "CIM_X509CRL shall be associated to the insatnces of "
+ "CIM_ManagedElement referenced in the CredentialContext "
+ "property through the CIM_CredentialContext association." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "..", "4096",
+ "4097..32767", "32768..65535" },
+ Values { "Completed with No Error", "Not Supported",
+ "Error Occured", "Busy", "Invalid Reference",
+ "Invalid Parameter", "Access Denied", "DMTF Reserved",
+ "Job Started", "Method Reserved", "Vendor Specified" }]
+ uint32 ApplyCRL(
+ [Required, IN, Description (
+ "An array of unsigned integers representing octet "
+ "string of an encoded CRL to be applied. Only the "
+ "first element of the array property shall be "
+ "populated." ),
+ OctetString]
+ string EncodedCRL[],
+ [Required, IN, Description (
+ "The Format shall specify the format for the "
+ "encoding that is used by octet string EncodedCRL "
+ "parameter." ),
+ ValueMap { "2", "3", "4", "5", "..", "32768..65535" },
+ Values { "DER", "PEM", "PKCS7", "PKCS12",
+ "DMTF Reserved", "Vendor Reserved" }]
+ uint16 Format,
+ [IN, Description (
+ "The Keystore parameter denotes the reference to "
+ "the instance of CIM_Keystore that represents the "
+ "key store where the CRL will be applied." )]
+ CIM_Keystore REF Keystore,
+ [Required, IN, Description (
+ "The managed element that represents the service or "
+ "the managed element for which the certificates "
+ "were revoked by the application of the CRL." )]
+ CIM_ManagedElement REF CredentialContext,
+ [IN ( false ), OUT, Description (
+ "Contains a reference to the ConcreteJob created to "
+ "track the execution initiated by the method "
+ "invocation. If the method returns 4096 - job "
+ "started, then the parameter shall not have NULL "
+ "value." )]
+ CIM_ConcreteJob REF Job,
+ [Required, IN ( false ), OUT, Description (
+ "Reference to the newly created instance of "
+ "CIM_X509CRL representing the applied CRL." )]
+ CIM_X509CRL REF AppliedCRL);
+
+ [Description (
+ "This method is called to apply Certificate Revocation "
+ "List (CRL) using the decoded format. Upon successful "
+ "execution the references to the instance(s) of "
+ "CIM_X509CRL representing the applied CRL shall be "
+ "returned inside the AppliedCRL output parameter. If the "
+ "Keystore parameter is not NULL, the newly created "
+ "instance(s) of CIM_X509CRL shall be associated to the "
+ "instance of the CIM_Keystore referenced in the Keystore "
+ "parameter. The newly created instance(s) of the "
+ "CIM_X509CRL shall be associated to the insatnces of "
+ "CIM_ManagedElement referenced in the CredentialContext "
+ "property through the CIM_CredentialContext association." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "..", "4096",
+ "4097..32767", "32768..65535" },
+ Values { "Completed with No Error", "Not Supported",
+ "Error Occured", "Busy", "Invalid Reference",
+ "Invalid Parameter", "Access Denied", "DMTF Reserved",
+ "Job Started", "Method Reserved", "Vendor Specified" }]
+ uint32 ApplyDecodedCRL(
+ [Required, IN, Description (
+ "Issuer represents the information about the issuer "
+ "of the CRL. The Issuer property shall contain "
+ "information as required by section 4.1.2.4 of RFC "
+ "3280 and shall be formatted based on RFC 4514. An "
+ "example of the value of the Subject parameter "
+ "could be \"CN=Marshall T. Rose, O=Dover Beach "
+ "Consulting, OU=Sales, L=Santa Clara, "
+ "ST=California, C=US\"." ),
+ DN]
+ string Issuer,
+ [Required, IN, Description (
+ "An array of serial numbers of X.509 certificates "
+ "that are part of CRL." ),
+ OctetString]
+ string SerialNumbers[],
+ [IN, Description (
+ "The Keystore parameter denotes the reference to "
+ "the instance of CIM_Keystore that represents the "
+ "key store where the CRL will be applied." )]
+ CIM_Keystore REF Keystore,
+ [Required, IN, Description (
+ "The managed element that represents the service or "
+ "the managed element for which the certificates "
+ "were revoked by the application of the CRL." )]
+ CIM_ManagedElement REF CredentialContext,
+ [IN ( false ), OUT, Description (
+ "Contains a reference to the ConcreteJob created to "
+ "track the execution initiated by the method "
+ "invocation. If the method returns 4096 - job "
+ "started, then the parameter shall not have NULL "
+ "value." )]
+ CIM_ConcreteJob REF Job,
+ [Required, IN ( false ), OUT, Description (
+ "Reference to the newly created instance of "
+ "CIM_X509CRL representing the applied CRL." )]
+ CIM_X509CRL REF AppliedCRL);
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CollectionInOrganization.mof b/Schemas/CIM236/DMTF/User/CIM_CollectionInOrganization.mof
new file mode 100644
index 0000000..4cacf0b
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CollectionInOrganization.mof
@@ -0,0 +1,21 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Aggregation, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "CIM_CollectionInOrganization is an association used to "
+ "establish a parent-child relationship between a collection and "
+ "an \'owning\' OrganizationalEntity. A single collection should "
+ "not have both a CollectionInOrganization and a "
+ "CollectionInSystem association." )]
+class CIM_CollectionInOrganization {
+
+ [Key, Aggregate, Max ( 1 ),
+ Description (
+ "The parent organization responsible for the collection." )]
+ CIM_OrganizationalEntity REF Parent;
+
+ [Key, Description ( "The collection." )]
+ CIM_Collection REF Child;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CollectionInSystem.mof b/Schemas/CIM236/DMTF/User/CIM_CollectionInSystem.mof
new file mode 100644
index 0000000..37c8354
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CollectionInSystem.mof
@@ -0,0 +1,21 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Aggregation, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "CIM_CollectionInSystem is an association used to establish a "
+ "parent-child relationship between a collection and an \'owning\' "
+ "System such as an AdminDomain or ComputerSystem. A single "
+ "collection should not have both a CollectionInOrganization and "
+ "a CollectionInSystem association." )]
+class CIM_CollectionInSystem {
+
+ [Key, Aggregate, Max ( 1 ),
+ Description (
+ "The parent system responsible for the collection." )]
+ CIM_System REF Parent;
+
+ [Key, Description ( "The collection." )]
+ CIM_Collection REF Child;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_Credential.mof b/Schemas/CIM236/DMTF/User/CIM_Credential.mof
new file mode 100644
index 0000000..7b5a57e
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_Credential.mof
@@ -0,0 +1,48 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Abstract, Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::Credential" ),
+ Description (
+ "Subclasses of CIM_Credential define materials, information or "
+ "other data which are used to establish identity. Generally, "
+ "there may be some shared information, or credential material "
+ "which is used to identify and authenticate an entity in the "
+ "process of gaining access to, or permission to use, resources. "
+ "Such credential material may be used to authenticate an "
+ "entity\'s identity initially, as done by a "
+ "CIM_AuthenticationService, and additionally on an ongoing "
+ "basis (for example, during the course of a connection or other "
+ "security association), as proof that each received message or "
+ "communication came from a valid \'user\' of that credential "
+ "material." )]
+class CIM_Credential : CIM_ManagedElement {
+
+ [Description (
+ "The date and time when the credential was issued. Use a "
+ "value of all \'00000101000000.000000+000\', (midnight, "
+ "January 1, 1 BCE at coordinated universal time +0 "
+ "minutes), if this information is not applicable. On "
+ "CreateInstance, if this property is unspecified, or set "
+ "to NULL, then current time is assumed." )]
+ datetime Issued;
+
+ [Description (
+ "The date and time when the credential expires (and is "
+ "not appropriate for use for authentication/ "
+ "authorization). If this information is not applicable, "
+ "Use a value of \'99991231235959.999999+999\', (1 "
+ "microsecond before midnight, December 31, 9999 CE, at "
+ "coordinated universal time + 999 minutes). \n"
+ "On CreateInstance, if this property is unspecified, or "
+ "set to NULL, then a value of \'99991231235959.999999+999\' "
+ "is assumed. Note that this property does not define how "
+ "the expiration is set - but that there IS an expiration. "
+ "The property may be set to either a specific date/time "
+ "or an interval (calculated from the Issued datetime). "
+ "For example, for Certificate Authority-signed public "
+ "key, the expiration is determined by the CA. Another "
+ "example is a voice mail password that expires 60 days "
+ "after it is set/issued." )]
+ datetime Expires;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CredentialContext.mof b/Schemas/CIM236/DMTF/User/CIM_CredentialContext.mof
new file mode 100644
index 0000000..7102015
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CredentialContext.mof
@@ -0,0 +1,59 @@
+// Copyright (c) 2010 DMTF. All rights reserved.
+ [Association, Version ( "2.27.0" ),
+ UMLPackagePath ( "CIM::User::Credential" ),
+ Description (
+ "This relationship defines a context (e.g., a System or "
+ "Service) of a Credential. One example is a shared secret/ "
+ "password which is defined within the context of an application "
+ "(or Service). Generally, there is one scoping element for a "
+ "Credential, however the multiplicities of the association "
+ "allow a Credential to be scoped by more than one element. If "
+ "this association is not instantiated for a Credential, that "
+ "Credential is assumed to be scoped to the Namespace.\n"
+ "This association may also be used to indicate that a "
+ "Credential is valid in some other environment. For instance "
+ "associating the Credential to a RemoteServiceAccessPoint would "
+ "indicate that the Credential is used to access the remote "
+ "service." )]
+class CIM_CredentialContext {
+
+ [Key, Description ( "A Credential whose context is defined." )]
+ CIM_Credential REF ElementInContext;
+
+ [Key, Description (
+ "The ManagedElement that provides context or scope for "
+ "the Credential." )]
+ CIM_ManagedElement REF ElementProvidingContext;
+
+ [Description (
+ "The usage of the certificate by the managed element that "
+ "the certificate is for or is scoped to. Owned - "
+ "Credential represents the CredentialContexts identity. "
+ "This means that the managed element will present this "
+ "credential to another party for authentication, "
+ "authorization, or both. Trusted - The ManagedElement "
+ "trusts the credential. This means that the credential is "
+ "trusted for one or more of the security operations such "
+ "as authentication, third-party authentication, and "
+ "authorization. Trusted for Authentication - The "
+ "ManagedElement trusts the identity represented by the "
+ "credential only for authentication purposes. Trusted for "
+ "Authorization - The ManagedElement trusts the identity "
+ "represented by the credential only for authorization "
+ "purposes. Trusted for Authentication/Authorization - The "
+ "ManagedElement trusts the identity represented by the "
+ "credential both for authentication and authorization "
+ "purposes. Trusted for Third-Party "
+ "Authentication/Authorization - The credential is being "
+ "trusted for approving a third-party credential to the "
+ "ManagedElement." ),
+ ValueMap { "2", "3", "4", "6", "7", "8", "..", "32768..65535" },
+ Values { "Owned", "Trusted", "Trusted for Authentication",
+ "Trusted for Authorization",
+ "Trusted for Authentication/Authorization",
+ "Trusted for Third-Party Authentication/Authorization",
+ "DMTF Reserved", "Vendor Reserved" }]
+ uint16 Usage;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CredentialManagementCapabilities.mof b/Schemas/CIM236/DMTF/User/CIM_CredentialManagementCapabilities.mof
new file mode 100644
index 0000000..bfb1198
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CredentialManagementCapabilities.mof
@@ -0,0 +1,72 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_CredentialManagementCapabilities describes the "
+ "capabilities for managing credentials." )]
+class CIM_CredentialManagementCapabilities : CIM_EnabledLogicalElementCapabilities {
+
+ [Description (
+ "Each enumeration corresponds to support for the "
+ "like-named method of the associated "
+ "CIM_CredentialManagementService instance(s) for the "
+ "exception of \"Delete Credential Instance\" that refers "
+ "to the capability of executing delete operation on the "
+ "instances of the CIM_Credential subclasses." ),
+ ValueMap { "4", "..", "0x8000.." },
+ Values { "DeleteCredentialInstance", "DMTF Reserved",
+ "Vendor Specific" }]
+ uint16 SupportedMethods[];
+
+ [Description (
+ "Defines the methodology used by the implementation to "
+ "accumulate the user\'s privileges for credentials or "
+ "credential stores that are directly or indirectly "
+ "associated with the CIM_CredentialManagementService that "
+ "this instace represents the capability of. \r\n"
+ "This methodology is applicable to the credentials and "
+ "credential stores that are members of another credential store.\r\n"
+ "The methodology describes how the same user\'s privilges "
+ "for a credential gets reconciled with that user\'s "
+ "privileges for the credential store that the credential "
+ "belongs to. The methodology is also applicable for "
+ "multi-level credential stores where one credential store "
+ "is a member of another credential store.\r\n"
+ "2 - Collection Privileges Override - the user\'s "
+ "privileges on the instance of CIM_CredentialStore that "
+ "is referenced by the Collection property of "
+ "CIM_MemberOfCollection association, overrides the same "
+ "user\'s privileges on the CIM_Credential and/or "
+ "CIM_CredentialStore referenced by the Member property of "
+ "the same CIM_MemberOfCollection asscociation.\r\n"
+ "3 - Member Privileges Override - the user\'s privileges "
+ "on the instance of CIM_Credential and/or "
+ "CIM_CredentialStore that is referenced by the Member "
+ "property of CIM_MemberOfCollection association, "
+ "overrides the same user\'s privileges on the "
+ "CIM_CredentialStore referenced by the Collection "
+ "property of the same CIM_MemberOfCollection asscociation.\r\n"
+ "4 - Collection-Member Privileges Union - the user\'s "
+ "privileges on the instance of CIM_Credential and/or "
+ "CIM_CredentialStore that is referenced by the Member "
+ "property of CIM_MemberOfCollection association, are "
+ "added to the same user\'s privileges on the "
+ "CIM_CredentialStore referenced by the Collection "
+ "property of the same CIM_MemberOfCollection asscociation.\r\n"
+ "5 - Collection-Member Privileges Intersection - the "
+ "user\'s privileges on the instance of CIM_Credential "
+ "and/or CIM_CredentialStore that is referenced by the "
+ "Member property of CIM_MemberOfCollection association, "
+ "are valid only if the privileges are mirrored with the "
+ "same user\'s privileges on the CIM_CredentialStore "
+ "referenced by the Collection property of the same "
+ "CIM_MemberOfCollection asscociation." ),
+ ValueMap { "2", "3", "4", "5" },
+ Values { "Collection Privileges Override",
+ "Member Privileges Override",
+ "Collection-Member Privileges Union",
+ "Collection-Member Privileges Intersection" }]
+ uint16 CumulativePrivilegeMethodology;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CredentialManagementSAP.mof b/Schemas/CIM236/DMTF/User/CIM_CredentialManagementSAP.mof
new file mode 100644
index 0000000..09cf709
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CredentialManagementSAP.mof
@@ -0,0 +1,13 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_CredentialManagementSAP represents the ability to utilize "
+ "or invoke a CredentialManagementService." )]
+class CIM_CredentialManagementSAP : CIM_ServiceAccessPoint {
+
+ [Description ( "The URL for the access point." )]
+ string URL;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CredentialManagementService.mof b/Schemas/CIM236/DMTF/User/CIM_CredentialManagementService.mof
new file mode 100644
index 0000000..2cb424e
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CredentialManagementService.mof
@@ -0,0 +1,10 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_CredentialManagementService issues credentials and manages "
+ "the credential lifecycle." )]
+class CIM_CredentialManagementService : CIM_AuthenticationService {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_CredentialStore.mof b/Schemas/CIM236/DMTF/User/CIM_CredentialStore.mof
new file mode 100644
index 0000000..c638c1d
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_CredentialStore.mof
@@ -0,0 +1,58 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ UMLPackagePath ( "CIM::User::Credential" ),
+ Description (
+ "CIM_CredentialStore class represents a collection of "
+ "credentials such as certificates and biometric credentials. "
+ "Credential collection can be used to store the credentials "
+ "used by the service for validation of served up credentials or "
+ "for the owned credentials of the service." )]
+class CIM_CredentialStore : CIM_Collection {
+
+ [Key, Override ( "InstanceID" ),
+ Description (
+ "Within the scope of the instantiating Namespace, "
+ "InstanceID opaquely and uniquely identifies an instance "
+ "of this class. In order to ensure uniqueness within the "
+ "NameSpace, the value of InstanceID SHOULD be constructed "
+ "using the following \'preferred\' algorithm: \n"
+ "<OrgID>:<LocalID> \n"
+ "Where <OrgID> and <LocalID> are separated by a colon "
+ "\':\', and where <OrgID> MUST include a copyrighted, "
+ "trademarked or otherwise unique name that is owned by "
+ "the business entity creating/defining the InstanceID, or "
+ "is a registered ID that is assigned to the business "
+ "entity by a recognized global authority. (This is "
+ "similar to the <Schema Name>_<Class Name> structure of "
+ "Schema class names.) In addition, to ensure uniqueness, "
+ "<OrgID> MUST NOT contain a colon (\':\'). When using "
+ "this algorithm, the first colon to appear in InstanceID "
+ "MUST appear between <OrgID> and <LocalID>. \n"
+ "<LocalID> is chosen by the organizational entity and "
+ "SHOULD not be re-used to identify different underlying "
+ "(real-world) elements. If the above \'preferred\' "
+ "algorithm is not used, the defining entity MUST assure "
+ "that the resultant InstanceID is not re-used across any "
+ "InstanceIDs produced by this or other providers for this "
+ "instance\'s NameSpace. \n"
+ "For DMTF defined instances, the \'preferred\' algorithm "
+ "MUST be used with the <OrgID> set to \'CIM\'." )]
+ string InstanceID;
+
+ [Description (
+ "Usage of the CIM_CredentialStore. 2 - Owned value means "
+ "CIM_CredentialStore instance represents a collection of "
+ "credentials that belong to parties local to the manager "
+ "of the store. 3 - Trusted value means "
+ "CIM_CredentialStore instance public credentials that "
+ "belong to parties trusted by the manager of the store. 4 "
+ "- Mixed value means CIM_CredentialStore instance "
+ "represents a collection of both Trusted and Owned "
+ "credentials." ),
+ ValueMap { "2", "3", "4", "..", "32768..65535" },
+ Values { "Owned", "Trusted", "Mixed", "DMTF Reserved",
+ "Vendor Specified" }]
+ uint16 Usage;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_ElementAsUser.mof b/Schemas/CIM236/DMTF/User/CIM_ElementAsUser.mof
new file mode 100644
index 0000000..7364d2b
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_ElementAsUser.mof
@@ -0,0 +1,37 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_AssignedIdentity" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::UsersAccess" ),
+ Description (
+ "CIM_ElementAsUser is an association used to establish the "
+ "\'ownership\' of UsersAccess object instances. That is, the "
+ "ManagedElement may have UsersAccess to systems and, therefore, "
+ "be \'users\' on those systems. UsersAccess instances must have "
+ "an \'owning\' ManagedElement. Typically, the ManagedElements "
+ "will be limited to Collection, Person, Service and "
+ "ServiceAccessPoint. Other non-human ManagedElements that might "
+ "be thought of as having UsersAccess (e.g., a device or system) "
+ "have services that have the UsersAccess. \n"
+ "\n"
+ "Since the UsersAccess class is deprecated in lieu of "
+ "CIM_Identity, this association is also deprecated and replaced "
+ "by one of similar semantics, AssignedIdentity. It should be "
+ "noted that the new class is NOT defined as a Dependency "
+ "relationship, since it was felt that the association was not "
+ "truly a dependency of the element on its access." )]
+class CIM_ElementAsUser : CIM_Dependency {
+
+ [Deprecated { "CIM_AssignedIdentity.ManagedElement" },
+ Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The ManagedElement that has UsersAccess." )]
+ CIM_ManagedElement REF Antecedent;
+
+ [Deprecated { "CIM_AssignedIdentity.IdentityInfo" },
+ Override ( "Dependent" ),
+ Description ( "The \'owned\' UsersAccess." )]
+ CIM_UsersAccess REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_ElementSecuritySensitivity.mof b/Schemas/CIM236/DMTF/User/CIM_ElementSecuritySensitivity.mof
new file mode 100644
index 0000000..9cba082
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_ElementSecuritySensitivity.mof
@@ -0,0 +1,19 @@
+// Copyright (c) 2006 DMTF. All rights reserved.
+ [Association, Version ( "2.14.0" ),
+ UMLPackagePath ( "CIM::User::SecurityLevel" ),
+ Description (
+ "This association labels an element with a security sensitivity.\n"
+ "This association is not used to indicate clearance of a "
+ "security principal, see IdentitySecurityClearance." )]
+class CIM_ElementSecuritySensitivity {
+
+ [Key, Description (
+ "The security sensitivity level of the element." )]
+ CIM_SecuritySensitivity REF SecurityLevel;
+
+ [Key, Description (
+ "The element which is assigned a sensitivity level." )]
+ CIM_ManagedElement REF ManagedElement;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_GatewayPathID.mof b/Schemas/CIM236/DMTF/User/CIM_GatewayPathID.mof
new file mode 100644
index 0000000..27dc360
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_GatewayPathID.mof
@@ -0,0 +1,39 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::StorageHardwareID" ),
+ Description (
+ "GatewayPathID extends StorageHardwareID to name a path segment "
+ "defined by the end identities, HardwareID and GatewayID. The "
+ "purpose is to describe Identity to allow access control to be "
+ "applied to a particular path segment. Think of the element "
+ "identified by GatewayPathID as a Gateway between a non-trusted "
+ "world and a trusted world." )]
+class CIM_GatewayPathID : CIM_StorageHardwareID {
+
+ [Required, Description (
+ "The ID representing the Gateway for a path segment from "
+ "the element identified in the HardwareID property to the "
+ "Gateway." ),
+ ModelCorrespondence { "CIM_GatewayPathID.GatewayIDType",
+ "CIM_GatewayPathID.OtherGatewayIDType" }]
+ string GatewayID;
+
+ [Required, Description (
+ "The type of the ID property. iSCSI GatewayIDs may use "
+ "one of three iSCSI formats - iqn, eui, or naa. This "
+ "three letter format is the name prefix; so a single "
+ "iSCSI type is provided here, the prefix can be used to "
+ "further refine the format." ),
+ ValueMap { "1", "2", "3", "4", "5" },
+ Values { "Other", "PortWWN", "NodeWWN", "Hostname",
+ "iSCSI Name" },
+ ModelCorrespondence { "CIM_GatewayPathID.GatewayID" }]
+ uint16 GatewayIDType;
+
+ [Description (
+ "The gateway ID type when Gateway IDType is \"Other\"." ),
+ ModelCorrespondence { "CIM_GatewayPathID.GatewayID" }]
+ string OtherGatewayIDType;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_Group.mof b/Schemas/CIM236/DMTF/User/CIM_Group.mof
new file mode 100644
index 0000000..6a4b399
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_Group.mof
@@ -0,0 +1,52 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Group" ),
+ Description (
+ "The Group class is used to collect ManagedElements that are "
+ "intended to be conformant with an LDAP GroupOfNames, as "
+ "defined by IETF RFC 2256. For other purposes, "
+ "ConcreteCollection, or other subclasses of Collection, may be "
+ "more appropriate. \n"
+ "This class is defined so as to incorporate commonly-used LDAP "
+ "attributes to permit implementations to easily derive this "
+ "information from LDAP-accessible directories. This class\'s "
+ "properties are a subset of a related class, "
+ "OtherGroupInformation, which defines all the group properties "
+ "and in array form for directory compatibility." ),
+ MappingStrings { "RFC2407.IETF|Section 7.10 GroupOfNames" }]
+class CIM_Group : CIM_Collection {
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Description (
+ "The Name property defines the label by which the object "
+ "is known. In the case of an LDAP-derived instance, the "
+ "Name property value may be set to the distinguished name "
+ "of the LDAP-accessed object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "The BusinessCategory property may be used to describe "
+ "the kind of business activity performed by the members "
+ "of the group." ),
+ MaxLen ( 128 )]
+ string BusinessCategory;
+
+ [Required, Description (
+ "A Common Name is a (possibly ambiguous) name by which "
+ "the group is commonly known in some limited scope (such "
+ "as an organization) and conforms to the naming "
+ "conventions of the country or culture with which it is "
+ "associated." )]
+ string CommonName;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_HostedACI.mof b/Schemas/CIM236/DMTF/User/CIM_HostedACI.mof
new file mode 100644
index 0000000..ea146d4
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_HostedACI.mof
@@ -0,0 +1,29 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "No value" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::AccessControl" ),
+ Description (
+ "CIM_HostedACI is an association used to provide the namespace "
+ "scoping of AccessControlInformation. Since the referenced "
+ "class, AccessControlInformation, is deprecated, this Weak "
+ "association is similarly deprecated. Also, although "
+ "Privileges/access control can be defined in the context of a "
+ "System, this is not a mandatory association nor does it "
+ "provide any additional semantics for the Privilege. Therefore, "
+ "HostedACI is deprecated with no replacement association." )]
+class CIM_HostedACI : CIM_HostedDependency {
+
+ [Deprecated { "No value" },
+ Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The hosting system." )]
+ CIM_System REF Antecedent;
+
+ [Deprecated { "No value" },
+ Override ( "Dependent" ),
+ Weak, Description ( "The hosted AccessControlInformation." )]
+ CIM_AccessControlInformation REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_HostedAuthenticationRequirement.mof b/Schemas/CIM236/DMTF/User/CIM_HostedAuthenticationRequirement.mof
new file mode 100644
index 0000000..211834e
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_HostedAuthenticationRequirement.mof
@@ -0,0 +1,27 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_PolicyRuleInSystem" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::AuthenticationReqmt" ),
+ Description (
+ "CIM_HostedAuthenticationRequirement is an association used to "
+ "provide the namespace scoping of AuthenticationRequirement. "
+ "The hosted requirements may or may not apply to resources on "
+ "the hosting system. Since the AuthenticationRequirement class "
+ "is deprecated in lieu of explicit policy rules, this class is "
+ "similarly deprecated to its \'policy\' equivalent." )]
+class CIM_HostedAuthenticationRequirement : CIM_HostedDependency {
+
+ [Deprecated { "CIM_PolicyRuleInSystem.Antecedent" },
+ Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The hosting system." )]
+ CIM_System REF Antecedent;
+
+ [Deprecated { "CIM_PolicyRuleInSystem.Dependent" },
+ Override ( "Dependent" ),
+ Weak, Description ( "The hosted AuthenticationRequirement." )]
+ CIM_AuthenticationRequirement REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_IKESecretIsNamed.mof b/Schemas/CIM236/DMTF/User/CIM_IKESecretIsNamed.mof
new file mode 100644
index 0000000..c74816f
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_IKESecretIsNamed.mof
@@ -0,0 +1,25 @@
+// Copyright (c) 2007, DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_ServiceAffectsElement" },
+ Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::SharedSecret" ),
+ Description (
+ "CIM_IKESecretIsNamed association provides the relationship "
+ "between a SharedSecretService and a NamedSharedIKESecret." )]
+class CIM_IKESecretIsNamed : CIM_ManagedCredential {
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectingElement" },
+ Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description (
+ "The SharedSecretService that manages a NamedSharedIKESecret."
+ )]
+ CIM_SharedSecretService REF Antecedent;
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectedElement" },
+ Override ( "Dependent" ),
+ Weak, Description ( "The managed NamedSharedIKESecret." )]
+ CIM_NamedSharedIKESecret REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_IPNetworkIdentity.mof b/Schemas/CIM236/DMTF/User/CIM_IPNetworkIdentity.mof
new file mode 100644
index 0000000..207fa20
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_IPNetworkIdentity.mof
@@ -0,0 +1,48 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::Identity" ),
+ Description (
+ "IPNetworkIdentity is used to represent the various network "
+ "identities that may be used for an IPProtocolEndpoint. The "
+ "relationship between the NetworkIdentity and the "
+ "IPProtocolEndpoint is modeled by the AssignedIdentity "
+ "association, inherited from CIM_Identity. This association "
+ "could also be used to relate an address range or other "
+ "endpoint collection with the Identity." ),
+ MappingStrings { "IPSP Policy Model.IETF|IKEIdentity" }]
+class CIM_IPNetworkIdentity : CIM_Identity {
+
+ [Required, Description (
+ "The IdentityType specifies the type of IP network "
+ "Identity. The list of identities was generated from "
+ "Section 4.6.2.1 of RFC2407. Note that the enumeration is "
+ "different than the RFC list, since the value \'Other\' "
+ "is taken into account." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11", "12", "..", "0x8000.." },
+ Values { "Other", "IPV4 Address", "FQDN", "User FQDN",
+ "IPV4 Subnet Address", "IPV6 Address",
+ "IPV6 Subnet Address", "IPV4 Address Range",
+ "IPV6 Address Range", "DER ASN1 DN", "DER ASN1 GN",
+ "KEY ID", "DMTF Reserved", "Vendor Reserved" },
+ MappingStrings {
+ "IPSP Policy Model.IETF|IKEIdentity.IdentityType",
+ "RFC2407.IETF|Section 4.6.2.1" },
+ ModelCorrespondence { "CIM_IPNetworkIdentity.IdentityValue" }]
+ uint16 IdentityType;
+
+ [Required, Description (
+ "IdentityValue contains a string encoding of the "
+ "Identity. For Identity instances that are address types, "
+ "the IdentityValue string value may be omitted and the "
+ "associated IPProtocolEndpoint, RangeOfIPAddresses or "
+ "similar class is used to define this information. The "
+ "class is associated using the AssignedIdentity "
+ "relationship." ),
+ MappingStrings {
+ "IPSP Policy Model.IETF|IKEIdentity.IdentityValue" },
+ ModelCorrespondence { "CIM_IPNetworkIdentity.IdentityType" }]
+ string IdentityValue;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_Identity.mof b/Schemas/CIM236/DMTF/User/CIM_Identity.mof
new file mode 100644
index 0000000..b86dc32
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_Identity.mof
@@ -0,0 +1,87 @@
+// Copyright (c) 2008 DMTF. All rights reserved.
+ [Version ( "2.19.0" ),
+ UMLPackagePath ( "CIM::User::Identity" ),
+ Description (
+ "An instance of an Identity represents a ManagedElement that "
+ "acts as a security principal within the scope in which it is "
+ "defined and authenticated. (Note that the Identity\'s scope is "
+ "specified using the association, CIM_IdentityContext.) "
+ "ManagedElements with Identities can be OrganizationalEntities, "
+ "Services, Systems, etc. The ManagedElement \'behind\' an "
+ "Identity is described using the AssignedIdentity association. \n"
+ "\n"
+ "Within a given security context, an Identity may be imparted a "
+ "level of trust, usually based on its credentials. A trust "
+ "level is defined using the CIM_SecuritySensitivity class, and "
+ "associated with Identity using CIM_ElementSecuritySensitivity. "
+ "Whether an Identity is currently authenticated is evaluated by "
+ "checking the CurrentlyAuthenticated boolean property. This "
+ "property is set and cleared by the security infrastructure, "
+ "and should only be readable within the management "
+ "infrastructure. The conditions which must be met/authenticated "
+ "in order for an Identity\'s CurrentlyAuthenticated Boolean to "
+ "be TRUE are defined using a subclass of PolicyCondition - "
+ "AuthenticationCondition. The inheritance tree for "
+ "AuthenticationCondition is defined in the CIM Policy Model. \n"
+ "\n"
+ "Subclasses of Identity may include specific information "
+ "related to a given AuthenticationService or authority (such as "
+ "a security token or computer hardware port/communication "
+ "details) that more specifically determine the authenticity of "
+ "the Identity. An instance of Identity may be persisted even "
+ "though it is not CurrentlyAuthenticated, in order to maintain "
+ "static relationships to Roles, associations to accounting "
+ "information, and policy data defining authentication "
+ "requirements. Note however, when an Identity is not "
+ "authenticated (CurrentlyAuthenticated = FALSE), then "
+ "Privileges or rights SHOULD NOT be authorized. The lifetime, "
+ "validity, and propagation of the Identity is dependent on a "
+ "security infrastructure\'s policies." )]
+class CIM_Identity : CIM_ManagedElement {
+
+ [Key, Override ( "InstanceID" ),
+ Description (
+ "Within the scope of the instantiating Namespace, "
+ "InstanceID opaquely and uniquely identifies an instance "
+ "of this class. In order to ensure uniqueness within the "
+ "NameSpace, the value of InstanceID SHOULD be constructed "
+ "using the following \'preferred\' algorithm: \n"
+ "<OrgID>:<LocalID> \n"
+ "Where <OrgID> and <LocalID> are separated by a colon "
+ "\':\', and where <OrgID> MUST include a copyrighted, "
+ "trademarked or otherwise unique name that is owned by "
+ "the business entity creating/defining the InstanceID, or "
+ "is a registered ID that is assigned to the business "
+ "entity by a recognized global authority. (This is "
+ "similar to the <Schema Name>_<Class Name> structure of "
+ "Schema class names.) In addition, to ensure uniqueness "
+ "<OrgID> MUST NOT contain a colon (\':\'). When using "
+ "this algorithm, the first colon to appear in InstanceID "
+ "MUST appear between <OrgID> and <LocalID>. \n"
+ "<LocalID> is chosen by the business entity and SHOULD "
+ "not be re-used to identify different underlying "
+ "(real-world) elements. If the above \'preferred\' "
+ "algorithm is not used, the defining entity MUST assure "
+ "that the resultant InstanceID is not re-used across any "
+ "InstanceIDs produced by this or other providers for this "
+ "instance\'s NameSpace. \n"
+ "For DMTF defined instances, the \'preferred\' algorithm "
+ "MUST be used with the <OrgID> set to \'CIM\'." )]
+ string InstanceID;
+
+ [Description (
+ "Boolean indicating whether this Identity has been "
+ "authenticated, and is currently known within the scope "
+ "of an AuthenticationService or authority. By default, "
+ "authenticity SHOULD NOT be assumed. This property is set "
+ "and cleared by the security infrastructure, and should "
+ "only be readable within the management infrastructure. "
+ "Note that its value, alone, may not be sufficient to "
+ "determine authentication/ authorization, in that "
+ "properties of an Identity subclass (such as a security "
+ "token or computer hardware port/ communication details) "
+ "may be required by the security infrastructure." )]
+ boolean CurrentlyAuthenticated = false;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_IdentityContext.mof b/Schemas/CIM236/DMTF/User/CIM_IdentityContext.mof
new file mode 100644
index 0000000..e87f2da
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_IdentityContext.mof
@@ -0,0 +1,21 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::Identity" ),
+ Description (
+ "This relationship defines a context (e.g., a System or "
+ "Service) of an Identity. Note that the cardinalities of this "
+ "association are many to many, indicating that the Identity MAY "
+ "be scoped by several elements. However, it is likely that "
+ "there will only be a single scope, if one exists at all." )]
+class CIM_IdentityContext {
+
+ [Key, Description ( "An Identity whose context is defined." )]
+ CIM_Identity REF ElementInContext;
+
+ [Key, Description (
+ "The ManagedElement that provides context or scope for "
+ "the Identity." )]
+ CIM_ManagedElement REF ElementProvidingContext;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_IdentityManagementService.mof b/Schemas/CIM236/DMTF/User/CIM_IdentityManagementService.mof
new file mode 100644
index 0000000..275dda6
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_IdentityManagementService.mof
@@ -0,0 +1,10 @@
+// Copyright (c) 2010 DMTF. All rights reserved.
+ [Version ( "2.27.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "A service supporting the creation and management of CIM_Identities ."
+ )]
+class CIM_IdentityManagementService : CIM_AuthenticationService {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_KDCIssuesKerberosTicket.mof b/Schemas/CIM236/DMTF/User/CIM_KDCIssuesKerberosTicket.mof
new file mode 100644
index 0000000..88a2586
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_KDCIssuesKerberosTicket.mof
@@ -0,0 +1,24 @@
+// Copyright (c) 2007, DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_ServiceAffectsElement" },
+ Version ( "2.16.0" ),
+ UMLPackagePath ( "CIM::User::Kerberos" ),
+ Description (
+ "The KDC issues and owns Kerberos tickets. This association "
+ "captures the relationship between the KDC and its issued "
+ "tickets." )]
+class CIM_KDCIssuesKerberosTicket : CIM_ManagedCredential {
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectingElement" },
+ Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The issuing KDC." )]
+ CIM_KerberosKeyDistributionCenter REF Antecedent;
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectedElement" },
+ Override ( "Dependent" ),
+ Weak, Description ( "The managed credential." )]
+ CIM_KerberosTicket REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_KerberosCredential.mof b/Schemas/CIM236/DMTF/User/CIM_KerberosCredential.mof
new file mode 100644
index 0000000..1ea150d
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_KerberosCredential.mof
@@ -0,0 +1,69 @@
+// Copyright (c) 2012 DMTF. All rights reserved.
+ [Version ( "2.31.1" ),
+ UMLPackagePath ( "CIM::User::Kerberos" ),
+ Description (
+ "A CIM_KerberosCredential represents a credential issued by a "
+ "particular Kerberos Key Distribution Center (KDC) to establish "
+ "an identity, as the result of a successful authentication "
+ "process. There are two types of tickets that a KDC may issue - "
+ "a TicketGranting ticket, which is used to protect and "
+ "authenticate communications between an entity and the KDC, and "
+ "a Session ticket, which the KDC issues to two entities to "
+ "allow them to communicate with each other." )]
+class CIM_KerberosCredential : CIM_Credential {
+
+ [Key, Override ( "InstanceID" ),
+ Description (
+ "Within the scope of the instantiating Namespace, "
+ "InstanceID opaquely and uniquely identifies an instance "
+ "of this class. In order to ensure uniqueness within the "
+ "NameSpace, the value of InstanceID SHOULD be constructed "
+ "using the following \'preferred\' algorithm: \n"
+ "<OrgID>:<LocalID> \n"
+ "Where <OrgID> and <LocalID> are separated by a colon "
+ "\':\', and where <OrgID> MUST include a copyrighted, "
+ "trademarked or otherwise unique name that is owned by "
+ "the business entity creating/defining the InstanceID, or "
+ "is a registered ID that is assigned to the business "
+ "entity by a recognized global authority. (This is "
+ "similar to the <Schema Name>_<Class Name> structure of "
+ "Schema class names.) In addition, to ensure uniqueness, "
+ "<OrgID> MUST NOT contain a colon (\':\'). When using "
+ "this algorithm, the first colon to appear in InstanceID "
+ "MUST appear between <OrgID> and <LocalID>. \n"
+ "<LocalID> is chosen by the organizational entity and "
+ "SHOULD not be re-used to identify different underlying "
+ "(real-world) elements. If the above \'preferred\' "
+ "algorithm is not used, the defining entity MUST assure "
+ "that the resultant InstanceID is not re-used across any "
+ "InstanceIDs produced by this or other providers for this "
+ "instance\'s NameSpace. \n"
+ "For DMTF defined instances, the \'preferred\' algorithm "
+ "MUST be used with the <OrgID> set to \'CIM\'." )]
+ string InstanceID;
+
+ [Description (
+ "The name of the service for which this ticket is used." ),
+ MaxLen ( 256 )]
+ string AccessesService;
+
+ [Description (
+ "RemoteID is the name by which the user is known at the "
+ "KDC security service." ),
+ MaxLen ( 256 )]
+ string RemoteID;
+
+ [Description (
+ "The Type of CIM_KerberosCredential is used to indicate "
+ "whether the ticket in question was issued by the "
+ "Kerberos Key Distribution Center (KDC) to support "
+ "ongoing communication between the Users Access and the "
+ "KDC (\"TicketGranting\"), or was issued by the KDC to "
+ "support ongoing communication between two Users Access "
+ "entities (\"Session\")." ),
+ ValueMap { "0", "1" },
+ Values { "Session", "TicketGranting" }]
+ uint16 TicketType;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_KerberosKeyDistributionCenter.mof b/Schemas/CIM236/DMTF/User/CIM_KerberosKeyDistributionCenter.mof
new file mode 100644
index 0000000..c3a9c23
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_KerberosKeyDistributionCenter.mof
@@ -0,0 +1,18 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Kerberos" ),
+ Description ( "The Kerberos KDC." )]
+class CIM_KerberosKeyDistributionCenter : CIM_CredentialManagementService {
+
+ [Override ( "Name" ),
+ Description ( "The Realm served by this KDC." )]
+ string Name;
+
+ [Description (
+ "The version of Kerberos supported by this service." ),
+ ValueMap { "0", "1", "2", "3" },
+ Values { "V4", "V5", "DCE", "MS" }]
+ uint16 Protocol[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_KerberosTicket.mof b/Schemas/CIM236/DMTF/User/CIM_KerberosTicket.mof
new file mode 100644
index 0000000..d5f4bac
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_KerberosTicket.mof
@@ -0,0 +1,67 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.31.1" ),
+ UMLPackagePath ( "CIM::User::Kerberos" ),
+ Description (
+ "A CIM_KerberosTicket represents a credential issued by a "
+ "particular Kerberos Key Distribution Center (KDC) to establish "
+ "an identity, as the result of a successful authentication "
+ "process. There are two types of tickets that a KDC may issue - "
+ "a TicketGranting ticket, which is used to protect and "
+ "authenticate communications between an entity and the KDC, and "
+ "a Session ticket, which the KDC issues to two entities to "
+ "allow them to communicate with each other." )]
+class CIM_KerberosTicket : CIM_KerberosCredential {
+
+ [Deprecated { "CIM_KerberosCredential.InstanceID" },
+ Required, Description ( "The scoping System\'s CCN." ),
+ MaxLen ( 256 )]
+ string SystemCreationClassName;
+
+ [Deprecated { "CIM_KerberosCredential.InstanceID" },
+ Required, Description ( "The scoping System\'s Name." ),
+ MaxLen ( 256 )]
+ string SystemName;
+
+ [Deprecated { "CIM_KerberosCredential.InstanceID" },
+ Required, Description ( "The scoping Service\'s CCN." ),
+ MaxLen ( 256 )]
+ string ServiceCreationClassName;
+
+ [Deprecated { "CIM_KerberosCredential.InstanceID" },
+ Required, Description (
+ "The scoping Service\'s Name. The Kerberos KDC Realm of "
+ "CIM_KerberosTicket is used to record the security "
+ "authority, or Realm, name so that tickets issued by "
+ "different Realms can be separately managed and "
+ "enumerated." ),
+ MaxLen ( 256 )]
+ string ServiceName;
+
+ [Required, Override ( "AccessesService" ),
+ Description (
+ "The name of the service for which this ticket is used." ),
+ MaxLen ( 256 )]
+ string AccessesService;
+
+ [Required, Override ( "RemoteID" ),
+ Description (
+ "RemoteID is the name by which the user is known at the "
+ "KDC security service." ),
+ MaxLen ( 256 )]
+ string RemoteID;
+
+ [Override ( "TicketType" ),
+ Description (
+ "The Type of CIM_KerberosTicket is used to indicate "
+ "whether the ticket in question was issued by the "
+ "Kerberos Key Distribution Center (KDC) to support "
+ "ongoing communication between the Users Access and the "
+ "KDC (\"TicketGranting\"), or was issued by the KDC to "
+ "support ongoing communication between two Users Access "
+ "entities (\"Session\")." ),
+ ValueMap { "0", "1" },
+ Values { "Session", "TicketGranting" }]
+ uint16 TicketType;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_KeyBasedCredentialManagementService.mof b/Schemas/CIM236/DMTF/User/CIM_KeyBasedCredentialManagementService.mof
new file mode 100644
index 0000000..9d8f313
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_KeyBasedCredentialManagementService.mof
@@ -0,0 +1,142 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ ClassConstraint {
+ "/* The constraints below aim to efficiently */ /* represent a singular OctetString. Each of the properties*/ /* is a single encoded string, thus only the first element */ /* needs to be populated. */ inv:self.ImportPublicPrivateKeyPair.PublicKey->size()=1 and self.ImportPublicPrivateKeyPair.PrivateKey->size()=1" },
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_KeyBasedCredentialManagementService manages key based "
+ "credentials such as symmetric and assymetric key pairs and "
+ "certificates. It also manages the infrustracture necessary for "
+ "the key based credentials such as key repositories." )]
+class CIM_KeyBasedCredentialManagementService : CIM_CredentialManagementService {
+
+
+ [Description (
+ "This method is called to request an import of "
+ "public/private key pair. The method is used when "
+ "assymetric private/public keys are generated elsewhere "
+ "but are required by the managed system for creation of "
+ "Certificate Signing Requests (CSRs) or self-signed "
+ "certificates or any other key based credentials. Upon "
+ "the successful execution, the PPKPCredential shall be "
+ "the reference to the CIM_UnsignedCredential instance "
+ "representing the private/public key pair. The "
+ "CIM_UnsignedCredential instance shall be associated "
+ "through CIM_MemberOfCollection association with the "
+ "instance of CIM_Keystore referenced by the Keystore "
+ "parameter, and shall be associated through the "
+ "CIM_AffectsElement association with the method "
+ "invocation instance of "
+ "CIM_KeyBasedCredentialManagementService." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "..", "4096",
+ "4097..32767", "32768..65535" },
+ Values { "Completed with No Error", "Not Supported",
+ "Error Occured", "Busy", "Invalid Reference",
+ "Invalid Parameter", "Access Denied", "DMTF Reserved",
+ "Job Started", "Method Reserved", "Vendor Specified" }]
+ uint32 ImportPublicPrivateKeyPair(
+ [Required, IN, Description (
+ "The DER-encoded raw public key.Only the first "
+ "element of the array property shall be populated." ),
+ OctetString]
+ string PublicKey[],
+ [Required, IN, Description (
+ "The DER-encoded raw private key.Only the first "
+ "element of the array property shall be populated." ),
+ OctetString]
+ string PrivateKey[],
+ [Required, IN, Description (
+ "The reference to the CIM_Keystore instance "
+ "representing the key store, which the "
+ "public/private key pair is imported in to." )]
+ CIM_Keystore REF Keystore,
+ [IN, Description (
+ "The managed element that represents the user or "
+ "owner or the scoping element of the certificate. "
+ "Such managed element could be the web service that "
+ "owns the certificate or uses it for verification "
+ "or account that the certificate is scoped to." )]
+ CIM_ManagedElement REF CredentialContext,
+ [IN, Description (
+ "The usage of the certificate by the managed "
+ "element that the certificate is for or is scoped "
+ "to." ),
+ ValueMap { "2", "3", "4", "6", "7", "8", "..",
+ "32768..65535" },
+ Values { "Owned", "Trusted",
+ "Trusted for Authentication",
+ "Trusted for Authorization",
+ "Trusted for Authentication/Authorization",
+ "Trusted for Third-Party Authentication/Authorization",
+ "DMTF Reserved", "Vendor Reserved" },
+ ModelCorrespondence { "CIM_CredentialContext.Usage" }]
+ uint16 Usage,
+ [IN ( false ), OUT, Description (
+ "Contains a reference to the ConcreteJob created to "
+ "track the execution initiated by the method "
+ "invocation. If method returns 4096 - Job Started, "
+ "then this parameter shall not be NULL." )]
+ CIM_ConcreteJob REF Job,
+ [Required, IN ( false ), OUT, Description (
+ "The PPKPCredential output parameter references the "
+ "instance of CIM_UnsignedCredential that represents "
+ "the public/private key pair." )]
+ CIM_UnsignedCredential REF PPKPCredential);
+
+ [Description (
+ "This method is called to request a creation of a "
+ "keystore repository to be used for storage of the key "
+ "based credentials. Upon the successful execution, the "
+ "NewKeystore parameter shall reference to the newly "
+ "created instance of CIM_Keystore. The property values of "
+ "the newly created instance of the CIM_Keystore shall "
+ "match all the non-null, non-key properties of the "
+ "Keystore parameter embedded instance. The newly created "
+ "CIM_Keystore instance shall be associated to the "
+ "instance CIM_System referenced by the OwningSystem "
+ "parameter using CIM_OwningCollectionElement association, "
+ "shall be associated with the "
+ "CIM_KeyBasedCredentialManagementService instance using "
+ "the CIM_ServiceAffectsElement association, and shall be "
+ "associated to the instances of CIM_Service referenced in "
+ "the KeystoreUtilizers using CIM_Dependency association." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "..", "4096",
+ "4097..32767", "32768..65535" },
+ Values { "Completed with No Error", "Not Supported",
+ "Error Occured", "Busy", "Invalid Reference",
+ "Invalid Parameter", "Access Denied", "DMTF Reserved",
+ "Job Started", "Method Reserved", "Vendor Specified" }]
+ uint32 CreateKeystore(
+ [Required, IN, Description (
+ "The Keystore parameter contains the desired "
+ "CIM_Keystore instance. The embedded instance shall "
+ "contain the ElementName and Usage properties." ),
+ EmbeddedInstance ( "CIM_Keystore" )]
+ string Keystore,
+ [Required, IN, Description (
+ "The OwningSystem parameter references to the "
+ "desired CIM_System instance that represents the "
+ "owning managed system for the keystore." )]
+ CIM_System REF OwningSystem,
+ [IN, Description (
+ "The KeystoreUtilizers parameter contains an array "
+ "of references to the instances of ManagedElement "
+ "that represent the managed element that would "
+ "utilize the keystore. Such services could be web "
+ "services or protocol services that utilize the "
+ "credentials stored in the keystore for the "
+ "identity verification purposes." )]
+ CIM_ManagedElement REF KeystoreUtilizers[],
+ [IN ( false ), OUT, Description (
+ "Contains a reference to the ConcreteJob created to "
+ "track the execution initiated by the method "
+ "invocation. If method returns 4096 - Job Started, "
+ "then this parameter shall not be NULL." )]
+ CIM_ConcreteJob REF Job,
+ [Required, IN ( false ), OUT, Description (
+ "The NewKeystore output parameter references the "
+ "instance of CIM_Keystore that represents the newly "
+ "created keystore repository." )]
+ CIM_Keystore REF NewKeystore);
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_Keystore.mof b/Schemas/CIM236/DMTF/User/CIM_Keystore.mof
new file mode 100644
index 0000000..097a1f4
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_Keystore.mof
@@ -0,0 +1,33 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ UMLPackagePath ( "CIM::User::Credential" ),
+ Description (
+ "CIM_Keystore class represents a keystore, collection of key "
+ "based credentials such as certificates. Keystore can be used "
+ "to store the certificates that are used for the client role of "
+ "the validation of the served up certificates, or for the "
+ "server role, serving up the certificates to the client for the "
+ "validation. Certificates in the keystore can be "
+ "revoked/invalidated by the means of application of Certificate "
+ "Revocation List (CRL)." )]
+class CIM_Keystore : CIM_CredentialStore {
+
+ [Override ( "Usage" ),
+ Description (
+ "Usage of the keystore.\n"
+ "2 - Owned value means CIM_Keystore instance represents a "
+ "collection of key based credentials that belong to "
+ "parties local to the manager of the keystore. \n"
+ "3 - Trusted value means CIM_Keystore instance represents "
+ "a collection of public key based credentials that belong "
+ "to parties trusted by the manager of the keystore.\n"
+ "4 - Mixed value means CIM_Keystore instance represents a "
+ "collection of both Trusted and Owned key based "
+ "credentials." ),
+ ValueMap { "2", "3", "4", "..", "32768..65535" },
+ Values { "Owned", "Trusted", "Mixed", "DMTF Reserved",
+ "Vendor Specified" }]
+ uint16 Usage;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_LocalCredentialManagementService.mof b/Schemas/CIM236/DMTF/User/CIM_LocalCredentialManagementService.mof
new file mode 100644
index 0000000..2ce27d7
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_LocalCredentialManagementService.mof
@@ -0,0 +1,11 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_LocalCredentialManagementService is a credential "
+ "management service that provides management of credentials "
+ "used by the local system." )]
+class CIM_LocalCredentialManagementService : CIM_CredentialManagementService {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_LocallyManagedPublicKey.mof b/Schemas/CIM236/DMTF/User/CIM_LocallyManagedPublicKey.mof
new file mode 100644
index 0000000..21073d5
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_LocallyManagedPublicKey.mof
@@ -0,0 +1,26 @@
+// Copyright (c) 2005 - 2007, DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_ServiceAffectsElement" },
+ Version ( "2.16.0" ),
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "CIM_LocallyManagedPublicKey association provides the "
+ "relationship between a PublicKeyManagementService and an "
+ "UnsignedPublicKey." )]
+class CIM_LocallyManagedPublicKey : CIM_ManagedCredential {
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectingElement" },
+ Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description (
+ "The PublicKeyManagementService that manages an unsigned "
+ "public key." )]
+ CIM_PublicKeyManagementService REF Antecedent;
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectedElement" },
+ Override ( "Dependent" ),
+ Weak, Description ( "An unsigned public key." )]
+ CIM_UnsignedPublicKey REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_ManagedCredential.mof b/Schemas/CIM236/DMTF/User/CIM_ManagedCredential.mof
new file mode 100644
index 0000000..5eaa272
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_ManagedCredential.mof
@@ -0,0 +1,22 @@
+// Copyright (c) 2007, DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_ServiceAffectsElement" },
+ Version ( "2.16.0" ),
+ UMLPackagePath ( "CIM::User::Credential" ),
+ Description (
+ "This relationship associates a CredentialManagementService "
+ "with the Credential it manages." )]
+class CIM_ManagedCredential : CIM_Dependency {
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectingElement" },
+ Override ( "Antecedent" ),
+ Max ( 1 ),
+ Description ( "The credential management service." )]
+ CIM_CredentialManagementService REF Antecedent;
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectedElement" },
+ Override ( "Dependent" ),
+ Description ( "The managed credential." )]
+ CIM_Credential REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_ManagesAccount.mof b/Schemas/CIM236/DMTF/User/CIM_ManagesAccount.mof
new file mode 100644
index 0000000..ac35c6a
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_ManagesAccount.mof
@@ -0,0 +1,18 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "This relationship associates the AccountManagement security "
+ "service to the Accounts for which it is responsible." )]
+class CIM_ManagesAccount : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Description ( "The account management service." )]
+ CIM_AccountManagementService REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Description ( "An account managed by the service." )]
+ CIM_Account REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_ManagesAccountOnSystem.mof b/Schemas/CIM236/DMTF/User/CIM_ManagesAccountOnSystem.mof
new file mode 100644
index 0000000..7ab27c7
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_ManagesAccountOnSystem.mof
@@ -0,0 +1,23 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "The CIM_ManagesAccountOnSystem provides the association "
+ "between a System and the AccountManagementService that manages "
+ "accounts for that system." )]
+class CIM_ManagesAccountOnSystem : CIM_SecurityServiceForSystem {
+
+ [Override ( "Antecedent" ),
+ Description (
+ "An AccountManagementService that manages accounts for the system."
+ )]
+ CIM_AccountManagementService REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Description (
+ "The system that is dependent on the AccountManagementService."
+ )]
+ CIM_System REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_MemberPrincipal.mof b/Schemas/CIM236/DMTF/User/CIM_MemberPrincipal.mof
new file mode 100644
index 0000000..ed973b4
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_MemberPrincipal.mof
@@ -0,0 +1,49 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_MemberOfCollection" },
+ Aggregation, Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "CIM_MemberPrincipal is an aggregation used to establish "
+ "membership of principals (i.e., users) in a Collection. That "
+ "membership can be established either directly or indirectly as "
+ "indicated in the UsersAccessBy property. For example, a user "
+ "may be identified directly by their userid (i.e., Account "
+ "object instance) or the user may be identified indirectly by "
+ "realm from which a ticket was issued (i.e., "
+ "CredentialManagementService object instance). \n"
+ "\n"
+ "This association is deprecated in lieu of its superclass. "
+ "Usage feedback on the class has indicated confusion regarding "
+ "defining the members of the collection. Also, the UsersAccess "
+ "aspects of this association have been deprecated." )]
+class CIM_MemberPrincipal : CIM_MemberOfCollection {
+
+ [Deprecated { "CIM_MemberOfCollection.Collection" },
+ Aggregate, Override ( "Collection" )]
+ CIM_Collection REF Collection;
+
+ [Deprecated { "CIM_MemberOfCollection.Member" },
+ Override ( "Member" )]
+ CIM_ManagedElement REF Member;
+
+ [Deprecated { "No value" },
+ Description (
+ "A MemberPrincipal may be identifed in several ways that "
+ "may be either direct or indirect membership in the "
+ "collection. \n"
+ "-A \'UsersAccess\' membership directly identifies the "
+ "user by the UsersAccess object instance. \n"
+ "- An \'Account\' membership directly identifies the user "
+ "by the Account object class instance. \n"
+ "- A \'UsingElement\' membership indirectly identifies "
+ "the user by the ManagedElement object instance that has "
+ "ElementAsUser associations to UsersAccess object "
+ "instances. Hence, all UsersAccess instances are "
+ "indirectly included in the collection." ),
+ ValueMap { "1", "2", "3", "4" },
+ Values { "UsersAccess", "Account", "UsingElement",
+ "CredentialManagementService" }]
+ uint16 UserAccessBy;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_MoreGroupInfo.mof b/Schemas/CIM236/DMTF/User/CIM_MoreGroupInfo.mof
new file mode 100644
index 0000000..e644176
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_MoreGroupInfo.mof
@@ -0,0 +1,21 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.7.0" ),
+ UMLPackagePath ( "CIM::User::Group" ),
+ Description (
+ "CIM_MoreGroupInfo is an association used to extend the "
+ "information in a CIM_Group class instance." )]
+class CIM_MoreGroupInfo : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The Group which has more information." )]
+ CIM_Group REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Max ( 1 ),
+ Description ( "Additional data concerning the Group." )]
+ CIM_OtherGroupInformation REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_MoreOrgUnitInfo.mof b/Schemas/CIM236/DMTF/User/CIM_MoreOrgUnitInfo.mof
new file mode 100644
index 0000000..37d08f9
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_MoreOrgUnitInfo.mof
@@ -0,0 +1,21 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.7.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "CIM_MoreOrgUnitInfo is an association used to extend the "
+ "information in an CIM_OrgUnit class instance." )]
+class CIM_MoreOrgUnitInfo : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The OrgUnit which has more information." )]
+ CIM_OrgUnit REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Max ( 1 ),
+ Description ( "Additional data concerning the OrgUnit." )]
+ CIM_OtherOrgUnitInformation REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_MoreOrganizationInfo.mof b/Schemas/CIM236/DMTF/User/CIM_MoreOrganizationInfo.mof
new file mode 100644
index 0000000..25eb891
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_MoreOrganizationInfo.mof
@@ -0,0 +1,21 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.7.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "CIM_MoreOrganizationInfo is an association used to extend the "
+ "information in a CIM_Organization class instance." )]
+class CIM_MoreOrganizationInfo : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The Organization which has more information." )]
+ CIM_Organization REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Max ( 1 ),
+ Description ( "Additional data concerning the Organization." )]
+ CIM_OtherOrganizationInformation REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_MorePersonInfo.mof b/Schemas/CIM236/DMTF/User/CIM_MorePersonInfo.mof
new file mode 100644
index 0000000..08d251f
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_MorePersonInfo.mof
@@ -0,0 +1,21 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.7.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "CIM_MorePersonInfo is an association used to extend the "
+ "information in a CIM_Person class instance." )]
+class CIM_MorePersonInfo : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The Person which has more information." )]
+ CIM_Person REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Max ( 1 ),
+ Description ( "Additional data concerning the Person." )]
+ CIM_OtherPersonInformation REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_MoreRoleInfo.mof b/Schemas/CIM236/DMTF/User/CIM_MoreRoleInfo.mof
new file mode 100644
index 0000000..e049dc7
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_MoreRoleInfo.mof
@@ -0,0 +1,21 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.7.0" ),
+ UMLPackagePath ( "CIM::User::Role" ),
+ Description (
+ "CIM_MoreRoleInfo is an association used to extend the "
+ "information in a CIM_Role class instance." )]
+class CIM_MoreRoleInfo : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The Role which has more information." )]
+ CIM_Role REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Max ( 1 ),
+ Description ( "Additional data concerning the Role." )]
+ CIM_OtherRoleInformation REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_NamedCredential.mof b/Schemas/CIM236/DMTF/User/CIM_NamedCredential.mof
new file mode 100644
index 0000000..9bb7186
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_NamedCredential.mof
@@ -0,0 +1,88 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.31.1" ),
+ UMLPackagePath ( "CIM::User::SharedSecret" ),
+ Description (
+ "CIM_NamedCredential indirectly represents a shared secret "
+ "credential. The local identity, IKEIdentity, and the remote "
+ "peer identity share the secret that is named by the "
+ "SharedSecretName. The SharedSecretName is used by the "
+ "SharedSecretService to reference the secret." )]
+class CIM_NamedCredential : CIM_Credential {
+
+ [Key, Override ( "InstanceID" ),
+ Description (
+ "Within the scope of the instantiating Namespace, "
+ "InstanceID opaquely and uniquely identifies an instance "
+ "of this class. In order to ensure uniqueness within the "
+ "NameSpace, the value of InstanceID SHOULD be constructed "
+ "using the following \'preferred\' algorithm: \n"
+ "<OrgID>:<LocalID> \n"
+ "Where <OrgID> and <LocalID> are separated by a colon "
+ "\':\', and where <OrgID> MUST include a copyrighted, "
+ "trademarked or otherwise unique name that is owned by "
+ "the business entity creating/defining the InstanceID, or "
+ "is a registered ID that is assigned to the business "
+ "entity by a recognized global authority. (This is "
+ "similar to the <Schema Name>_<Class Name> structure of "
+ "Schema class names.) In addition, to ensure uniqueness, "
+ "<OrgID> MUST NOT contain a colon (\':\'). When using "
+ "this algorithm, the first colon to appear in InstanceID "
+ "MUST appear between <OrgID> and <LocalID>. \n"
+ "<LocalID> is chosen by the organizational entity and "
+ "SHOULD not be re-used to identify different underlying "
+ "(real-world) elements. If the above \'preferred\' "
+ "algorithm is not used, the defining entity MUST assure "
+ "that the resultant InstanceID is not re-used across any "
+ "InstanceIDs produced by this or other providers for this "
+ "instance\'s NameSpace. \n"
+ "For DMTF defined instances, the \'preferred\' algorithm "
+ "MUST be used with the <OrgID> set to \'CIM\'." )]
+ string InstanceID;
+
+ [Description (
+ "The local Identity with whom the direct trust relationship exists."
+ ),
+ MaxLen ( 256 ),
+ ModelCorrespondence { "CIM_NamedCredential.LocalIdentityType" }]
+ string LocalIdentity;
+
+ [Description (
+ "LocalIdentityType is used to describe the type of the "
+ "LocalIdentity." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11" },
+ Values { "IPV4_ADDR", "FQDN", "USER_FQDN",
+ "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
+ "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
+ "DER_ASN1_GN", "KEY_ID" },
+ ModelCorrespondence { "CIM_NamedCredential.LocalIdentity" }]
+ uint16 LocalIdentityType;
+
+ [Description (
+ "The peer identity with whom the direct trust relationship exists."
+ ),
+ MaxLen ( 256 ),
+ ModelCorrespondence { "CIM_NamedCredential.PeerIdentityType" }]
+ string PeerIdentity;
+
+ [Description (
+ "PeerIdentityType is used to describe the type of the PeerIdentity."
+ ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11" },
+ Values { "IPV4_ADDR", "FQDN", "USER_FQDN",
+ "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
+ "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
+ "DER_ASN1_GN", "KEY_ID" },
+ ModelCorrespondence { "CIM_NamedCredential.PeerIdentity" }]
+ uint16 PeerIdentityType;
+
+ [Description (
+ "SharedSecretName is an indirect reference to a shared "
+ "secret. The SecretService does not expose the actual "
+ "secret but rather provides access to the secret via a "
+ "name." )]
+ string SharedSecretName;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_NamedSharedIKESecret.mof b/Schemas/CIM236/DMTF/User/CIM_NamedSharedIKESecret.mof
new file mode 100644
index 0000000..5cecd08
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_NamedSharedIKESecret.mof
@@ -0,0 +1,91 @@
+// Copyright (c) 2007, DMTF. All rights reserved.
+ [Deprecated { "CIM_NamedCredential" },
+ Version ( "2.16.0" ),
+ UMLPackagePath ( "CIM::User::SharedSecret" ),
+ Description (
+ "CIM_NamedSharedIKESecret indirectly represents a shared secret "
+ "credential. The local identity, IKEIdentity, and the remote "
+ "peer identity share the secret that is named by the "
+ "SharedSecretName. The SharedSecretName is used by the "
+ "SharedSecretService to reference the secret." )]
+class CIM_NamedSharedIKESecret : CIM_Credential {
+
+ [Deprecated { "CIM_NamedCredential.InstanceID" },
+ Key, Description ( "The scoping System\'s CCN." ),
+ MaxLen ( 256 ),
+ Propagated (
+ "CIM_SharedSecretService.SystemCreationClassName" )]
+ string SystemCreationClassName;
+
+ [Deprecated { "CIM_NamedCredential.InstanceID" },
+ Key, Description ( "The scoping System\'s Name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_SharedSecretService.SystemName" )]
+ string SystemName;
+
+ [Deprecated { "CIM_NamedCredential.InstanceID" },
+ Key, Description ( "The scoping Service\'s CCN." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_SharedSecretService.CreationClassName" )]
+ string ServiceCreationClassName;
+
+ [Deprecated { "CIM_NamedCredential.InstanceID" },
+ Key, Description ( "The scoping Service\'s Name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_SharedSecretService.Name" )]
+ string ServiceName;
+
+ [Deprecated { "CIM_NamedCredential.LocalIdentity" },
+ Key, Description (
+ "The local Identity with whom the direct trust relationship exists."
+ ),
+ MaxLen ( 256 ),
+ ModelCorrespondence {
+ "CIM_NamedSharedIKESecret.LocalIdentityType" }]
+ string LocalIdentity;
+
+ [Deprecated { "CIM_NamedCredential.LocalIdentityType" },
+ Key, Description (
+ "LocalIdentityType is used to describe the type of the "
+ "LocalIdentity." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11" },
+ Values { "IPV4_ADDR", "FQDN", "USER_FQDN",
+ "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
+ "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
+ "DER_ASN1_GN", "KEY_ID" },
+ ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentity" }]
+ uint16 LocalIdentityType;
+
+ [Deprecated { "CIM_NamedCredential.PeerIdentity" },
+ Key, Description (
+ "The peer identity with whom the direct trust relationship exists."
+ ),
+ MaxLen ( 256 ),
+ ModelCorrespondence {
+ "CIM_NamedSharedIKESecret.PeerIdentityType" }]
+ string PeerIdentity;
+
+ [Deprecated { "CIM_NamedCredential.PeerIdentityType" },
+ Key, Description (
+ "PeerIdentityType is used to describe the type of the PeerIdentity."
+ ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11" },
+ Values { "IPV4_ADDR", "FQDN", "USER_FQDN",
+ "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
+ "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
+ "DER_ASN1_GN", "KEY_ID" },
+ ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentity" }]
+ uint16 PeerIdentityType;
+
+ [Deprecated { "CIM_NamedCredential.SharedSecretName" },
+ Description (
+ "SharedSecretName is an indirect reference to a shared "
+ "secret. The SecretService does not expose the actual "
+ "secret but rather provides access to the secret via a "
+ "name." )]
+ string SharedSecretName;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_Notary.mof b/Schemas/CIM236/DMTF/User/CIM_Notary.mof
new file mode 100644
index 0000000..b008858
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_Notary.mof
@@ -0,0 +1,45 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::UsersAccess" ),
+ Description (
+ "CIM_Notary is an AuthenticationService which compares the "
+ "biometric characteristics of a person with known "
+ "characteristics, to establish identity. An example is a bank "
+ "teller who compares a picture ID with the person trying to "
+ "cash a check, or a biometric login service that uses voice "
+ "recognition to identify a \'user\'." )]
+class CIM_Notary : CIM_CredentialManagementService {
+
+ [Description (
+ "The types of biometric information which this Notary can compare."
+ ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8" },
+ Values { "N/A", "Other", "Facial", "Retina", "Mark",
+ "Finger", "Voice", "DNA-RNA", "EEG" }]
+ uint16 Comparitors;
+
+ [Description (
+ "The SealProtocol is how the decision of the Notary is "
+ "recorded for future use by parties who will rely on its "
+ "decision. For instance, a drivers licence frequently "
+ "includes tamper-resistent coatings and markings to "
+ "protect the recorded decision that a driver, having "
+ "various biometric characteristics of height, weight, "
+ "hair and eye color, using a particular name, has "
+ "features represented in a photograph of their face." )]
+ string SealProtocol;
+
+ [Description (
+ "CharterIssued documents when the Notary is first "
+ "authorized, by whoever gave it responsibility, to "
+ "perform its service." )]
+ datetime CharterIssued;
+
+ [Description (
+ "CharterExpired documents when the Notary is no longer "
+ "authorized, by whoever gave it responsibility, to "
+ "perform its service." )]
+ datetime CharterExpired;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_NotaryVerifiesBiometric.mof b/Schemas/CIM236/DMTF/User/CIM_NotaryVerifiesBiometric.mof
new file mode 100644
index 0000000..1be6138
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_NotaryVerifiesBiometric.mof
@@ -0,0 +1,30 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_ManagedCredential" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::UsersAccess" ),
+ Description (
+ "This relationship associates a Notary service with the Users "
+ "Access whose biometric information is verified. It is "
+ "deprecated since one of its references (UsersAccess) is "
+ "deprecated, and because specific biometric credentials are "
+ "defined in a new subclass of CIM_Credential (specifically, "
+ "BiometricCredential). Given the latter, the relationship of a "
+ "Credential to its management service (ManagedCredential) can "
+ "be used directly." )]
+class CIM_NotaryVerifiesBiometric : CIM_Dependency {
+
+ [Deprecated { "CIM_ManagedCredential.Antecedent" },
+ Override ( "Antecedent" ),
+ Description (
+ "The Notary service that verifies biometric information." )]
+ CIM_Notary REF Antecedent;
+
+ [Deprecated { "CIM_ManagedCredential.Dependent" },
+ Override ( "Dependent" ),
+ Description (
+ "The UsersAccess that represents a person using biometric "
+ "information for authentication." )]
+ CIM_UsersAccess REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_OpaqueManagementDataOwner.mof b/Schemas/CIM236/DMTF/User/CIM_OpaqueManagementDataOwner.mof
new file mode 100644
index 0000000..e729c49
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_OpaqueManagementDataOwner.mof
@@ -0,0 +1,30 @@
+// Copyright (c) 2009 DMTF. All rights reserved.
+ [Association, Version ( "2.22.0" ),
+ UMLPackagePath ( "CIM::User::OpaqueManagementData" ),
+ Description (
+ "CIM_OpaqueManagementDataOwner describes ownership of opaque "
+ "data by CIM_Identity instances. The definition of "
+ "CIM_OpaqueManagementDataOwner as a subclass of "
+ "CIM_AssociatedPrivilege represents the fact that the owner of "
+ "opaque management data often has privileges to access it, but "
+ "additionally is responsible for its existence and may have a "
+ "storage quota against which it is applied. The definition of a "
+ "distinct subclass facilitates discovery of the owning "
+ "CIM_Identity instance." )]
+class CIM_OpaqueManagementDataOwner : CIM_AssociatedPrivilege {
+
+ [Override ( "Subject" ),
+ Description (
+ "The CIM_Identity instance for whom privileges to the "
+ "Target are granted or denied, and who is the owner of "
+ "the Target." )]
+ CIM_ManagedElement REF Subject;
+
+ [Override ( "Target" ),
+ Description (
+ "The opaque management data to which the privileges and "
+ "ownership apply." )]
+ CIM_ManagedElement REF Target;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_OrgStructure.mof b/Schemas/CIM236/DMTF/User/CIM_OrgStructure.mof
new file mode 100644
index 0000000..47be88c
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_OrgStructure.mof
@@ -0,0 +1,23 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Aggregation, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "CIM_OrgStructure is an association used to establish "
+ "parent-child relationships between OrganizationalEntity "
+ "instances. This is used to capture organizational "
+ "relationships between object instances such as those that are "
+ "imported from an LDAP-accessible directory." )]
+class CIM_OrgStructure {
+
+ [Key, Aggregate, Max ( 1 ),
+ Description (
+ "The organizational parent in this association." )]
+ CIM_OrganizationalEntity REF Parent;
+
+ [Key, Description (
+ "The organizational child in this association, i.e., the "
+ "sub-unit or other owned object instance." )]
+ CIM_OrganizationalEntity REF Child;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_OrgUnit.mof b/Schemas/CIM236/DMTF/User/CIM_OrgUnit.mof
new file mode 100644
index 0000000..b54f269
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_OrgUnit.mof
@@ -0,0 +1,77 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "The OrgUnit class is used to represent a sub-unit of an "
+ "organization such a division or department. The class is "
+ "defined so as to incorporate commonly-used LDAP attributes to "
+ "permit implementations to easily derive this information from "
+ "LDAP-accessible directories. This class\'s properties are a "
+ "subset of a related class, OtherOrgUnitInformation, which "
+ "defines all the group properties and in array form for "
+ "directory compatibility." )]
+class CIM_OrgUnit : CIM_OrganizationalEntity {
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Description (
+ "The Name property defines the label by which the object "
+ "is known. In the case of an LDAP-derived instance, the "
+ "Name property value may be set to the distinguished name "
+ "of the LDAP-accessed object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "This property describes the kind of business performed "
+ "by an organizational unit." ),
+ MaxLen ( 128 )]
+ string BusinessCategory;
+
+ [Description (
+ "The organizational unit\'s facsimile telephone number." )]
+ string FacsimileTelephoneNumber;
+
+ [Description (
+ "This property contains the name of a locality, such as a "
+ "city, county or other geographic region." )]
+ string LocalityName;
+
+ [Required, Description (
+ "The name of the organizational unit." )]
+ string OU;
+
+ [Description (
+ "The PostalAddress property values specify the address "
+ "information required for the physical delivery of postal "
+ "messages by the postal authority to the organizational "
+ "unit." )]
+ string PostalAddress[];
+
+ [Description (
+ "The PostalCode property specifies the postal code of the "
+ "organizational unit. If this value is present it will be "
+ "part of the object\'s postal address." ),
+ MaxLen ( 40 )]
+ string PostalCode;
+
+ [Description (
+ "The State or Province name property specifies a state or province."
+ )]
+ string StateOrProvince;
+
+ [Description (
+ "The TelephoneNumber property specifies a telephone "
+ "number of the organizational unit, e.g. + 44 582 10101)." ),
+ MaxLen ( 32 )]
+ string TelephoneNumber;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_Organization.mof b/Schemas/CIM236/DMTF/User/CIM_Organization.mof
new file mode 100644
index 0000000..a2d3bcf
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_Organization.mof
@@ -0,0 +1,80 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "The Organization class is used to represent an organization "
+ "such as a corporation or other autonomous entity. The class is "
+ "defined so as to incorporate commonly-used LDAP attributes to "
+ "permit implementations to easily derive this information from "
+ "LDAP-accessible directories. This class\'s properties are a "
+ "subset of a related class, OtherOrganizationInformation, which "
+ "defines all the group properties and in array form for "
+ "directory compatibility." )]
+class CIM_Organization : CIM_OrganizationalEntity {
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Description (
+ "The Name property defines the label by which the object "
+ "is known. In the case of an LDAP-derived instance, the "
+ "Name property value may be set to the distinguished name "
+ "of the LDAP-accessed object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "This property describes the kind of business performed "
+ "by an organization." ),
+ MaxLen ( 128 )]
+ string BusinessCategory;
+
+ [Description (
+ "The organization\'s facsimile telephone number." )]
+ string FacsimileTelephoneNumber;
+
+ [Description (
+ "This property contains the name of a locality, such as a "
+ "city, county or other geographic region." )]
+ string LocalityName;
+
+ [Description (
+ "Based on RFC1274, the mail box addresses for the "
+ "organization as defined in RFC822." )]
+ string Mail;
+
+ [Required, Description ( "The name of the organization." )]
+ string OrganizationName;
+
+ [Description (
+ "The PostalAddress property values specify the address "
+ "information required for the physical delivery of postal "
+ "messages by the postal authority to the organization." )]
+ string PostalAddress[];
+
+ [Description (
+ "The PostalCode property specifies the postal code of the "
+ "organization. If this value is present it will be part "
+ "of the object\'s postal address." ),
+ MaxLen ( 40 )]
+ string PostalCode;
+
+ [Description (
+ "The State or Province name property specifies a state or province."
+ )]
+ string StateOrProvince;
+
+ [Description (
+ "The TelephoneNumber property specifies a telephone "
+ "number of the organization, e.g. + 44 582 10101)." ),
+ MaxLen ( 32 )]
+ string TelephoneNumber;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_OrganizationalEntity.mof b/Schemas/CIM236/DMTF/User/CIM_OrganizationalEntity.mof
new file mode 100644
index 0000000..d17b527
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_OrganizationalEntity.mof
@@ -0,0 +1,10 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Abstract, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "OrganizationalEntity is an abstract class from which classes "
+ "that fit into an organizational structure are derived." )]
+class CIM_OrganizationalEntity : CIM_ManagedElement {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_OtherGroupInformation.mof b/Schemas/CIM236/DMTF/User/CIM_OtherGroupInformation.mof
new file mode 100644
index 0000000..435a6bb
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_OtherGroupInformation.mof
@@ -0,0 +1,83 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Group" ),
+ Description (
+ "The OtherGroupInformation class provides additional "
+ "information about an associated Group instance. This class is "
+ "defined so as to incorporate commonly-used LDAP attributes to "
+ "permit implementations to easily derive this information from "
+ "LDAP-accessible directories." )]
+class CIM_OtherGroupInformation : CIM_ManagedElement {
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Description (
+ "The Name property defines the label by which the object "
+ "is known. In the case of an LDAP-derived instance, the "
+ "Name property value may be set to the distinguished name "
+ "of the LDAP-accessed object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "In the case of an LDAP-derived instance, the ObjectClass "
+ "property value(s) may be set to the objectClass "
+ "attribute values." )]
+ string ObjectClass[];
+
+ [Description (
+ "The BusinessCategory property may be used to describe "
+ "the kind of business activity performed by the members "
+ "of the group." ),
+ MaxLen ( 128 )]
+ string BusinessCategory[];
+
+ [Description (
+ "A Common Name is a (possibly ambiguous) name by which "
+ "the group is commonly known in some limited scope (such "
+ "as an organization) and conforms to the naming "
+ "conventions of the country or culture with which it is "
+ "associated." )]
+ string CommonName[];
+
+ [Description (
+ "The Descriptions property values may contain "
+ "human-readable descriptions of the object. In the case "
+ "of an LDAP-derived instance, the description attribute "
+ "may have multiple values that, therefore, cannot be "
+ "placed in the inherited Description property." ),
+ MaxLen ( 1024 )]
+ string Descriptions[];
+
+ [Description (
+ "The name of an organization related to the group." )]
+ string OrganizationName[];
+
+ [Description (
+ "The name of an organizational unit related to the group." )]
+ string OU[];
+
+ [Description (
+ "The Owner property specifies the name of some object "
+ "that has some responsibility for the group. In the case "
+ "of an LDAP-derived instance, a property value for Owner "
+ "may be a distinguished name of owning persons, groups, "
+ "roles, etc." )]
+ string Owner[];
+
+ [Description (
+ "In the case of an LDAP-derived instance, the SeeAlso "
+ "property specifies distinguished name of other Directory "
+ "objects which may be other aspects (in some sense) of "
+ "the same real world object." )]
+ string SeeAlso[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_OtherOrgUnitInformation.mof b/Schemas/CIM236/DMTF/User/CIM_OtherOrgUnitInformation.mof
new file mode 100644
index 0000000..56a2f59
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_OtherOrgUnitInformation.mof
@@ -0,0 +1,165 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "The OtherOrgUnitInformation class is used to provide "
+ "additional information about an associated OrgUnit instance. "
+ "This class is defined so as to incorporate commonly-used LDAP "
+ "attributes to permit implementations to easily derive this "
+ "information from LDAP-accessible directories." )]
+class CIM_OtherOrgUnitInformation : CIM_ManagedElement {
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Description (
+ "The Name property defines the label by which the object "
+ "is known. In the case of an LDAP-derived instance, the "
+ "Name property value may be set to the distinguished name "
+ "of the LDAP-accessed object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "In the case of an LDAP-derived instance, the ObjectClass "
+ "property value(s) may be set to the objectClass "
+ "attribute values." )]
+ string ObjectClass[];
+
+ [Description (
+ "This property describes the kind of business performed "
+ "by an organizational unit." ),
+ MaxLen ( 128 )]
+ string BusinessCategory[];
+
+ [Description (
+ "The Descriptions property values may contain "
+ "human-readable descriptions of the object. In the case "
+ "of an LDAP-derived instance, the description attribute "
+ "may have multiple values that, therefore, cannot be "
+ "placed in the inherited Description property." ),
+ MaxLen ( 1024 )]
+ string Descriptions[];
+
+ [Description (
+ "This property is used for the organizational unit\'s "
+ "telegram service." ),
+ MaxLen ( 128 )]
+ string DestinationIndicator[];
+
+ [Description (
+ "The organizational unit\'s facsimile telephone number." )]
+ string FacsimileTelephoneNumber[];
+
+ [Description (
+ "The organizational unit\'s International ISDN number." ),
+ MaxLen ( 16 )]
+ string InternationaliSDNNumber[];
+
+ [Description (
+ "This property contains the name of a locality, such as a "
+ "city, county or other geographic region." )]
+ string LocalityName[];
+
+ [Description ( "The name of the organizational unit." )]
+ string OU[];
+
+ [Description (
+ "The PhysicalDeliveryOfficeName property specifies the "
+ "name of the city, village, etc. where a physical "
+ "delivery office is situated." ),
+ MaxLen ( 128 )]
+ string PhysicalDeliveryOfficeName[];
+
+ [Description (
+ "The PostalAddress property values specify the address "
+ "information required for the physical delivery of postal "
+ "messages by the postal authority to the organizational "
+ "unit." )]
+ string PostalAddress[];
+
+ [Description (
+ "The PostalCode property specifies the postal code of the "
+ "organizational unit. If this value is present it will be "
+ "part of the object\'s postal address." ),
+ MaxLen ( 40 )]
+ string PostalCode[];
+
+ [Description (
+ "The PostOfficeBox property specifies the PO box by which "
+ "the organizational unit will receive physical postal "
+ "delivery. If present, the property value is part of the "
+ "object\'s postal address." ),
+ MaxLen ( 40 )]
+ string PostOfficeBox[];
+
+ [Description (
+ "The PreferredDeliveryMethod property specifies the "
+ "organizational unit\'s preferred method to be used for "
+ "communicating with it." )]
+ string PreferredDeliveryMethod;
+
+ [Description (
+ "This property value is for use by X.500 clients in "
+ "constructing search filters." )]
+ string SearchGuide[];
+
+ [Description (
+ "In the case of an LDAP-derived instance, the SeeAlso "
+ "property specifies distinguished name of other Directory "
+ "objects which may be other aspects (in some sense) of "
+ "the same real world object." )]
+ string SeeAlso[];
+
+ [Description (
+ "The State or Province name property specifies a state or province."
+ )]
+ string StateOrProvince[];
+
+ [Description (
+ "The Street address property specifies a site for the "
+ "local distribution and physical delivery in a postal "
+ "address, i.e. the street name, place, avenue, and the "
+ "number." ),
+ MaxLen ( 128 )]
+ string Street[];
+
+ [Description (
+ "The TelephoneNumber property specifies a telephone "
+ "number of the organizational unit, e.g. + 44 582 10101)." ),
+ MaxLen ( 32 )]
+ string TelephoneNumber[];
+
+ [Description (
+ "The TeletexTerminalIdentifier property specifies the "
+ "Teletex terminal identifier (and, optionally, "
+ "parameters) for a teletex terminal associated with the "
+ "organizational unit." )]
+ string TeletexTerminalIdentifier[];
+
+ [Description (
+ "The TelexNumber property specifies the telex number, "
+ "country code, and answerback code of a telex terminal "
+ "for the organization." )]
+ string TelexNumber[];
+
+ [Description (
+ "In the case of an LDAP-derived instance, the "
+ "UserPassword property may contain an encrypted password "
+ "used to access the organizational unit\'s resources in a "
+ "directory." ),
+ OctetString]
+ string UserPassword[];
+
+ [Description ( "An X.121 address for the organization." ),
+ MaxLen ( 15 )]
+ string X121Address[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_OtherOrganizationInformation.mof b/Schemas/CIM236/DMTF/User/CIM_OtherOrganizationInformation.mof
new file mode 100644
index 0000000..b80b345
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_OtherOrganizationInformation.mof
@@ -0,0 +1,202 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "The OtherOrganizationInformation class is used to provide "
+ "additional information about an associated Organization "
+ "instance. This class is defined so as to incorporate "
+ "commonly-used LDAP attributes to permit implementations to "
+ "easily derive this information from LDAP-accessible "
+ "directories." )]
+class CIM_OtherOrganizationInformation : CIM_ManagedElement {
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Description (
+ "The Name property defines the label by which the object "
+ "is known. In the case of an LDAP-derived instance, the "
+ "Name property value may be set to the distinguished name "
+ "of the LDAP-accessed object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "In the case of an LDAP-derived instance, the ObjectClass "
+ "property value(s) may be set to the objectClass "
+ "attribute values." )]
+ string ObjectClass[];
+
+ [Description (
+ "This property describes the kind of business performed "
+ "by an organization." ),
+ MaxLen ( 128 )]
+ string BusinessCategory[];
+
+ [Description (
+ "The Descriptions property values may contain "
+ "human-readable descriptions of the object. In the case "
+ "of an LDAP-derived instance, the description attribute "
+ "may have multiple values that, therefore, cannot be "
+ "placed in the inherited Description property." ),
+ MaxLen ( 1024 )]
+ string Descriptions[];
+
+ [Description (
+ "This property is used for the organization\'s telegram service."
+ ),
+ MaxLen ( 128 )]
+ string DestinationIndicator[];
+
+ [Description (
+ "The organization\'s facsimile telephone number." )]
+ string FacsimileTelephoneNumber[];
+
+ [Description ( "The organization\'s International ISDN number." ),
+ MaxLen ( 16 )]
+ string InternationaliSDNNumber[];
+
+ [Description (
+ "Uniform Resource Identifier with optional label as "
+ "defined in RFC2079." )]
+ string LabeledURI[];
+
+ [Description (
+ "This property contains the name of a locality, such as a "
+ "city, county or other geographic region." )]
+ string LocalityName[];
+
+ [Description (
+ "Based on RFC1274, the mail box addresses for the "
+ "organization as defined in RFC822." )]
+ string Mail[];
+
+ [Description (
+ "The manager for the organization. In the case of an "
+ "LDAP-derived instance, the Manager property value may "
+ "contain the distinguished name of the Manager." )]
+ string Manager[];
+
+ [Description ( "The name of the organization." )]
+ string OrganizationName[];
+
+ [Description (
+ "Based on RFC1274, this property may be used for "
+ "electronic mail box addresses other than RFC822 and "
+ "X.400." )]
+ string OtherMailbox[];
+
+ [Description (
+ "The PhysicalDeliveryOfficeName property specifies the "
+ "name of the city, village, etc. where a physical "
+ "delivery office is situated." ),
+ MaxLen ( 128 )]
+ string PhysicalDeliveryOfficeName[];
+
+ [Description (
+ "The PostalAddress property values specify the address "
+ "information required for the physical delivery of postal "
+ "messages by the postal authority to the organization." )]
+ string PostalAddress[];
+
+ [Description (
+ "The PostalCode property specifies the postal code of the "
+ "organization. If this value is present it will be part "
+ "of the object\'s postal address." ),
+ MaxLen ( 40 )]
+ string PostalCode[];
+
+ [Description (
+ "The PostOfficeBox property specifies the PO box by which "
+ "the organization will receive physical postal delivery. "
+ "If present, the property value is part of the object\'s "
+ "postal address." ),
+ MaxLen ( 40 )]
+ string PostOfficeBox[];
+
+ [Description (
+ "The PreferredDeliveryMethod property specifies the "
+ "organization\'s preferred method to be used for "
+ "communicating with it." )]
+ string PreferredDeliveryMethod;
+
+ [Description (
+ "This property specifies a postal address suitable for "
+ "receipt of telegrams or expedited documents, where it is "
+ "necessary to have the recipient accept delivery." )]
+ string RegisteredAddress[];
+
+ [Description (
+ "This property value is for use by X.500 clients in "
+ "constructing search filters." )]
+ string SearchGuide[];
+
+ [Description (
+ "In the case of an LDAP-derived instance, the SeeAlso "
+ "property specifies distinguishedName of other Directory "
+ "objects which may be other aspects (in some sense) of "
+ "the same real world object." )]
+ string SeeAlso[];
+
+ [Description (
+ "The State or Province name property specifies a state or province."
+ )]
+ string StateOrProvince[];
+
+ [Description (
+ "The Street address property specifies a site for the "
+ "local distribution and physical delivery in a postal "
+ "address, i.e. the street name, place, avenue, and the "
+ "number." ),
+ MaxLen ( 128 )]
+ string Street[];
+
+ [Description (
+ "The TelephoneNumber property specifies a telephone "
+ "number of the organization, e.g. + 44 582 10101)." ),
+ MaxLen ( 32 )]
+ string TelephoneNumber[];
+
+ [Description (
+ "The TeletexTerminalIdentifier property specifies the "
+ "Teletex terminal identifier (and, optionally, "
+ "parameters) for a teletex terminal associated with the "
+ "organization." )]
+ string TeletexTerminalIdentifier[];
+
+ [Description (
+ "The TelexNumber property specifies the telex number, "
+ "country code, and answerback code of a telex terminal "
+ "for the organization." )]
+ string TelexNumber[];
+
+ [Description ( "An image of the organization logo." ),
+ OctetString]
+ string ThumbnailLogo[];
+
+ [Description (
+ "A unique identifier that may be assigned in an "
+ "environment to differentiate between uses of a given "
+ "named organization instance." )]
+ string UniqueIdentifier[];
+
+ [Description (
+ "In the case of an LDAP-derived instance, the "
+ "UserPassword property may contain an encrypted password "
+ "used to access the organization\'s resources in a "
+ "directory." ),
+ OctetString]
+ string UserPassword[];
+
+ [Description ( "An X.121 address for the organization." ),
+ MaxLen ( 15 )]
+ string X121Address[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_OtherPersonInformation.mof b/Schemas/CIM236/DMTF/User/CIM_OtherPersonInformation.mof
new file mode 100644
index 0000000..7194f52
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_OtherPersonInformation.mof
@@ -0,0 +1,405 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.7.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "The OtherPersonInformation class is used to provide additional "
+ "information about an associated Person instance. This class is "
+ "defined so as to incorporate commonly-used LDAP attributes to "
+ "permit implementations to easily derive this information from "
+ "LDAP-accessible directories." )]
+class CIM_OtherPersonInformation : CIM_ManagedElement {
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Description (
+ "The Name property defines the label by which the object "
+ "is known. In the case of an LDAP-derived instance, the "
+ "Name property value may be set to the distinguished name "
+ "of the LDAP-accessed object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "In the case of an LDAP-derived instance, the ObjectClass "
+ "property value(s) may be set to the objectClass "
+ "attribute values." )]
+ string ObjectClass[];
+
+ [Description (
+ "The Audio property may be used to store an audio clip of "
+ "the person." ),
+ OctetString]
+ string Audio[];
+
+ [Description (
+ "This property describes the kind of business performed "
+ "by an organization." ),
+ MaxLen ( 128 )]
+ string BusinessCategory[];
+
+ [Description (
+ "The CarLicense property is used to record the values of "
+ "the vehicle license or registration plate associated "
+ "with an individual." ),
+ MaxLen ( 128 )]
+ string CarLicense[];
+
+ [Description (
+ "A CommonName is a (possibly ambiguous) name by which the "
+ "role is commonly known in some limited scope (such as an "
+ "organization) and conforms to the naming conventions of "
+ "the country or culture with which it is associated." )]
+ string CommonName[];
+
+ [Description (
+ "The CountryName property specifies a country as defined "
+ "in ISO 3166." )]
+ string CountryName[];
+
+ [Description (
+ "Based on inetOrgPerson, the DepartmentNumber is a code "
+ "for department to which a person belongs. This can be "
+ "strictly numeric (e.g., 1234) or alphanumeric (e.g., "
+ "ABC/123)." )]
+ string DepartmentNumber[];
+
+ [Description (
+ "The Descriptions property values may contain "
+ "human-readable descriptions of the object. In the case "
+ "of an LDAP-derived instance, the description attribute "
+ "may have multiple values that, therefore, cannot be "
+ "placed in the inherited Description property." ),
+ MaxLen ( 1024 )]
+ string Descriptions[];
+
+ [Description (
+ "This property is used for the organization\'s telegram service."
+ ),
+ MaxLen ( 128 )]
+ string DestinationIndicator[];
+
+ [Description (
+ "Based on inetOrgPerson, the DisplayName property values "
+ "are used when displaying an entry." )]
+ string DisplayName[];
+
+ [Description (
+ "Based on inetOrgPerson, the EmployeeNumber property "
+ "specifies a numeric or an alphanumeric identifier "
+ "assigned to a person." )]
+ string EmployeeNumber;
+
+ [Description (
+ "Based on inetOrgPerson, the EmployeeType property is "
+ "used to identify the employer to employee relationship. "
+ "Typical values used may include \'Contractor\', "
+ "\'Employee\', \'Intern\', \'Temp\', \'External\', and "
+ "\'Unknown\' but any value may be used." )]
+ string EmployeeType[];
+
+ [Description ( "The person\'s facsimile telephone number." )]
+ string FacsimileTelephoneNumber[];
+
+ [Description (
+ "Based on liPerson, the GenerationQualifier property "
+ "specifies a name qualifier that represents the person\'s "
+ "generation (e.g., JR., III, etc.)." )]
+ string GenerationQualifier[];
+
+ [Description (
+ "The GivenName property is used for the part of a "
+ "person\'s name that is not their surname nor their "
+ "middle name." )]
+ string GivenName[];
+
+ [Description (
+ "Based on liPerson, the HomeFax property specifies the "
+ "person\'s facsimile telephone number at home." )]
+ string HomeFax[];
+
+ [Description (
+ "Based on RFC1274, the HomePhone property specifies a "
+ "home telephone number for the person, e.g. + 44 582 "
+ "10101)." ),
+ MaxLen ( 32 )]
+ string HomePhone[];
+
+ [Description (
+ "The HomePostalAddress property values specify the home "
+ "address information required for the physical delivery "
+ "of postal messages by the postal authority." )]
+ string HomePostalAddress[];
+
+ [Description (
+ "Based on inetOrgPerson, the Initials property specifies "
+ "the first letters of the person\'s name, typically the "
+ "property values will exclude the first letter of the "
+ "surname." )]
+ string Initials[];
+
+ [Description ( "The person\'s International ISDN number." ),
+ MaxLen ( 16 )]
+ string InternationaliSDNNumber[];
+
+ [Description (
+ "From inetOrgPerson, the JPEG Photo property values may "
+ "be used for one or more images of a person using the "
+ "JPEG File Interchange Format." )]
+ string JPEGPhoto[];
+
+ [Description (
+ "Uniform Resource Identifier with optional label as "
+ "defined in RFC2079." )]
+ string LabeledURI[];
+
+ [Description (
+ "This property contains the name of a locality, such as a "
+ "city, county or other geographic region." )]
+ string LocalityName[];
+
+ [Description (
+ "Based on RFC1274, the mail box addresses for the person "
+ "as defined in RFC822." )]
+ string Mail[];
+
+ [Description (
+ "The person\'s manager within the organization. In the "
+ "case of an LDAP-derived instance, the Manager property "
+ "value may contain the distinguishedName of the Manager." )]
+ string Manager[];
+
+ [Description (
+ "Based on liPerson, the middle name of the person." )]
+ string MiddleName[];
+
+ [Description (
+ "Based on RFC1274, the Mobile phone property specifies a "
+ "mobile telephone number for the person, e.g. + 44 582 "
+ "10101)." ),
+ MaxLen ( 32 )]
+ string Mobile[];
+
+ [Required, Description (
+ "The name of the person\'s organization." )]
+ string OrganizationName[];
+
+ [Description (
+ "Based on RFC1274, the OrganizationalStatus property "
+ "specifies a category by which a person is often referred "
+ "to within an organization. Examples of usage in academia "
+ "might include undergraduate student, researcher, "
+ "lecturer, etc." )]
+ string OrganizationalStatus[];
+
+ [Description (
+ "Based on RFC1274, this property may be used for "
+ "electronic mail box addresses other than RFC822 and "
+ "X.400." )]
+ string OtherMailbox[];
+
+ [Description (
+ "The name of an organizational unit related to the person." )]
+ string OU[];
+
+ [Description (
+ "Based on RFC1274, the Pager property specifies a pager "
+ "telephone number for the person, e.g. + 44 582 10101)." ),
+ MaxLen ( 32 )]
+ string Pager[];
+
+ [Description (
+ "Based on liPerson, the PersonalTitle property may be "
+ "used to specify the person\'s personal title such as "
+ "Mr., Ms., Dr., Prof. etc." )]
+ string PersonalTitle[];
+
+ [Description (
+ "Based on RFC1274, the Photo property may be used to "
+ "specify a photograph for the person encoded in G3 fax as "
+ "explained in recommendation T.4, with an ASN.1 wrapper "
+ "to make it compatible with an X.400 BodyPart as defined "
+ "in X.420." ),
+ OctetString]
+ string Photo[];
+
+ [Description (
+ "The PhysicalDeliveryOfficeName property specifies the "
+ "name of the city, village, etc. where a physical "
+ "delivery office is situated." ),
+ MaxLen ( 128 )]
+ string PhysicalDeliveryOfficeName[];
+
+ [Description (
+ "The PostalAddress property values specify the address "
+ "information required for the physical delivery of postal "
+ "messages by the postal authority to the person." )]
+ string PostalAddress[];
+
+ [Description (
+ "The PostalCode property specifies the postal code of the "
+ "organization. If this value is present, it will be part "
+ "of the object\'s postal address." ),
+ MaxLen ( 40 )]
+ string PostalCode[];
+
+ [Description (
+ "The PostOfficeBox property specifies the PO box by which "
+ "the person will receive physical postal delivery. If "
+ "present, the property value is part of the object\'s "
+ "postal address." ),
+ MaxLen ( 40 )]
+ string PostOfficeBox[];
+
+ [Description (
+ "The PreferredDeliveryMethod property specifies the "
+ "preferred method to be used for contacting the person." )]
+ string PreferredDeliveryMethod;
+
+ [Description (
+ "Based on inetOrgPerson, the person\'s preferred written "
+ "or spoken language." )]
+ string PreferredLanguage;
+
+ [Description (
+ "This property specifies a postal address suitable for "
+ "receipt of telegrams or expedited documents, where it is "
+ "necessary to have the recipient accept delivery." )]
+ string RegisteredAddress[];
+
+ [Description (
+ "Based on RFC1274, the RoomNumber property specifies the "
+ "room number for the person." )]
+ string RoomNumber[];
+
+ [Description (
+ "Based on RFC1274, the Secretary property may be used to "
+ "specify a secretary for the person. In the case of an "
+ "LDAP-derived object instance, the value may be a "
+ "distinguishedName." )]
+ string Secretary[];
+
+ [Description (
+ "In the case of an LDAP-derived instance, the SeeAlso "
+ "property specifies distinguished name of other Directory "
+ "objects which may be other aspects (in some sense) of "
+ "the same real world object." )]
+ string SeeAlso[];
+
+ [Description (
+ "The State or Province name property specifies a state or province."
+ )]
+ string StateOrProvince[];
+
+ [Description (
+ "The Street address property specifies a site for the "
+ "local distribution and physical delivery in a postal "
+ "address, i.e. the street name, place, avenue, and the "
+ "number." ),
+ MaxLen ( 128 )]
+ string Street[];
+
+ [Description (
+ "The Surname property specifies the linguistic construct "
+ "that normally is inherited by an individual from the "
+ "individual\'s parent or assumed by marriage, and by "
+ "which the individual is commonly known." )]
+ string Surname[];
+
+ [Description (
+ "The TelephoneNumber property specifies a telephone "
+ "number of the organization, e.g. + 44 582 10101)." ),
+ MaxLen ( 32 )]
+ string TelephoneNumber[];
+
+ [Description (
+ "The TeletexTerminalIdentifier property specifies the "
+ "Teletex terminal identifier (and, optionally, "
+ "parameters) for a teletex terminal associated with the "
+ "organization." )]
+ string TeletexTerminalIdentifier[];
+
+ [Description (
+ "The TelexNumber property specifies the telex number, "
+ "country code, and answerback code of a telex terminal "
+ "for the organization." )]
+ string TelexNumber[];
+
+ [Description (
+ "A small image of the person\'s organization logo." ),
+ OctetString]
+ string ThumbnailLogo[];
+
+ [Description ( "A small image of the person." ),
+ OctetString]
+ string ThumbnailPhoto[];
+
+ [Description (
+ "The Title property may be used to specify the person\'s "
+ "designated position or function of the object within an "
+ "organization, e.g., Manager, Vice-President, etc." )]
+ string Title[];
+
+ [Description (
+ "Based on RFC1274, the UserID property may be used to "
+ "specify a computer system login name." )]
+ string UserID[];
+
+ [Description (
+ "A unique identifier that may be assigned in an "
+ "environment to differentiate between uses of a given "
+ "named person instance." )]
+ string UniqueIdentifier[];
+
+ [Description (
+ "Based on inetOrgPerson and for directory compatibility, "
+ "the UserCertificate property may be used to specify a "
+ "public key certificate for the person." ),
+ OctetString]
+ string UserCertificate[];
+
+ [Description (
+ "In the case of an LDAP-derived instance, the "
+ "UserPassword property may contain an encrypted password "
+ "used to access the person\'s resources in a directory." ),
+ OctetString]
+ string UserPassword[];
+
+ [Description (
+ "Based on inetOrgPerson and for directory compatibility, "
+ "the UserPKCS12 property value may be used to provide a "
+ "format for exchange of personal identity information. "
+ "The property values are PFX PDUs stored as Octetstrings." ),
+ OctetString]
+ string UserPKCS12[];
+
+ [Description (
+ "Based on inetOrgPerson, the User S/MIME Certificate "
+ "property may be used to specify the person\'s an S/MIME "
+ "(RFC1847) signed message with a zero-length body. It "
+ "contains the entire certificate chain and the signed "
+ "attribute that describes their algorithm capabilities. "
+ "If available, this property is preferred over the "
+ "UserCertificate property for S/MIME applications." ),
+ OctetString]
+ string UserSMIMECertificate[];
+
+ [Description ( "An X.121 address for the organization." ),
+ MaxLen ( 15 )]
+ string X121Address[];
+
+ [Description (
+ "An X.500 specified unique identifier that may be "
+ "assigned in an environment to differentiate between uses "
+ "of a given named person object instance." ),
+ OctetString]
+ string X500UniqueIdentifier[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_OtherRoleInformation.mof b/Schemas/CIM236/DMTF/User/CIM_OtherRoleInformation.mof
new file mode 100644
index 0000000..eba78d0
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_OtherRoleInformation.mof
@@ -0,0 +1,162 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Role" ),
+ Description (
+ "The OtherRoleInformation class is used to provide additional "
+ "information about an associated Role instance. This class is "
+ "defined so as to incorporate commonly-used LDAP attributes to "
+ "permit implementations to easily derive this information from "
+ "LDAP-accessible directories." )]
+class CIM_OtherRoleInformation : CIM_ManagedElement {
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Description (
+ "The Name property defines the label by which the object "
+ "is known. In the case of an LDAP-derived instance, the "
+ "Name property value may be set to the distinguished name "
+ "of the LDAP-accessed object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "In the case of an LDAP-derived instance, the ObjectClass "
+ "property value(s) may be set to the objectClass "
+ "attribute values." )]
+ string ObjectClass[];
+
+ [Description (
+ "This property may be used to describe the kind of "
+ "business activity performed by the members (role "
+ "occupants) in the position or set of responsibilities "
+ "represented by the Role." ),
+ MaxLen ( 128 )]
+ string BusinessCategory[];
+
+ [Description (
+ "A CommonName is a (possibly ambiguous) name by which the "
+ "role is commonly known in some limited scope (such as an "
+ "organization) and conforms to the naming conventions of "
+ "the country or culture with which it is associated." )]
+ string CommonName[];
+
+ [Description (
+ "The Descriptions property values may contain "
+ "human-readable descriptions of the object. In the case "
+ "of an LDAP-derived instance, the description attribute "
+ "may have multiple values that, therefore, cannot be "
+ "placed in the inherited Description property." ),
+ MaxLen ( 1024 )]
+ string Descriptions[];
+
+ [Description (
+ "This property is used for the role occupants\' telegram service."
+ ),
+ MaxLen ( 128 )]
+ string DestinationIndicator[];
+
+ [Description (
+ "The role occupants\' facsimile telephone number." )]
+ string FacsimileTelephoneNumber[];
+
+ [Description (
+ "The role occupants\' International ISDN number." ),
+ MaxLen ( 16 )]
+ string InternationaliSDNNumber[];
+
+ [Description (
+ "The name of an organizational unit related to the role." )]
+ string OU[];
+
+ [Description (
+ "The PhysicalDeliveryOfficeName property specifies the "
+ "name of the city, village, etc. where a physical "
+ "delivery office is situated." ),
+ MaxLen ( 128 )]
+ string PhysicalDeliveryOfficeName[];
+
+ [Description (
+ "The PostalAddress property values specify the address "
+ "information required for the physical delivery of postal "
+ "messages by the postal authority to the role occupants." )]
+ string PostalAddress[];
+
+ [Description (
+ "The PostalCode property specifies the postal code for "
+ "the role occupants. If this value is present it will be "
+ "part of the object\'s postal address." ),
+ MaxLen ( 40 )]
+ string PostalCode[];
+
+ [Description (
+ "The PostOfficeBox property specifies the PO box by which "
+ "the role occupants will receive physical postal "
+ "delivery. If present, the property value is part of the "
+ "object\'s postal address." ),
+ MaxLen ( 40 )]
+ string PostOfficeBox[];
+
+ [Description (
+ "The PreferredDeliveryMethod property specifies the role "
+ "occupants\' preferred method to be used for contacting "
+ "them in their role." )]
+ string PreferredDeliveryMethod;
+
+ [Description (
+ "This property specifies a postal address suitable for "
+ "receipt of telegrams or expedited documents, where it is "
+ "necessary to have the recipient accept delivery." )]
+ string RegisteredAddress[];
+
+ [Description (
+ "In the case of an LDAP-derived instance, the SeeAlso "
+ "property specifies distinguished name of other Directory "
+ "objects which may be other aspects (in some sense) of "
+ "the same real world object." )]
+ string SeeAlso[];
+
+ [Description (
+ "The State or Province name property specifies a state or province."
+ )]
+ string StateOrProvince[];
+
+ [Description (
+ "The Street address property specifies a site for the "
+ "local distribution and physical delivery in a postal "
+ "address, i.e. the street name, place, avenue, and the "
+ "number." ),
+ MaxLen ( 128 )]
+ string Street[];
+
+ [Description (
+ "The TelephoneNumber property specifies a telephone "
+ "number of the role occupants, e.g. + 44 582 10101)." ),
+ MaxLen ( 32 )]
+ string TelephoneNumber[];
+
+ [Description (
+ "The TeletexTerminalIdentifier property specifies the "
+ "Teletex terminal identifier (and, optionally, "
+ "parameters) for a teletex terminal associated with the "
+ "role occupants." )]
+ string TeletexTerminalIdentifier[];
+
+ [Description (
+ "The TelexNumber property specifies the telex number, "
+ "country code, and answerback code of a telex terminal "
+ "for the role occupants." )]
+ string TelexNumber[];
+
+ [Description ( "An X.121 address for the role occupants." ),
+ MaxLen ( 15 )]
+ string X121Address[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_Person.mof b/Schemas/CIM236/DMTF/User/CIM_Person.mof
new file mode 100644
index 0000000..fe325de
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_Person.mof
@@ -0,0 +1,106 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "The Person class is used to represent people, and holds their "
+ "white and yellow pages data. The class is defined so as to "
+ "incorporate commonly-used LDAP attributes to permit "
+ "implementations to easily derive this information from "
+ "LDAP-accessible directories. This class\'s properties are a "
+ "subset of a related class, OtherPersonInformation, which "
+ "defines all the group properties and in array form for "
+ "directory compatibility." )]
+class CIM_Person : CIM_UserContact {
+
+ [Description (
+ "This property describes the kind of business performed "
+ "by an organization." ),
+ MaxLen ( 128 )]
+ string BusinessCategory;
+
+ [Required, Description (
+ "A CommonName is a (possibly ambiguous) name by which the "
+ "Person is commonly known in some limited scope (such as "
+ "an organization) and conforms to the naming conventions "
+ "of the country or culture with which it is associated." )]
+ string CommonName;
+
+ [Description (
+ "Based on inetOrgPerson, the EmployeeNumber property "
+ "specifies a numeric or an alphanumeric identifier "
+ "assigned to a person." )]
+ string EmployeeNumber;
+
+ [Description (
+ "Based on inetOrgPerson, the EmployeeType property is "
+ "used to identify the employer to employee relationship. "
+ "Typical values used may include \'Contractor\', "
+ "\'Employee\', \'Intern\', \'Temp\', \'External\', and "
+ "\'Unknown\' but any value may be used." )]
+ string EmployeeType;
+
+ [Description ( "The person\'s facsimile telephone number." )]
+ string FacsimileTelephoneNumber;
+
+ [Description (
+ "Based on RFC1274, the HomePhone property specifies a "
+ "home telephone number for the person, e.g. + 44 582 "
+ "10101)." ),
+ MaxLen ( 32 )]
+ string HomePhone;
+
+ [Description (
+ "The HomePostalAddress property values specify the home "
+ "address information required for the physical delivery "
+ "of postal messages by the postal authority." )]
+ string HomePostalAddress[];
+
+ [Description (
+ "From inetOrgPerson, the JPEGPhoto property values may be "
+ "used for one or more images of a person using the JPEG "
+ "File Interchange Format." )]
+ string JPEGPhoto;
+
+ [Description (
+ "The person\'s manager within the organization. In the "
+ "case of an LDAP-derived instance, the Manager property "
+ "value may contain the distinguished name of the Manager." )]
+ string Manager;
+
+ [Description (
+ "Based on RFC1274, the Mobile phone property specifies a "
+ "mobile telephone number for the person, e.g. + 44 582 "
+ "10101)." ),
+ MaxLen ( 32 )]
+ string Mobile;
+
+ [Description (
+ "The name of an organizational unit related to the person." )]
+ string OU;
+
+ [Description (
+ "Based on RFC1274, the Pager property specifies a pager "
+ "telephone number for the person, e.g. + 44 582 10101)." ),
+ MaxLen ( 32 )]
+ string Pager;
+
+ [Description (
+ "Based on inetOrgPerson, the person\'s preferred written "
+ "or spoken language." )]
+ string PreferredLanguage;
+
+ [Description (
+ "Based on RFC1274, the Secretary property may be used to "
+ "specify a secretary for the person. In the case of an "
+ "LDAP-derived object instance, the value may be a "
+ "distinguished name." )]
+ string Secretary;
+
+ [Description (
+ "The Title property may be used to specify the person\'s "
+ "designated position or function of the object within an "
+ "organization, e.g., Manager, Vice-President, etc." )]
+ string Title;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_Privilege.mof b/Schemas/CIM236/DMTF/User/CIM_Privilege.mof
new file mode 100644
index 0000000..c546ce8
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_Privilege.mof
@@ -0,0 +1,174 @@
+// Copyright (c) 2008 DMTF. All rights reserved.
+ [Version ( "2.20.0" ),
+ UMLPackagePath ( "CIM::User::Privilege" ),
+ Description (
+ "Privilege is the base class for all types of activities which "
+ "are granted or denied by a Role or an Identity. Whether an "
+ "individual Privilege is granted or denied is defined using the "
+ "PrivilegeGranted boolean. Any Privileges not specifically "
+ "granted are assumed to be denied. An explicit deny (Privilege "
+ "Granted = FALSE) takes precedence over any granted Privileges. \n"
+ "\n"
+ "The association of subjects (Roles and Identities) to "
+ "Privileges is accomplished using policy or explicitly via the "
+ "associations on a subclass. The entities that are protected "
+ "(targets) can be similarly defined. \n"
+ "\n"
+ "Note that Privileges may be inherited through hierarchical "
+ "Roles, or may overlap. For example, a Privilege denying any "
+ "instance Writes in a particular CIM Server Namespace would "
+ "overlap with a Privilege defining specific access rights at an "
+ "instance level within that Namespace. In this example, the "
+ "AuthorizedSubjects are either Identities or Roles, and the "
+ "AuthorizedTargets are a Namespace in the former case, and a "
+ "particular instance in the latter." )]
+class CIM_Privilege : CIM_ManagedElement {
+
+ [Key, Override ( "InstanceID" ),
+ Description (
+ "Within the scope of the instantiating Namespace, "
+ "InstanceID opaquely and uniquely identifies an instance "
+ "of this class. In order to ensure uniqueness within the "
+ "NameSpace, the value of InstanceID SHOULD be constructed "
+ "using the following \'preferred\' algorithm: \n"
+ "<OrgID>:<LocalID> \n"
+ "Where <OrgID> and <LocalID> are separated by a colon "
+ "\':\', and where <OrgID> MUST include a copyrighted, "
+ "trademarked or otherwise unique name that is owned by "
+ "the business entity creating/defining the InstanceID, or "
+ "is a registered ID that is assigned to the business "
+ "entity by a recognized global authority. (This is "
+ "similar to the <Schema Name>_<Class Name> structure of "
+ "Schema class names.) In addition, to ensure uniqueness "
+ "<OrgID> MUST NOT contain a colon (\':\'). When using "
+ "this algorithm, the first colon to appear in InstanceID "
+ "MUST appear between <OrgID> and <LocalID>. \n"
+ "<LocalID> is chosen by the business entity and SHOULD "
+ "not be re-used to identify different underlying "
+ "(real-world) elements. If the above \'preferred\' "
+ "algorithm is not used, the defining entity MUST assure "
+ "that the resultant InstanceID is not re-used across any "
+ "InstanceIDs produced by this or other providers for this "
+ "instance\'s NameSpace. For DMTF defined instances, the "
+ "\'preferred\' algorithm MUST be used with the <OrgID> "
+ "set to \'CIM\'." )]
+ string InstanceID;
+
+ [Description (
+ "Boolean indicating whether the Privilege is granted "
+ "(TRUE) or denied (FALSE). The default is to grant "
+ "permission." )]
+ boolean PrivilegeGranted = true;
+
+ [Description (
+ "An enumeration indicating the activities that are "
+ "granted or denied. These activities apply to all "
+ "entities specified in the ActivityQualifiers array. The "
+ "values in the enumeration are straightforward except for "
+ "one, 4=\"Detect\". This value indicates that the "
+ "existence or presence of an entity may be determined, "
+ "but not necessarily specific data (which requires the "
+ "Read privilege to be true). This activity is exemplified "
+ "by \'hidden files\'- if you list the contents of a "
+ "directory, you will not see hidden files. However, if "
+ "you know a specific file name, or know how to expose "
+ "hidden files, then they can be \'detected\'. Another "
+ "example is the ability to define search privileges in "
+ "directory implementations." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "..", "16000.." },
+ Values { "Other", "Create", "Delete", "Detect", "Read",
+ "Write", "Execute", "DMTF Reserved", "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }]
+ uint16 Activities[];
+
+ [Description (
+ "The ActivityQualifiers property is an array of string "
+ "values used to further qualify and specify the "
+ "privileges granted or denied. For example, it is used to "
+ "specify a set of files for which \'Read\'/\'Write\' "
+ "access is permitted or denied. Or, it defines a class\' "
+ "methods that may be \'Executed\'. Details on the "
+ "semantics of the individual entries in "
+ "ActivityQualifiers are provided by corresponding entries "
+ "in the QualifierFormats array." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence { "CIM_Privilege.Activities",
+ "CIM_Privilege.QualifierFormats" }]
+ string ActivityQualifiers[];
+
+ [Description (
+ "Defines the semantics of corresponding entries in the "
+ "ActivityQualifiers array. An example of each of these "
+ "\'formats\' and their use follows: \n"
+ "- 2=Class Name. Example: If the authorization target is "
+ "a CIM Service or a Namespace, then the "
+ "ActivityQualifiers entries can define a list of classes "
+ "that the authorized subject is able to create or delete. \n"
+ "- 3=<Class.>Property. Example: If the authorization "
+ "target is a CIM Service, Namespace or Collection of "
+ "instances, then the ActivityQualifiers entries can "
+ "define the class properties that may or may not be "
+ "accessed. In this case, the class names are specified "
+ "with the property names to avoid ambiguity - since a CIM "
+ "Service, Namespace or Collection could manage multiple "
+ "classes. On the other hand, if the authorization target "
+ "is an individual instance, then there is no possible "
+ "ambiguity and the class name may be omitted. To specify "
+ "ALL properties, the wildcard string \"*\" should be "
+ "used. \n"
+ "- 4=<Class.>Method. This example is very similar to the "
+ "Property one, above. And, as above, the string \"*\" may "
+ "be specified to select ALL methods. \n"
+ "- 5=Object Reference. Example: If the authorization "
+ "target is a CIM Service or Namespace, then the "
+ "ActivityQualifiers entries can define a list of object "
+ "references (as strings) that the authorized subject can "
+ "access. \n"
+ "- 6=Namespace. Example: If the authorization target is a "
+ "CIM Service, then the ActivityQualifiers entries can "
+ "define a list of Namespaces that the authorized subject "
+ "is able to access. \n"
+ "- 7=URL. Example: An authorization target may not be "
+ "defined, but a Privilege could be used to deny access to "
+ "specific URLs by individual Identities or for specific "
+ "Roles, such as the \'under 17\' Role. \n"
+ "- 8=Directory/File Name. Example: If the authorization "
+ "target is a FileSystem, then the ActivityQualifiers "
+ "entries can define a list of directories and files whose "
+ "access is protected. \n"
+ "- 9=Command Line Instruction. Example: If the "
+ "authorization target is a ComputerSystem or Service, "
+ "then the ActivityQualifiers entries can define a list of "
+ "command line instructions that may or may not be "
+ "\'Executed\' by the authorized subjects. \n"
+ "- 10=SCSI Command, using a format of \'CDB=xx[,Page=pp]\'. "
+ "For example, the ability to select the VPD page of the "
+ "Inquiry command is encoded as \'CDB=12,Page=83\' in the "
+ "corresponding ActivityQualifiers entry. A \'*\' may be "
+ "used to indicate all CDBs or Page numbers. \n"
+ "- 11=Packets. Example: The transmission of packets is "
+ "permitted or denied by the Privilege for the target (a "
+ "ComputerSystem, ProtocolEndpoint, Pipe, or other "
+ "ManagedSystemElement)." ),
+ ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11", "..", "16000.." },
+ Values { "Class Name", "<Class.>Property", "<Class.>Method",
+ "Object Reference", "Namespace", "URL",
+ "Directory/File Name", "Command Line Instruction",
+ "SCSI Command", "Packets", "DMTF Reserved",
+ "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }]
+ uint16 QualifierFormats[];
+
+ [Description (
+ "The RepresentsAuthorizationRights flag indicates whether "
+ "the rights defined by this instance should be "
+ "interpreted as rights of Subjects to access Targets or "
+ "as rights of Subjects to change those rights on/for "
+ "Targets." )]
+ boolean RepresentsAuthorizationRights = false;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementCapabilities.mof b/Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementCapabilities.mof
new file mode 100644
index 0000000..7039a0f
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementCapabilities.mof
@@ -0,0 +1,84 @@
+// Copyright (c) 2008 DMTF. All rights reserved.
+ [Version ( "2.18.0" ),
+ UMLPackagePath ( "CIM::User::Privilege" ),
+ Description (
+ "A subclass of Capabilities that defines the capabilities of "
+ "the Privilege Management Service." )]
+class CIM_PrivilegeManagementCapabilities : CIM_Capabilities {
+
+ [Description (
+ "Set to TRUE if this PrivilegeManagementService supports "
+ "association of multiple subjects or targets to a "
+ "particular Privilege. If False, the AssignAccess method "
+ "supports at most one entry each in the Subjects and "
+ "Targets parameters." )]
+ boolean SharedPrivilegeSupported = false;
+
+ [Description (
+ "A super set of activities that could be granted or "
+ "denied to a role or an identity by the associated "
+ "privileges. The Activities property of the instances of "
+ "CIM_Privilege that are associated to the role or the "
+ "identity MUST contain only the values enumerated in the "
+ "ActivitiesSupported array property. The supported "
+ "activities apply to all entities specified in the "
+ "ActivityQualifiersSupported array. Refer to the "
+ "CIM_Privilege.Activities property for the detailed "
+ "description of values." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "..", "16000.." },
+ Values { "Other", "Create", "Delete", "Detect", "Read",
+ "Write", "Execute", "DMTF Reserved", "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementCapabilities.ActivityQualifiersSupported" }]
+ uint16 ActivitiesSupported[];
+
+ [Description (
+ "The ActivityQualifiersSupported property is an array of "
+ "string values used to further qualify and specify the "
+ "supported activities of privileges. The "
+ "ActivityQualifiers property of the instances of "
+ "CIM_Privilege that are associated to the role or the "
+ "identity MUST contain only the values enumerated in the "
+ "ActivityQualifiersSupported array property. Details on "
+ "the semantics of the individual entries in "
+ "ActivityQualifiersSupported are provided by "
+ "corresponding entries in the QualifierFormatsSupported "
+ "array. Refer to the CIM_Privilege.ActivityQualifiers "
+ "property for the detailed description of values." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementCapabilities.ActivitiesSupported",
+ "CIM_Privilege.QualifierFormats" }]
+ string ActivityQualifiersSupported[];
+
+ [Description (
+ "Defines the semantics of corresponding entries in the "
+ "ActivityQualifierSupported array. The QualifierSupported "
+ "property of the instances of CIM_Privilege that are "
+ "associated to the role or the identity MUST contain only "
+ "the values enumerated in the QualifierSupported array "
+ "property. Refer to the CIM_Privilege.QualifierSupported "
+ "property for the detailed description of values." ),
+ ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11", "..", "16000.." },
+ Values { "Class Name", "<Class.>Property", "<Class.>Method",
+ "Object Reference", "Namespace", "URL",
+ "Directory/File Name", "Command Line Instruction",
+ "SCSI Command", "Packets", "DMTF Reserved",
+ "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }]
+ uint16 QualifierFormatsSupported[];
+
+ [Description (
+ "Each enumeration corresponds to support for the "
+ "like-named method of the PrivilegeManagementService." ),
+ ValueMap { "0", "1", "2", "3", "4..40", "..", "0x8000.." },
+ Values { "ChangeAccess", "ShowAccess", "AssignAccess",
+ "RevokeAccess", "DMTF Role Reserved", "DMTF Reserved",
+ "Vendor Specific" }]
+ uint16 SupportedMethods[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementService.mof b/Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementService.mof
new file mode 100644
index 0000000..56ae667
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementService.mof
@@ -0,0 +1,290 @@
+// Copyright (c) 2008 DMTF. All rights reserved.
+ [Version ( "2.20.0" ),
+ UMLPackagePath ( "CIM::User::PrivilegeManagementService" ),
+ Description (
+ "The PrivilegeManagementService is responsible for creating, "
+ "deleting, and associating AuthorizedPrivilege instances. "
+ "References to \'subject\' and \'target\' define the entities "
+ "that are associated with an AuthorizedPrivilege instance via "
+ "the relationships, AuthorizedSubject and AuthorizedTarget, "
+ "respectively. When created, an AuthorizedPrivilege instance is "
+ "related to this (PrivilegeManagement)Service via the "
+ "association, ConcreteDependency." )]
+class CIM_PrivilegeManagementService : CIM_AuthorizationService {
+
+
+ [Description (
+ "When this method is called, a provider updates the "
+ "specified Subject\'s rights to the Target according to "
+ "the parameters of this call. The rights are modeled via "
+ "an AuthorizedPrivilege instance. If an "
+ "AuthorizedPrivilege instance is created as a result of "
+ "this call, it MUST be linked to the Subject and Target "
+ "via the AuthorizedSubject and AuthorizedTarget "
+ "associations, respectively. When created, the "
+ "AuthorizedPrivilege instance is associated to this "
+ "PrivilegeManagementService via ConcreteDependency. If "
+ "the execution of this call results in no rights between "
+ "the Subject and Target, then they MUST NOT be linked to "
+ "a particular AuthorizedPrivilege instance via "
+ "AuthorizedSubject and AuthorizedTarget respectively. \n"
+ "\n"
+ "Note that regardless of whether specified via parameter, "
+ "or template, the Activities, ActivityQualifiers and "
+ "QualifierFormats, are mutually indexed. Also note that "
+ "Subject and Target references MUST be supplied. \n"
+ "\n"
+ "The successful completion of the method SHALL create any "
+ "necessary AuthorizedSubject, AuthorizedTarget, "
+ "AuthorizedPrivilege, HostedDependency, and "
+ "ConcreteDependency instances." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
+ "16001", "16002", "16003", "16004", "16005..31999",
+ "32000..65535" },
+ Values { "Success", "Not Supported", "Unspecified Error",
+ "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
+ "Unsupported Subject", "Unsupported Privilege",
+ "Unsupported Target", "Authorization Error",
+ "NULL not supported", "Method Reserved", "Vendor Specific" }]
+ uint32 AssignAccess(
+ [Required, IN, Description (
+ "The Subject parameter is a reference to a "
+ "ManagedElement instance. This parameter MUST be "
+ "supplied." )]
+ CIM_ManagedElement REF Subject,
+ [IN, Description (
+ "MUST be NULL unless Privilege is NULL on input. "
+ "The PrivilegeGranted flag indicates whether the "
+ "rights defined by the parameters in this call "
+ "should be granted or denied to the named "
+ "Subject/Target pair." ),
+ ModelCorrespondence {
+ "CIM_AuthorizedPrivilege.PrivilegeGranted",
+ "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
+ boolean PrivilegeGranted,
+ [IN, Description (
+ "MUST be NULL unless the Privilege is NULL on "
+ "input. This parameter specifies the activities to "
+ "be granted or denied." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "..",
+ "16000..65535" },
+ Values { "Other", "Create", "Delete", "Detect", "Read",
+ "Write", "Execute", "DMTF Reserved",
+ "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AuthorizedPrivilege.Activities",
+ "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
+ uint16 Activities[],
+ [IN, Description (
+ "MUST be NULL unless Privilege is NULL on input. "
+ "This parameter defines the activity qualifiers for "
+ "the Activities to be granted or denied." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AuthorizedPrivilege.ActivityQualifers",
+ "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
+ string ActivityQualifiers[],
+ [IN, Description (
+ "MUST be NULL unless Privilege is NULL on input. "
+ "This parameter defines the qualifier formats for "
+ "the corresponding ActivityQualifiers." ),
+ ValueMap { "2", "3", "4", "5", "6", "7", "8", "9",
+ "10..15999", "16000..65535" },
+ Values { "Class Name", "<Class.>Property",
+ "<Class.>Method", "Object Reference", "Namespace",
+ "URL", "Directory/File Name",
+ "Command Line Instruction", "DMTF Reserved",
+ "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AuthorizedPrivilege.QualifierFormats",
+ "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
+ uint16 QualifierFormats[],
+ [Required, IN, Description (
+ "The Target parameter is a reference to an instance "
+ "of ManagedElement. This parameter MUST be "
+ "supplied." )]
+ CIM_ManagedElement REF Target,
+ [IN, OUT, Description (
+ "On input, this reference MUST be either NULL or "
+ "refer to an instance of AuthorizedPrivilege that "
+ "is used as a template. The rights granted by "
+ "corresponding entries in the Activities, "
+ "ActivityQualifiers and QualifierFormats array "
+ "properties are applied incrementally and do not "
+ "affect unnamed rights. If the property, "
+ "PrivilegeGranted, is false, then the named rights "
+ "are removed. If PrivilegeGranted is True, then the "
+ "named rights are added. (Note that the "
+ "RemoveAccess method SHOULD be used to completely "
+ "remove all privileges between a subject and a "
+ "target. On output, this property references an "
+ "AuthorizedPrivilege instance that represents the "
+ "resulting rights between the named Subject and the "
+ "named Target. AuthorizedPrivilege instances used "
+ "as a templates in this property SHOULD have a "
+ "HostedDependency association to the "
+ "PriviligeManagementService and SHOULD NOT have any "
+ "AuthorizedTarget or AuthorizedSubject associations "
+ "to it." )]
+ CIM_AuthorizedPrivilege REF Privilege);
+
+ [Description (
+ "This method revokes a specific AuthorizedPrivilege or "
+ "all privileges for a particular target, subject, or "
+ "subject/target pair. If an AuthorizedPrivilege instance "
+ "is left with no AuthorizedTarget associations, it SHOULD "
+ "be deleted. The successful completion of the method "
+ "SHALL remove the directly or indirectly requested "
+ "AuthorizedSubject, AuthorizedTarget and "
+ "AuthorizedPrivilege instances." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
+ "16001", "16002", "16003", "16004..32767", "32768..65535" },
+ Values { "Success", "Not Supported", "Unspecified Error",
+ "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
+ "Unsupported Privilege", "Unsupported Target",
+ "Authorization Error", "Null parameter not supported",
+ "Method Reserved", "Vendor Specific" }]
+ uint32 RemoveAccess(
+ [IN, Description (
+ "The Subject parameter is a reference to a "
+ "ManagedElement instance (associated via "
+ "AuthorizedSubject) for which privileges are to be "
+ "revoked." )]
+ CIM_ManagedElement REF Subject,
+ [IN, Description (
+ "A reference to the AuthorizedPrivilege to be revoked."
+ )]
+ CIM_AuthorizedPrivilege REF Privilege,
+ [IN, Description (
+ "The Target parameter is a reference to a "
+ "ManagedElement (associated via AuthorizedTarget) "
+ "which will no longer be protected via the "
+ "AuthorizedPrivilege." )]
+ CIM_ManagedElement REF Target);
+
+ [Description (
+ "ShowAccess reports the Privileges (i.e., rights) granted "
+ "to a particular Subject and/or Target pair. Either a "
+ "Subject, a Target or both MUST be specified. In the case "
+ "where only one is specified, the method will return all "
+ "rights to all Targets for the specified Subject, or all "
+ "rights for all subjects which apply to the specified "
+ "Target. \n"
+ "\n"
+ "ShowAccess returns the cumulative rights granted between "
+ "the OutSubjects and OutTargets at the same array index "
+ "(filtered to return the information that the requestor "
+ "is authorized to view). If a specific array entry is "
+ "NULL, then there exist NO rights that the requestor is "
+ "authorized to view between the Subject/Target pair. \n"
+ "\n"
+ "Note that the Privileges returned by this method MAY NOT "
+ "correspond to what is actually instantiated in the "
+ "model, and MAY be optimized for ease of reporting. "
+ "Hence, the data is passed \'by value\', as embedded "
+ "objects. Also, note that multiple Privileges MAY be "
+ "defined for a given Subject/Target pair. \n"
+ "\n"
+ "Other mechanisms MAY also be used to retrieve this "
+ "information. CIM Operations\' EnumerateInstances MAY be "
+ "used to return all Privileges currently instantiated "
+ "within a namespace. Also, if the AuthorizedPrivilege "
+ "subclass is instantiated, the CIM Operation Associators "
+ "MAY be used to navigate from the Privilege to "
+ "AuthorizedSubjects and AuthorizedTargets. These CIM "
+ "Operations will not generally provide the functionality "
+ "or optimizations available with ShowAccess." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "..", "16000",
+ "16002", "16003", "16004", "16005..31999", "32000..65535" },
+ Values { "Success", "Not Supported", "Unknown", "Timeout",
+ "Failed", "Invalid Parameter", "DMTF Reserved",
+ "Unsupported Subject", "Unsupported Target",
+ "Authorization Error", "NULL not supported",
+ "Method Reserved", "Vendor Specific" }]
+ uint32 ShowAccess(
+ [IN, Description (
+ "The Subject parameter references an instance of "
+ "ManagedElement. The result of this operation is "
+ "that the cumulative rights of the Subject to "
+ "access or define authorization rights for the "
+ "Target will be reported. If no Subject is "
+ "specified, then a Target MUST be supplied and ALL "
+ "Subjects that have rights to access or define "
+ "authorizations for the Target will be reported. "
+ "(It should be noted that the information reported "
+ "MUST be filtered by the rights of the requestor to "
+ "view that data.) If the Subject element is a "
+ "Collection, then the operation will specifically "
+ "report the Privileges for all elements associated "
+ "to the Collection via MemberOfCollection. These "
+ "elements will be reported individually in the "
+ "returned OutSubjects array." ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.Target" }]
+ CIM_ManagedElement REF Subject,
+ [IN, Description (
+ "The Target parameter references an instance of "
+ "ManagedElement. The result of this operation is "
+ "that the cumulative rights of the Subject to "
+ "access or define authorization rights for the "
+ "Target will be reported. If no Target is "
+ "specified, then a Subject MUST be supplied and ALL "
+ "Targets for which that the Subject has rights to "
+ "access or define authorization will be reported. "
+ "(It should be noted that the information reported "
+ "MUST be filtered by the rights of the requestor to "
+ "view that data.) If the Target element is a "
+ "Collection, then the operation will be applied to "
+ "all elements associated to the Collection via "
+ "MemberOfCollection. These elements will be "
+ "reported individually in the returned OutTargets "
+ "array." ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.Subject" }]
+ CIM_ManagedElement REF Target,
+ [IN ( false ), OUT, Description (
+ "The array of Subject REFs corresponding to the "
+ "individual Privileges and OutTargets arrays. The "
+ "resulting OutSubjects, Privileges and OutTargets "
+ "arrays define the cumulative rights granted "
+ "between the Subject/Target at the corresponding "
+ "index (filtered to return the information that the "
+ "requestor is authorized to view)." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.Subject",
+ "CIM_PrivilegeManagementService.ShowAccess.Privileges",
+ "CIM_PrivilegeManagementService.ShowAccess.OutTargets" }]
+ CIM_ManagedElement REF OutSubjects[],
+ [IN ( false ), OUT, Description (
+ "The array of Target REFs corresponding to the "
+ "individual Privileges and OutSubjects arrays. The "
+ "resulting OutSubjects, Privileges and OutTargets "
+ "arrays define the cumulative rights granted "
+ "between the Subject/Target at the corresponding "
+ "index (filtered to return the information that the "
+ "requestor is authorized to view)." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.Target",
+ "CIM_PrivilegeManagementService.ShowAccess.Privileges",
+ "CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }]
+ CIM_ManagedElement REF OutTargets[],
+ [IN ( false ), OUT, Description (
+ "The returned Privilege objects represent the "
+ "cumulative rights granted between the OutSubjects "
+ "and OutTargets at the same array index (filtered "
+ "to return the information that the requestor is "
+ "authorized to view). If a specific array entry is "
+ "NULL, then there exist NO rights that the "
+ "requestor is authorized to view between the "
+ "Subject/Target pair." ),
+ EmbeddedObject, ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.OutTargets",
+ "CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }]
+ string Privileges[]);
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_PublicKeyCertificate.mof b/Schemas/CIM236/DMTF/User/CIM_PublicKeyCertificate.mof
new file mode 100644
index 0000000..53ff1b3
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_PublicKeyCertificate.mof
@@ -0,0 +1,51 @@
+// Copyright (c) 2012 DMTF. All rights reserved.
+ [Version ( "2.31.1" ),
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "A PublicKeyCertificate is a credential that is "
+ "cryptographically signed by a trusted Certificate Authority "
+ "(CA) and issued to an authenticated entity (e.g., human user, "
+ "service, etc.) called the Subject in the certificate. The "
+ "public key in the certificate is cryptographically related to "
+ "a private key that is held and kept private by the "
+ "authenticated Subject. The certificate and its related private "
+ "key can then be used for establishing trust relationships and "
+ "securing communications with the Subject. Refer to the "
+ "ITU/CCITT X.509 standard as an example of such certificates." )]
+class CIM_PublicKeyCertificate : CIM_SignedCredential {
+
+ [Deprecated { "CIM_SignedCredential.InstanceID" },
+ Required, Description ( "The scoping System\'s CCN." ),
+ MaxLen ( 256 )]
+ string SystemCreationClassName;
+
+ [Deprecated { "CIM_SignedCredential.InstanceID" },
+ Required, Description ( "The scoping System\'s Name." ),
+ MaxLen ( 256 )]
+ string SystemName;
+
+ [Deprecated { "CIM_SignedCredential.InstanceID" },
+ Required, Description ( "The scoping Service\'s CCN." ),
+ MaxLen ( 256 )]
+ string ServiceCreationClassName;
+
+ [Deprecated { "CIM_SignedCredential.InstanceID" },
+ Required, Description ( "The scoping Service\'s Name." ),
+ MaxLen ( 256 )]
+ string ServiceName;
+
+ [Required, Description ( "Certificate subject identifier." ),
+ MaxLen ( 256 )]
+ string Subject;
+
+ [Description (
+ "Alternate subject identifier for the Certificate." ),
+ MaxLen ( 256 )]
+ string AltSubject;
+
+ [Description ( "The DER-encoded raw public key." ),
+ OctetString]
+ uint8 PublicKey[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_PublicKeyManagementService.mof b/Schemas/CIM236/DMTF/User/CIM_PublicKeyManagementService.mof
new file mode 100644
index 0000000..360ffda
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_PublicKeyManagementService.mof
@@ -0,0 +1,11 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "CIM_PublicKeyManagementService is a credential management "
+ "service that provides local system management of public keys "
+ "used by the local system." )]
+class CIM_PublicKeyManagementService : CIM_LocalCredentialManagementService {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_PublicPrivateKeyPair.mof b/Schemas/CIM236/DMTF/User/CIM_PublicPrivateKeyPair.mof
new file mode 100644
index 0000000..39d2a41
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_PublicPrivateKeyPair.mof
@@ -0,0 +1,56 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_AuthenticationCondition" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::UsersAccess" ),
+ Description (
+ "This relationship associates a PublicKeyCertificate with the "
+ "Principal who has the PrivateKey used with the PublicKey. The "
+ "PrivateKey is not modeled, since it is not a data element that "
+ "ever SHOULD be accessible via management applications, other "
+ "than key recovery services, which are outside our scope. \n"
+ "\n"
+ "Since the UsersAccess class and this association\'s superclass "
+ "are deprecated, this association is also deprecated. There is "
+ "no need to have a special subclass for public-private "
+ "credentials. This is especially true since the properties of "
+ "the association describe aspects of the certificate and its "
+ "handling. The latter is currently out of scope for the model." )]
+class CIM_PublicPrivateKeyPair : CIM_UsersCredential {
+
+ [Deprecated { "CIM_AuthenticationCondition" },
+ Override ( "Antecedent" ),
+ Description ( "The public key certificate." )]
+ CIM_PublicKeyCertificate REF Antecedent;
+
+ [Deprecated { "CIM_Identity" },
+ Override ( "Dependent" ),
+ Description (
+ "The Principal holding the private key (that corresponds "
+ "to the public key." )]
+ CIM_UsersAccess REF Dependent;
+
+ [Deprecated { "No value" },
+ Description (
+ "The Certificate may be used for signature only or for "
+ "confidentiality as well as signature." ),
+ ValueMap { "0", "1" },
+ Values { "SignOnly", "ConfidentialityOrSignature" }]
+ uint16 Use;
+
+ [Deprecated { "No value" },
+ Description (
+ "Indicates if the certificate canNOT be repudiated." )]
+ boolean NonRepudiation;
+
+ [Deprecated { "No value" },
+ Description (
+ "Indicates if the certificate can be backed up." )]
+ boolean BackedUp;
+
+ [Deprecated { "No value" },
+ Description (
+ "The repository in which the certificate is backed up." )]
+ string Repository;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_RequireCredentialsFrom.mof b/Schemas/CIM236/DMTF/User/CIM_RequireCredentialsFrom.mof
new file mode 100644
index 0000000..a464687
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_RequireCredentialsFrom.mof
@@ -0,0 +1,33 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_AuthenticationCondition",
+ "CIM_AuthenticationRule" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::AuthenticationReqmt" ),
+ Description (
+ "CIM_RequireCredentialsFrom is an association used to require "
+ "that credentials are issued by particular CredentialManagement "
+ "Services in order to authenticate a user. This association is "
+ "deprecated in lieu of explicit declaration of the "
+ "AuthenticationConditions in an AuthenticationRule. Instances "
+ "of AuthenticationCondition describe the specific combinations "
+ "of credentials (or alternative credentials) that are required "
+ "to authenticate an Identity. This allows a more explicit and "
+ "flexible description of authentication requirements." )]
+class CIM_RequireCredentialsFrom : CIM_Dependency {
+
+ [Deprecated { "CIM_AuthenticationCondition" },
+ Override ( "Antecedent" ),
+ Description (
+ "CredentialManagementService from which credentials are "
+ "accepted for the associated AuthenticationRequirement." )]
+ CIM_CredentialManagementService REF Antecedent;
+
+ [Deprecated { "CIM_AuthenticationRule" },
+ Override ( "Dependent" ),
+ Description (
+ "AuthenticationRequirement that limits acceptable credentials."
+ )]
+ CIM_AuthenticationRequirement REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_Role.mof b/Schemas/CIM236/DMTF/User/CIM_Role.mof
new file mode 100644
index 0000000..dd2781e
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_Role.mof
@@ -0,0 +1,87 @@
+// Copyright (c) 2008 DMTF. All rights reserved.
+ [Version ( "2.18.0" ),
+ UMLPackagePath ( "CIM::User::Role" ),
+ Description (
+ "The Role object class is used to represent a position or set "
+ "of responsibilities within an organization, organizational "
+ "unit or other scope, and MAY be filled by a person or persons "
+ "(or non-human entities represented by ManagedSystemElement "
+ "subclasses) - i.e., the \'role occupants\'. The latter MAY be "
+ "explicitly associated to a Role, by associating Identities "
+ "using MemberOfCollection. The \'position or set of "
+ "responsibilities\' of a Role are represented as a set of "
+ "rights defined by instances of the Privilege class, and are "
+ "also associated to the Role via MemberOfCollection. If "
+ "Identities are not explicitly associated, instances of "
+ "AuthorizationRule MUST be associated with a Role using "
+ "AuthorizationRuleAppliesToRole. The rule defines how subject "
+ "entities are authorized for a Role and to which target "
+ "entities the Role applies. \n"
+ "\n"
+ "The Role class is defined so as to incorporate commonly-used "
+ "LDAP attributes to permit implementations to easily derive "
+ "this information from LDAP-accessible directories. This "
+ "class\'s properties are a subset of a related class, "
+ "OtherRoleInformation, which defines all the group properties "
+ "and uses arrays for directory compatibility." )]
+class CIM_Role : CIM_Collection {
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Description (
+ "The Name property defines the label by which the object "
+ "is known. In the case of an LDAP-derived instance, the "
+ "Name property value may be set to the distinguished name "
+ "of the LDAP-accessed object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "This property may be used to describe the kind of "
+ "business activity performed by the members (role "
+ "occupants) in the position or set of responsibilities "
+ "represented by the Role." ),
+ MaxLen ( 128 )]
+ string BusinessCategory;
+
+ [Required, Description (
+ "A Common Name is a (possibly ambiguous) name by which "
+ "the role is commonly known in some limited scope (such "
+ "as an organization) and conforms to the naming "
+ "conventions of the country or culture with which it is "
+ "associated." )]
+ string CommonName;
+
+ [Description (
+ "RoleCharacteristics provides descriptive information "
+ "about the intended usage of the Role.\n"
+ "When the value 2 \"Static\" is specified, no "
+ "modification to the role shall be allowed. Any requests "
+ "by client to change the privileges or the scope of the "
+ "role by modifying the associated instances of "
+ "CIM_Privilege or referencing associations shall fail.\n"
+ "When the value 2 \"Static\" is not specified, the "
+ "instance of CIM_Role may be modified by a client. The "
+ "modification may include changing the scope of the role "
+ "or rights granted. When the value 3 \"Opaque\" is "
+ "specified, the rights granted by the CIM_Role instance "
+ "shall not be explicitly modeled through aggregation of "
+ "instances of CIM_Privilege.\n"
+ "When the value 3 \"Opaque\" is not specified, the rights "
+ "granted by the instance of CIM_Role shall be explicitly "
+ "modeled through aggregation of instances of "
+ "CIM_Privilege." ),
+ ValueMap { "2", "3", "..", "32000..65535" },
+ Values { "Static", "Opaque", "DMTF Reserved",
+ "Vendor Specific" }]
+ uint16 RoleCharacteristics[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_RoleBasedAuthorizationService.mof b/Schemas/CIM236/DMTF/User/CIM_RoleBasedAuthorizationService.mof
new file mode 100644
index 0000000..faae2fa
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_RoleBasedAuthorizationService.mof
@@ -0,0 +1,179 @@
+// Copyright (c) 2010 DMTF. All rights reserved.
+ [Version ( "2.26.0" ),
+ UMLPackagePath ( "CIM::User::Role" ),
+ Description (
+ "The CIM_RoleBasedAuthorizationService class represents the "
+ "authorization service that manages and configures roles on a "
+ "managed system. The CIM_RoleBasedAuthorizationService is "
+ "responsible for creating, and deleting CIM_Role instances. "
+ "Privileges of the roles are represented through the "
+ "instance(s) of CIM_Privilege class associated to CIM_Role "
+ "instances through the CIM_MemberOfCollection association. As a "
+ "result of creating, and deleting CIM_Role instances the "
+ "CIM_Privilege instances can also be affected. The limiting "
+ "scope of the role is determined by the CIM_RoleLimitedToTarget "
+ "association." )]
+class CIM_RoleBasedAuthorizationService : CIM_PrivilegeManagementService {
+
+
+ [Description (
+ "AssignRoles() removes a security principal from any "
+ "Rolesto which it currently belongs and assigns it to the "
+ "Roles identified by the Roles[] parameter. Upon "
+ "successful completion of the method, the instance of "
+ "CIM_Identity identified by the Identity parameter shall "
+ "be associated to each Role referenced by the Roles "
+ "parameter through the CIM_MemberOfCollection association "
+ "and shall not be associated to an instance of CIM_Role "
+ "unless a reference to it is contained in the Roles "
+ "parameter." ),
+ ValueMap { "0", "1", "2", "..", "32000..65535" },
+ Values { "Success", "Not Supported", "Failed",
+ "Method Reserved", "Vendor Specific" }]
+ uint32 AssignRoles(
+ [Required, IN, Description (
+ "The Identity instance representing the security "
+ "principalwhose role membership is being modified." )]
+ CIM_Identity REF Identity,
+ [Required, IN, Description (
+ "The set of Roles to which the Identity will be "
+ "associated through CIM_MemberOfCollection.If the "
+ "Roles parameter is an empty array, then the "
+ "successful execution of the method will unassign "
+ "all the roles from the identity represented by the "
+ "Identity parameter." )]
+ CIM_Role REF Roles[]);
+
+ [Description (
+ "ModifyRole method modifies the privileges and the scope "
+ "of the specified instance of the targeted CIM_Role "
+ "instance. The call may result in the creation, deletion, "
+ "or modification of CIM_Privilege instances. The call may "
+ "result in the creation and deletion of "
+ "CIM_RoleLimitedTarget association instances." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "..",
+ "32000..65535" },
+ Values { "Success", "Not Supported", "Unknown", "Timeout",
+ "Failed", "Invalid Parameter", "Inappropriate Privilege",
+ "DMTF Reserved", "Vendor Specific" }]
+ uint32 ModifyRole(
+ [IN, Description (
+ "Privileges parameter represents the desired "
+ "privileges for the targeted role. When this "
+ "parameter is non-null, upon successful completion "
+ "of the method, the instances of CIM_Privilege "
+ "associated with the targeted CIM_Role instance "
+ "shall convey equivalent privileges as those "
+ "indicated by the specified embedded CIM_Privilege "
+ "instances. The Privilege parameter is an array of "
+ "elements of CIM_Privilege, encoded as a string "
+ "valued embedded instance parameter. The embedded "
+ "instances allow the client to convey the "
+ "privileges desired for the targeted CIM_Role "
+ "instance. The method may result in the creation, "
+ "deletion, or modification of the CIM_Privilege "
+ "instances. The rights indicated by a CIM_Privilege "
+ "may be revoked by passing the embedded instance of "
+ "CIM_Privilege with PrivilegeGranted property set "
+ "to \"FALSE.\". When the parameter is null, the "
+ "privileges for the CIM_Role shall not be modified." ),
+ EmbeddedInstance ( "CIM_Privilege" )]
+ string Privileges[],
+ [IN, Description (
+ "RoleLimitedToTargets parameter references all of "
+ "the CIM_ManagedElement instances to which the role "
+ "shall be limited. When this parameter is non-null, "
+ "upon successful completion of the method, the "
+ "targeted CIM_Role instanceshall be associated "
+ "through the CIM_RoleLimitedToTarget association "
+ "with only the specified instances of "
+ "CIM_ManagedElement. This may result in the "
+ "creation and deletion of instances of "
+ "CIM_RoleLimitedToTarget. When this parameter is "
+ "null, the set of instances of "
+ "CIM_RoleLimitedToTarget that reference the "
+ "targeted CIM_Role instance shall not be modified." )]
+ CIM_ManagedElement REF RoleLimitedToTargets[],
+ [Required, IN, Description (
+ "Role parameter is the reference to the targeted "
+ "CIM_Role instance for which the privileges will be "
+ "modified." )]
+ CIM_Role REF Role);
+
+ [Description (
+ "ShowRoles reports the Privileges (i.e., rights) granted "
+ "to a particular Subject, for a particular Target, or to "
+ "a particular Subject for a particular Target through "
+ "membership in, or scoping to instances of CIM_Role. The "
+ "Subject parameter, Target parameter, or both shall be "
+ "specified. \n"
+ "When the Subject parameter is specified and the Target "
+ "parameter is not specified, the method shall return all "
+ "of Roles to which the subject is associated through "
+ "CIM_MemberOfCollection. When Target parameter is "
+ "specified and the Subject parameter is not specified, "
+ "the method shall all instances of CIM_Role within whose "
+ "scope the Target Parameter lies.\n"
+ "When the Subject parameter and Target parameter are both "
+ "specified, the method shall return an instance of "
+ "CIM_Role if and only if the Subject Parameter is "
+ "associated to the instance of CIM_Role through "
+ "CIM_MemberOfCollection and the Target Parameter lies "
+ "within the scope of the instance of CIM_Role.\n"
+ "For each instance of CIM_Role returned in the Roles "
+ "parameter, the corresponding index of the Privileges "
+ "parameter may contain an instance of CIM_Privilege. The "
+ "corresponding index of the Privileges parameter may be "
+ "null when rights granted through a CIM_Role are not "
+ "explicitly managed, or when there are not currently any "
+ "instances of CIM_Privilege associated with the CIM_Role "
+ "instance. When the corresponding index of of the "
+ "Privileges parameter is non-null, the embedded instance "
+ "of CIM_Privilege shall reflect the cumulative rights "
+ "granted through membership in the Role. \n"
+ "Each embedded instance of CIM_Role contained in the "
+ "Roles parameter shall correspond to an instrumented "
+ "instance of CIM_Role. Each embedded instance of "
+ "CIM_Privilege contained in the Privileges parameter may "
+ "correspond to an instance of CIM_Privilege associated to "
+ "the corresponding instance of CIM_Role through the "
+ "CIM_MemberOfCollection. However, this is not required. "
+ "Embedded instances of CIM_Role are returned rather than "
+ "References in order to simplify the query operation for "
+ "clients. The properties of the instances of CIM_Role "
+ "provide context to aid a client in selecting which "
+ "instance(s) to modify in order to change the privileges "
+ "of a Subject or for a Target." ),
+ ValueMap { "0", "1", "2", "..", "32000..65535" },
+ Values { "Success", "Not Supported", "Failed",
+ "Method Reserved", "Vendor Specific" }]
+ uint32 ShowRoles(
+ [IN, Description (
+ "The Subject parameter identifies the instance of "
+ "CIM_Identity whose containing instances of "
+ "CIM_Role will be returned." )]
+ CIM_Identity REF Subject,
+ [IN, Description (
+ "The Target parameter identifies an instance of "
+ "CIM_ManagedElement whose scoping instances of "
+ "CIM_Role will be returned." )]
+ CIM_ManagedElement REF Target,
+ [IN ( false ), OUT, Description (
+ "The set of instances of CIM_Role filtered "
+ "according to the Subject and Target parameters." ),
+ EmbeddedInstance ( "CIM_Role" ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.Privileges" }]
+ string Roles[],
+ [IN ( false ), OUT, Description (
+ "The cumulative rights granted through membership "
+ "in the instance of CIM_Role located at the same "
+ "array index in the Roles parameter." ),
+ EmbeddedInstance ( "CIM_Privilege" ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.Roles" }]
+ string Privileges[]);
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_RoleBasedManagementCapabilities.mof b/Schemas/CIM236/DMTF/User/CIM_RoleBasedManagementCapabilities.mof
new file mode 100644
index 0000000..0602870
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_RoleBasedManagementCapabilities.mof
@@ -0,0 +1,28 @@
+// Copyright (c) 2008 DMTF. All rights reserved.
+ [Version ( "2.18.0" ),
+ UMLPackagePath ( "CIM::User::Privilege" ),
+ Description (
+ "A subclass that extends the capabilities of the "
+ "CIM_RoleBasedAuthorizationService." )]
+class CIM_RoleBasedManagementCapabilities : CIM_PrivilegeManagementCapabilities {
+
+ [Override ( "SupportedMethods" ),
+ Description (
+ "The enumeration values \"ChangeAccess\", \"ShowAccess\", "
+ "\"AssignAccess\", \"RevokeAccess\", \"CreateRole\", "
+ "\"ModifyRole\", \"AssignRoles\", \"ShowRoles\", and "
+ "\"DeleteRole\" corresponds to support for the like-named "
+ "method of the RoleBasedAuthorizationService. \n"
+ "The value \"ModifyPrivilege\" corresponds to support for "
+ "directly modifying an instance of CIM_Privilege using an "
+ "intrinsic operation." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
+ "..", "32768..65535" },
+ Values { "ChangeAccess", "ShowAccess", "AssignAccess",
+ "RevokeAccess", "CreateRole", "ModifyRole", "AssignRoles",
+ "ShowRoles", "ModifyPrivilege", "DeleteRole",
+ "DMTF Reserved", "Vendor Reserved" }]
+ uint16 SupportedMethods[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_RoleLimitedToTarget.mof b/Schemas/CIM236/DMTF/User/CIM_RoleLimitedToTarget.mof
new file mode 100644
index 0000000..592f18e
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_RoleLimitedToTarget.mof
@@ -0,0 +1,22 @@
+// Copyright (c) 2008 DMTF. All rights reserved.
+ [Association, Version ( "2.20.0" ),
+ UMLPackagePath ( "CIM::User::Role" ),
+ Description (
+ "The Role object class is used to represent a position or set "
+ "of responsibilities within an organization, organizational "
+ "unit or other scope. When explicitly restricting the target "
+ "elements that may be accessed from this Role, this association "
+ "MUST be used." )]
+class CIM_RoleLimitedToTarget {
+
+ [Key, Description (
+ "The Role whose target set is explicitly defined." )]
+ CIM_Role REF DefiningRole;
+
+ [Key, Description (
+ "Reference to the target set that can be accessed from the Role."
+ )]
+ CIM_ManagedElement REF TargetElement;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SecuritySensitivity.mof b/Schemas/CIM236/DMTF/User/CIM_SecuritySensitivity.mof
new file mode 100644
index 0000000..9645309
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SecuritySensitivity.mof
@@ -0,0 +1,108 @@
+// Copyright (c) 2008 DMTF. All rights reserved.
+ [Version ( "2.19.0" ),
+ UMLPackagePath ( "CIM::User::SecurityLevel" ),
+ Description (
+ "An instance of this class defines a security label used to "
+ "characterize the security clearance necessary to access "
+ "information in a system that supports mandatory access "
+ "controls. The labels have two components, one a hierarchical "
+ "security level and the other a set of non-hierarchical "
+ "security categories. \n"
+ "\n"
+ "Mandatory access control determines whether to allow certain "
+ "actions, based on the following rules: - If the security level "
+ "of a security principal is equal to or greater than the "
+ "security level of an element, and the security categories the "
+ "security principal include all of the security categories of "
+ "the element, then the security principal may read from the "
+ "element. - If the security label of a security principal is "
+ "equal to or less than the security label of an element, and "
+ "the security categories the element include all of the "
+ "security categories of the security principal, then the "
+ "security principal may write to the element.\n"
+ "\n"
+ "An element is assigned a security level via the association, "
+ "ElementSecurityLevel. It can be assigned to any "
+ "ManagedElement, such as Locations, Identities, Roles, Systems, "
+ "Services and LogicalFiles. \n"
+ "\n"
+ "The clearance of a security principal, represented by an "
+ "instance of Identity may be specified by associating an "
+ "instance of this class via IdentitySecurityClearance.\n"
+ "\n"
+ "The set of security levels and categories are determined by a "
+ "business, organization and/or government based on the need to "
+ "protect data and entities from attack, loss, abuse or "
+ "unauthorized disclosure, and the ramifications if this "
+ "protection is not maintained." )]
+class CIM_SecuritySensitivity : CIM_ManagedElement {
+
+ [Key, Override ( "InstanceID" ),
+ Description (
+ "Within the scope of the instantiating Namespace, "
+ "InstanceID opaquely and uniquely identifies an instance "
+ "of this class. In order to ensure uniqueness within the "
+ "NameSpace, the value of InstanceID SHOULD be constructed "
+ "using the following \'preferred\' algorithm: \n"
+ "<OrgID>:<LocalID> \n"
+ "Where <OrgID> and <LocalID> are separated by a colon "
+ "\':\', and where <OrgID> MUST include a copyrighted, "
+ "trademarked or otherwise unique name that is owned by "
+ "the business entity creating/defining the InstanceID, or "
+ "is a registered ID that is assigned to the business "
+ "entity by a recognized global authority. (This is "
+ "similar to the <Schema Name>_<Class Name> structure of "
+ "Schema class names.) In addition, to ensure uniqueness "
+ "<OrgID> MUST NOT contain a colon (\':\'). When using "
+ "this algorithm, the first colon to appear in InstanceID "
+ "MUST appear between <OrgID> and <LocalID>. \n"
+ "<LocalID> is chosen by the business entity and SHOULD "
+ "not be re-used to identify different underlying "
+ "(real-world) elements. If the above \'preferred\' "
+ "algorithm is not used, the defining entity MUST assure "
+ "that the resultant InstanceID is not re-used across any "
+ "InstanceIDs produced by this or other providers for this "
+ "instance\'s NameSpace. For DMTF defined instances, the "
+ "\'preferred\' algorithm MUST be used with the <OrgID> "
+ "set to \'CIM\'." )]
+ string InstanceID;
+
+ [Description (
+ "A string defining the security sensitivity level. Since "
+ "individual organizations each may have their own "
+ "classification systems, the value of this property "
+ "should include sufficient information to assure that the "
+ "value is unambiguous. The value of SecurityLevel should "
+ "be constructed using the following \'preferred\' algorithm:\n"
+ "<OrgID>:[<ClassificationScheme>:]<LevelName> \n"
+ "Where <OrgID> and <ClassificationScheme> and <LevelName> "
+ "are each separated by a colon \':\', and where <OrgID> "
+ "MUST include a copyrighted, trademarked or otherwise "
+ "unique name that is owned by the business or government "
+ "entity creating/defining the classification scheme or is "
+ "a registered ID that is assigned to the business or "
+ "government entity by a recognized global authority. In "
+ "addition, to ensure uniqueness both <OrgID> and "
+ "<ClassificationScheme> MUST NOT contain a colon (\':\'). "
+ "When using this algorithm, the first colon to appear in "
+ "SecurityLevel MUST appear between <OrgID> and "
+ "<ClassificationScheme> and the second colon to appear in "
+ "SecurityLevel MUST appear between <ClassificationScheme> "
+ "and <LevelName>. \n"
+ "<ClassificationName> is chosen by the business or "
+ "government entity and SHOULD not be re-used to identify "
+ "classification schemes. Each classification scheme "
+ "defines one or more LevelNames that are unique within "
+ "the classification scheme. An organization may choose to "
+ "not use a classification scheme. In that case, each "
+ "<LevelName> must not contain a colon (\':\') and must be "
+ "unique within the organization.\n"
+ "Examples: \'Buffalo.edu:Public\', \'Buffalo.edu:Internal "
+ "Use\', \'Buffalo.edu:Confidential\', "
+ "\'Buffalo.edu:Restricted Confidential\', "
+ "\'NSI:Confidential\', \'NSI:Secret\', and \'NSI: Top "
+ "Secret\'" )]
+ string SecurityLevel;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SecurityService.mof b/Schemas/CIM236/DMTF/User/CIM_SecurityService.mof
new file mode 100644
index 0000000..23eb004
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SecurityService.mof
@@ -0,0 +1,8 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Abstract, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description ( "A service providing security functionaity." )]
+class CIM_SecurityService : CIM_Service {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SecurityServiceForSystem.mof b/Schemas/CIM236/DMTF/User/CIM_SecurityServiceForSystem.mof
new file mode 100644
index 0000000..6fd3ed0
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SecurityServiceForSystem.mof
@@ -0,0 +1,27 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_ServiceAvailableToElement" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "The CIM_SecurityServiceForSystem provides the association "
+ "between a System and a SecurityService that provides services "
+ "for that system. This association does not add any constraints "
+ "or semantics to ServiceAvailableToElement. As a result, it is "
+ "deprecated." )]
+class CIM_SecurityServiceForSystem : CIM_ProvidesServiceToElement {
+
+ [Deprecated { "CIM_ServiceAvailableToElement.ServiceProvided" },
+ Override ( "Antecedent" ),
+ Description (
+ "The SecurityService that provides services for the system."
+ )]
+ CIM_SecurityService REF Antecedent;
+
+ [Deprecated { "CIM_ServiceAvailableToElement.UserOfService" },
+ Override ( "Dependent" ),
+ Description (
+ "The system that is dependent on the security service." )]
+ CIM_System REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SecurityServiceUsesAccount.mof b/Schemas/CIM236/DMTF/User/CIM_SecurityServiceUsesAccount.mof
new file mode 100644
index 0000000..44a288d
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SecurityServiceUsesAccount.mof
@@ -0,0 +1,18 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "This relationship associates SecurityService instances to the "
+ "Accounts they use in the course of their work." )]
+class CIM_SecurityServiceUsesAccount : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Description ( "Account used by the SecurityService." )]
+ CIM_Account REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Description ( "The Service using the Account." )]
+ CIM_SecurityService REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_ServiceUsesSecurityService.mof b/Schemas/CIM236/DMTF/User/CIM_ServiceUsesSecurityService.mof
new file mode 100644
index 0000000..a850420
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_ServiceUsesSecurityService.mof
@@ -0,0 +1,21 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_ServiceServiceDependency" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "This relationship associates a Service with the Security "
+ "Services that it uses. This association does not add any "
+ "constraints or semantics to ServiceServiceDependency. As a "
+ "result, it is deprecated." )]
+class CIM_ServiceUsesSecurityService : CIM_ServiceServiceDependency {
+
+ [Deprecated { "CIM_ServiceServiceDependency.Antecedent" },
+ Override ( "Antecedent" )]
+ CIM_SecurityService REF Antecedent;
+
+ [Deprecated { "CIM_ServiceServiceDependency.Dependent" },
+ Override ( "Dependent" )]
+ CIM_Service REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SharedCredential.mof b/Schemas/CIM236/DMTF/User/CIM_SharedCredential.mof
new file mode 100644
index 0000000..a50842e
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SharedCredential.mof
@@ -0,0 +1,67 @@
+// Copyright (c) 2010 DMTF. All rights reserved.
+ [Version ( "2.27.0" ),
+ UMLPackagePath ( "CIM::User::SharedCredential" ),
+ Description (
+ "SharedCredential is a secret (such as a password or the "
+ "response to a challenge question) that is shared between a "
+ "principal and a particular SharedCredential security service. "
+ "Secrets may be in the form of a password used for initial "
+ "authentication, or as with a session key, used as part of a "
+ "message to verify the originator of the message. It is "
+ "important to note that SharedCredential is not just a "
+ "password, but rather is the password used with a particular "
+ "security service." )]
+class CIM_SharedCredential : CIM_Credential {
+
+ [Key, Override ( "InstanceID" ),
+ Description (
+ "Within the scope of the instantiating Namespace, "
+ "InstanceID opaquely and uniquely identifies an instance "
+ "of this class. In order to ensure uniqueness within the "
+ "NameSpace, the value of InstanceID SHOULD be constructed "
+ "using the following \'preferred\' algorithm: \n"
+ "<OrgID>:<LocalID> \n"
+ "Where <OrgID> and <LocalID> are separated by a colon "
+ "\':\', and where <OrgID> MUST include a copyrighted, "
+ "trademarked or otherwise unique name that is owned by "
+ "the business entity creating/defining the InstanceID, or "
+ "is a registered ID that is assigned to the business "
+ "entity by a recognized global authority. (This is "
+ "similar to the <Schema Name>_<Class Name> structure of "
+ "Schema class names.) In addition, to ensure uniqueness, "
+ "<OrgID> MUST NOT contain a colon (\':\'). When using "
+ "this algorithm, the first colon to appear in InstanceID "
+ "MUST appear between <OrgID> and <LocalID>. \n"
+ "<LocalID> is chosen by the organizational entity and "
+ "SHOULD not be re-used to identify different underlying "
+ "(real-world) elements. If the above \'preferred\' "
+ "algorithm is not used, the defining entity MUST assure "
+ "that the resultant InstanceID is not re-used across any "
+ "InstanceIDs produced by this or other providers for this "
+ "instance\'s NameSpace. \n"
+ "For DMTF defined instances, the \'preferred\' algorithm "
+ "MUST be used with the <OrgID> set to \'CIM\'." )]
+ string InstanceID;
+
+ [Description (
+ "RemoteID is the name by which the principal is known at "
+ "the remote secret key authentication service." ),
+ MaxLen ( 256 )]
+ string RemoteID;
+
+ [Description ( "The secret known by the principal." )]
+ string Secret;
+
+ [Description (
+ "The transformation algorithm, if any, used to protect "
+ "passwords before use in the protocol. For instance, "
+ "Kerberos doesn\'t store passwords as the shared secret, "
+ "but rather, a hash of the password." )]
+ string Algorithm;
+
+ [Description (
+ "The protocol with which the SharedCredential is used." )]
+ string Protocol;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SharedSecret.mof b/Schemas/CIM236/DMTF/User/CIM_SharedSecret.mof
new file mode 100644
index 0000000..d260153
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SharedSecret.mof
@@ -0,0 +1,68 @@
+// Copyright (c) 2007, DMTF. All rights reserved.
+ [Deprecated { "CIM_SharedCredential" },
+ Version ( "2.16.0" ),
+ UMLPackagePath ( "CIM::User::SharedSecret" ),
+ Description (
+ "CIM_SharedSecret is a secret (such as a password or the "
+ "response to a challenge question) that is shared between a "
+ "principal and a particular SharedSecret security service. "
+ "Secrets may be in the form of a password used for initial "
+ "authentication, or as with a session key, used as part of a "
+ "message to verify the originator of the message. It is "
+ "important to note that SharedSecret is not just a password, "
+ "but rather is the password used with a particular security "
+ "service." )]
+class CIM_SharedSecret : CIM_Credential {
+
+ [Deprecated { "CIM_SharedCredential.InstanceID" },
+ Key, Description ( "The scoping System\'s CCN." ),
+ MaxLen ( 256 ),
+ Propagated (
+ "CIM_SharedSecretService.SystemCreationClassName" )]
+ string SystemCreationClassName;
+
+ [Deprecated { "CIM_SharedCredential.InstanceID" },
+ Key, Description ( "The scoping System\'s Name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_SharedSecretService.SystemName" )]
+ string SystemName;
+
+ [Deprecated { "CIM_SharedCredential.InstanceID" },
+ Key, Description ( "The scoping Service\'s CCN." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_SharedSecretService.CreationClassName" )]
+ string ServiceCreationClassName;
+
+ [Deprecated { "CIM_SharedCredential.InstanceID" },
+ Key, Description ( "The scoping Service\'s Name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_SharedSecretService.Name" )]
+ string ServiceName;
+
+ [Deprecated { "CIM_SharedCredential.RemoteID" },
+ Key, Description (
+ "RemoteID is the name by which the principal is known at "
+ "the remote secret key authentication service." ),
+ MaxLen ( 256 )]
+ string RemoteID;
+
+ [Deprecated { "CIM_SharedCredential.Secret" },
+ Description ( "The secret known by the principal." ),
+ OctetString]
+ string Secret;
+
+ [Deprecated { "CIM_SharedCredential.Algorithm" },
+ Description (
+ "The transformation algorithm, if any, used to protect "
+ "passwords before use in the protocol. For instance, "
+ "Kerberos doesn\'t store passwords as the shared secret, "
+ "but rather, a hash of the password." )]
+ string Algorithm;
+
+ [Deprecated { "CIM_SharedCredential.Protocol" },
+ Description (
+ "The protocol with which the SharedSecret is used." )]
+ string Protocol;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SharedSecretIsShared.mof b/Schemas/CIM236/DMTF/User/CIM_SharedSecretIsShared.mof
new file mode 100644
index 0000000..7b6fa62
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SharedSecretIsShared.mof
@@ -0,0 +1,23 @@
+// Copyright (c) 2007, DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_ServiceAffectsElement" },
+ Version ( "2.16.0" ),
+ UMLPackagePath ( "CIM::User::SharedSecret" ),
+ Description (
+ "This relationship associates a SharedSecretService with the "
+ "SecretKey it verifies." )]
+class CIM_SharedSecretIsShared : CIM_ManagedCredential {
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectingElement" },
+ Override ( "Antecedent" ),
+ Min ( 1 ),
+ Max ( 1 ),
+ Description ( "The credential management service." )]
+ CIM_SharedSecretService REF Antecedent;
+
+ [Deprecated { "CIM_ServiceAffectsElement.AffectedElement" },
+ Override ( "Dependent" ),
+ Weak, Description ( "The managed credential." )]
+ CIM_SharedSecret REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SharedSecretService.mof b/Schemas/CIM236/DMTF/User/CIM_SharedSecretService.mof
new file mode 100644
index 0000000..a6aeca6
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SharedSecretService.mof
@@ -0,0 +1,26 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::SharedSecret" ),
+ Description (
+ "CIM_SharedSecretService is a service which ascertains whether "
+ "messages received are from the Principal with whom a secret is "
+ "shared. Examples include a login service that proves identity "
+ "on the basis of knowledge of the shared secret, or a transport "
+ "integrity service (like Kerberos provides) that includes a "
+ "message authenticity code that proves each message in the "
+ "messsage stream came from someone who knows the shared secret "
+ "session key." )]
+class CIM_SharedSecretService : CIM_LocalCredentialManagementService {
+
+ [Description (
+ "The Algorithm used to convey the shared secret, such as "
+ "HMAC-MD5,or PLAINTEXT." ),
+ MaxLen ( 256 )]
+ string Algorithm;
+
+ [Description (
+ "The Protocol supported by the SharedSecretService." )]
+ string Protocol;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SignedCredential.mof b/Schemas/CIM236/DMTF/User/CIM_SignedCredential.mof
new file mode 100644
index 0000000..5caa1cb
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SignedCredential.mof
@@ -0,0 +1,78 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "A SignedCredential is a credential that is cryptographically "
+ "signed by a trusted Certificate Authority (CA) or the owner of "
+ "the credential itself." )]
+class CIM_SignedCredential : CIM_Credential {
+
+ [Key, Override ( "InstanceID" ),
+ Description (
+ "Within the scope of the instantiating Namespace, "
+ "InstanceID opaquely and uniquely identifies an instance "
+ "of this class. In order to ensure uniqueness within the "
+ "NameSpace, the value of InstanceID SHOULD be constructed "
+ "using the following \'preferred\' algorithm: \n"
+ "<OrgID>:<LocalID> \n"
+ "Where <OrgID> and <LocalID> are separated by a colon "
+ "\':\', and where <OrgID> MUST include a copyrighted, "
+ "trademarked or otherwise unique name that is owned by "
+ "the business entity creating/defining the InstanceID, or "
+ "is a registered ID that is assigned to the business "
+ "entity by a recognized global authority. (This is "
+ "similar to the <Schema Name>_<Class Name> structure of "
+ "Schema class names.) In addition, to ensure uniqueness, "
+ "<OrgID> MUST NOT contain a colon (\':\'). When using "
+ "this algorithm, the first colon to appear in InstanceID "
+ "MUST appear between <OrgID> and <LocalID>. \n"
+ "<LocalID> is chosen by the organizational entity and "
+ "SHOULD not be re-used to identify different underlying "
+ "(real-world) elements. If the above \'preferred\' "
+ "algorithm is not used, the defining entity MUST assure "
+ "that the resultant InstanceID is not re-used across any "
+ "InstanceIDs produced by this or other providers for this "
+ "instance\'s NameSpace. \n"
+ "For DMTF defined instances, the \'preferred\' algorithm "
+ "MUST be used with the <OrgID> set to \'CIM\'." )]
+ string InstanceID;
+
+ [Description ( "Issuer name who signed the credential." )]
+ string IssuerName;
+
+ [Description (
+ "Certificate authority\'s or credential owner\'s "
+ "identifying digest that confers validity on a signed "
+ "credential." ),
+ OctetString]
+ uint8 Signature[];
+
+ [Description (
+ "Algorithm used to generate the signature. The algorithms "
+ "specified are described in RFC3279. If the value of this "
+ "property is 1, \"Other\", then the "
+ "OtherSignatureAlgorithm shall be non NULL, non blank "
+ "string" ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "11", "12", "13", "14", "15", "16", "17", "18", "19",
+ "20..32767", "32768..65535" },
+ Values { "Other", "SHA1withDSA", "SHA1withECDSA",
+ "SHA224withECDSA", "SHA256withECDSA", "SHA384withECDSA",
+ "SHA512withECDSA", "GOST3411withGOST3410",
+ "GOST3411withECGOST3410", "MD2withRSA", "MD5withRSA",
+ "SHA1withRSA", "SHA224withRSA", "SHA256withRSA",
+ "SHA384withRSA", "SHA512withRSA", "RIPEMD160withRSA",
+ "RIPEMD128withRSA", "RIPEMD256withRSA", "DMTF Reserved",
+ "Vendor Reserved" }]
+ uint16 SignatureAlgorithm;
+
+ [Description (
+ "A string describing the signature algorithm when the "
+ "SignatureAlgorithm property has the value 1, \"Other\"." )]
+ string OtherSignatureAlgorithm;
+
+ [Description ( "Object ID of the signature algorithm." )]
+ string SignatureAlgorithmOID;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_StorageClientSettingData.mof b/Schemas/CIM236/DMTF/User/CIM_StorageClientSettingData.mof
new file mode 100644
index 0000000..77057e4
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_StorageClientSettingData.mof
@@ -0,0 +1,64 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.31.0" ),
+ UMLPackagePath ( "CIM::User::StorageHardwareID" ),
+ Description (
+ "This class models host environment factors that influence the "
+ "behavior of Storage Systems. For example, a disk array has "
+ "different SCSI responses for clients (initiators) configured "
+ "as AIX verses HPUX. Instances of this setting class can be "
+ "associated via ElementSettingData to a storage system\'s "
+ "LogicalPort, ProtocolController, or Volume instances when "
+ "these elements have host awareness. These associations are "
+ "created by the management instrumentation provider to reflect "
+ "the current configuration. A client deletes/creates these "
+ "associations to request changes in element host-awareness. "
+ "This settings class can also be associated with "
+ "StorageHardwareID instances when that HW ID is configured with "
+ "host information. An instance of this setting may include "
+ "several ClientType values if the storage system treats them "
+ "identically. The storage system exposes all supported setting "
+ "instances to a WBEM Enumerate request; the client uses the "
+ "returned settings to determine which types are available." )]
+class CIM_StorageClientSettingData : CIM_SettingData {
+
+ [Description (
+ "This enumeration defines operating system, version, "
+ "driver, and other host environment factors that "
+ "influence the behavior exposed by storage systems. "
+ "Values in this array are combined with data from the "
+ "OtherClientTypeDescriptions property to provide complete "
+ "information on the host environment. \n"
+ "\"Microsoft Windows\" indicates generic Windows "
+ "operating system. To utilize features of a specific "
+ "Windows operating system, use the corresponding value "
+ "for that Windows operating system, for example, "
+ "\"Microsoft Windows Server 2008\"." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
+ "10", "11", "12", "13", "14", "15", "16", "17", "18",
+ "19", "20", "21", "22..32767", "32768..65535" },
+ Values { "Unknown", "Other", "Standard", "Solaris", "HPUX",
+ "OpenVMS", "Tru64", "Netware", "Sequent", "AIX", "DGUX",
+ "Dynix", "Irix", "Cisco iSCSI Storage Router", "Linux",
+ "Microsoft Windows", "OS400", "TRESPASS", "HI-UX",
+ "VMware ESXi", "Microsoft Windows Server 2008",
+ "Microsoft Windows Server 2003", "DMTF Reserved",
+ "Vendor Specific" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_StorageClientSettingData.OtherClientTypeDescriptions" }]
+ uint16 ClientTypes[];
+
+ [Description (
+ "When the the corresponding array entry in ClientTypes[] "
+ "is \"Other\", this entry provides a string describing "
+ "the manufacturer and OS/Environment. When the "
+ "corresponding ClientTypes[] entry is not \"Other\", this "
+ "entry allows variations or qualifications of ClientTypes "
+ "- for example, different versions of Solaris." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_StorageClientSettingData.ClientTypes" }]
+ string OtherClientTypeDescriptions[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_StorageHardwareID.mof b/Schemas/CIM236/DMTF/User/CIM_StorageHardwareID.mof
new file mode 100644
index 0000000..86f0df8
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_StorageHardwareID.mof
@@ -0,0 +1,31 @@
+// Copyright (c) 2012 DMTF. All rights reserved.
+ [Version ( "2.35.0" ),
+ UMLPackagePath ( "CIM::User::StorageHardwareID" ),
+ Description (
+ "CIM_StorageHardwareID is a hardware ID that serves as an "
+ "authorization subject. Example are host controller IDs that "
+ "serve as authorization subjects in disk array LUN Masking." )]
+class CIM_StorageHardwareID : CIM_Identity {
+
+ [Required, Description ( "The hardware worldwide unique ID." ),
+ MaxLen ( 256 ),
+ ModelCorrespondence { "CIM_StorageHardwareID.IDType" }]
+ string StorageID;
+
+ [Required, Description (
+ "The type of the ID property. iSCSI IDs may use one of "
+ "three iSCSI formats - iqn, eui, or naa. This three "
+ "letter format is the name prefix; so a single iSCSI type "
+ "is provided here, the prefix can be used to further "
+ "refine the format." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7" },
+ Values { "Other", "PortWWN", "NodeWWN", "Hostname",
+ "iSCSI Name", "SwitchWWN", "SAS Address" },
+ ModelCorrespondence { "CIM_StorageHardwareID.StorageID" }]
+ uint16 IDType;
+
+ [Description ( "The ID type when IDType is \"Other\"." )]
+ string OtherIDType;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_StorageHardwareIDManagementService.mof b/Schemas/CIM236/DMTF/User/CIM_StorageHardwareIDManagementService.mof
new file mode 100644
index 0000000..a372b08
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_StorageHardwareIDManagementService.mof
@@ -0,0 +1,196 @@
+// Copyright (c) 2012 DMTF. All rights reserved.
+ [Version ( "2.35.0" ),
+ UMLPackagePath ( "CIM::User::StorageHardwareID" ),
+ Description (
+ "StorageHardwareIDManagementService provides methods for "
+ "manipulating instances of StorageHardwareIDs and manipulating "
+ "the trust of these IDs in the underlying storage system." )]
+class CIM_StorageHardwareIDManagementService : CIM_IdentityManagementService {
+
+
+ [Description (
+ "This method creates a CIM_StorageHardwareID, it creates "
+ "the association CIM_ConcreteDependency between this "
+ "service and the new CIM_StorageHardwareID." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6..0xFFF",
+ "0x1000", "0x1001", "0x1003..0x7FFF", "0x8000.." },
+ Values { "Success", "Not Supported", "Unspecified Error",
+ "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
+ "ID already created",
+ "Hardware implementation does not support specified IDType",
+ "Method Reserved", "Vendor Specific" }]
+ uint32 CreateStorageHardwareID(
+ [IN, Description (
+ "The ElementName of the new StorageHardwareID instance."
+ )]
+ string ElementName,
+ [IN, Description (
+ "StorageID is the value used by the SecurityService "
+ "to represent Identity - in this case, a hardware "
+ "worldwide unique name." )]
+ string StorageID,
+ [IN, Description (
+ "The type of the StorageID property. iSCSI IDs may "
+ "use one of three iSCSI formats - iqn, eui, or naa. "
+ "This three letter format is the name prefix; so a "
+ "single iSCSI type is provided here, the prefix can "
+ "be used to further refine the format." ),
+ ValueMap { "1", "2", "3", "4", "5", "7" },
+ Values { "Other", "PortWWN", "NodeWWN", "Hostname",
+ "iSCSI Name", "SAS Address" },
+ ModelCorrespondence { "CIM_StorageHardwareID.IDType" }]
+ uint16 IDType,
+ [IN, Description (
+ "The type of the storage ID, when IDType is \"Other\"."
+ )]
+ string OtherIDType,
+ [IN, Description (
+ "REF to the StorageClientSettingData containing the "
+ "OSType appropriate for this initiator. If left "
+ "NULL, the instrumentation assumes a standard "
+ "OSType - i.e., that no OS-specific behavior for "
+ "this initiator is defined." )]
+ CIM_StorageClientSettingData REF Setting,
+ [IN ( false ), OUT, Description (
+ "REF to the new StorageHardwareID instance." )]
+ CIM_StorageHardwareID REF HardwareID);
+
+ [Description (
+ "This method deletes a named CIM_StorageHardwareID, and "
+ "also tears down the associations that are no longer "
+ "needed, including CIM_ConcreteDependency and "
+ "CIM_AuthorizedSubject." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6..0xFFF",
+ "0x1000", "0x1001..0x7FFF", "0x8000.." },
+ Values { "Success", "Not Supported", "Unspecified Error",
+ "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
+ "Specified instance not found", "Method Reserved",
+ "Vendor Specific" }]
+ uint32 DeleteStorageHardwareID(
+ [IN, Description (
+ "The storage hardware ID to be deleted." )]
+ CIM_StorageHardwareID REF HardwareID);
+
+ [Description (
+ "This method creates a CIM_GatewayPathID and the "
+ "association CIM_ConcreteDependency between this service "
+ "and the new GatewayPathID." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6..0xFFF",
+ "0x1000", "0x1001", "0x1003", "0x1004", "0x1005..0x7FFF",
+ "0x8000.." },
+ Values { "Success", "Not Supported", "Unspecified Error",
+ "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
+ "ID already created",
+ "Hardware implementation does not support specified IDType",
+ "GatewayPathID already created",
+ "Hardware implementation does not support specified GatewayIDType",
+ "Method Reserved", "Vendor Specific" }]
+ uint32 CreateGatewayPathID(
+ [IN, Description (
+ "The ElementName of the new StorageHardwareID instance."
+ )]
+ string ElementName,
+ [IN, Description (
+ "StorageID is the value used by the SecurityService "
+ "to represent Identity - in this case, a hardware "
+ "worldwide unique name." )]
+ string StorageID,
+ [IN, Description (
+ "The type of the StorageID property. iSCSI IDs may "
+ "use one of three iSCSI formats - iqn, eui, or naa. "
+ "This three letter format is the name prefix; so a "
+ "single iSCSI type is provided here, the prefix can "
+ "be used to further refine the format." ),
+ ValueMap { "1", "2", "3", "4", "5", "7" },
+ Values { "Other", "PortWWN", "NodeWWN", "Hostname",
+ "iSCSI Name", "SAS Address" },
+ ModelCorrespondence { "CIM_StorageHardwareID.IDType" }]
+ uint16 IDType,
+ [IN, Description (
+ "The type of the storage ID, when IDType is \"Other\"."
+ )]
+ string OtherIDType,
+ [IN, Description (
+ "GatewayID is the value used by the SecurityService "
+ "to represent identity of a Gateway element." )]
+ string GatewayID,
+ [IN, Description (
+ "The type of the GatewayID property. iSCSI IDs may "
+ "use one of three iSCSI formats - iqn, eui, or naa. "
+ "This three letter format is the name prefix; so a "
+ "single iSCSI type is provided here, the prefix can "
+ "be used to further refine the format." ),
+ ValueMap { "1", "2", "3", "4", "5" },
+ Values { "Other", "PortWWN", "NodeWWN", "Hostname",
+ "iSCSI Name" }]
+ uint16 GatewayIDType,
+ [IN, Description (
+ "The type of the storage ID, when GatewayIDType is \"Other\"."
+ )]
+ string OtherGatewayIDType,
+ [IN ( false ), OUT, Description (
+ "REF to the new GatewayPathID instance." )]
+ CIM_GatewayPathID REF NewGatewayPathID);
+
+ [Description (
+ "Create a group of StorageHardwareIDs as a new instance "
+ "of SystemSpecificCollection. This is useful to define a "
+ "set of authorized subjects that can access volumes in a "
+ "disk array. This method allows the client to make a "
+ "request of a specific Service instance to create the "
+ "collection and provide the appropriate class name. When "
+ "these capabilities are standardized in CIM/WBEM, this "
+ "method can be deprecated and intrinsic methods used. In "
+ "addition to creating the collection, this method causes "
+ "the creation of the HostedCollection association (to "
+ "this service\'s scoping system) and MemberOfCollection "
+ "association to members of the IDs parameter." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6..0xFFF",
+ "0x1000", "0x1001", "0x1002", "0x1003..0x7FFF", "0x8000.." },
+ Values { "Success", "Not Supported", "Unspecified Error",
+ "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
+ "Invalid HardwareID instance",
+ "Implementation does not support hardware ID collections",
+ "Input hardware IDs cannot be used in same collection",
+ "Method Reserved", "Vendor Specific" }]
+ uint32 CreateHardwareIDCollection(
+ [IN, Description (
+ "The ElementName to be assigned to the created collection."
+ )]
+ string ElementName,
+ [IN, Description (
+ "Array of strings containing representations of "
+ "references to StorageHardwareID instances that "
+ "will become members of the new collection." )]
+ string HardwareIDs[],
+ [IN ( false ), OUT, Description (
+ "The new instance of SystemSpecificCollection that is created."
+ )]
+ CIM_SystemSpecificCollection REF Collection);
+
+ [Description (
+ "Create MemberOfCollection instances between the "
+ "specified Collection and the StorageHardwareIDs. This "
+ "method allows the client to make a request of a specific "
+ "Service instance to create the associations. When these "
+ "capabilities are standardized in CIM/WBEM, this method "
+ "can be deprecated and intrinsic methods used." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6..0xFFF",
+ "0x1000", "0x1001", "0x1002", "0x1003..0x7FFF", "0x8000.." },
+ Values { "Success", "Not Supported", "Unspecified Error",
+ "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
+ "Invalid LogicalDevice instance",
+ "Implementation does not support device collections",
+ "Input devices cannot be used in this collection",
+ "Method Reserved", "Vendor Specific" }]
+ uint32 AddHardwareIDsToCollection(
+ [IN, Description (
+ "Array of strings containing representations of "
+ "references to StorageHardwareID instances that "
+ "will become members of the collection." )]
+ string HardwareIDs[],
+ [IN, Description (
+ "The Collection which groups the StorageHardwareIDs." )]
+ CIM_SystemSpecificCollection REF Collection);
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SystemAdministrator.mof b/Schemas/CIM236/DMTF/User/CIM_SystemAdministrator.mof
new file mode 100644
index 0000000..841b8de
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SystemAdministrator.mof
@@ -0,0 +1,20 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "CIM_SystemAdministrator is an association used to identify the "
+ "UserEntity as a system administrator of a CIM_System." )]
+class CIM_SystemAdministrator : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Description ( "The administered system." )]
+ CIM_System REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Description (
+ "The UserEntity that provides the admininstrative "
+ "function for the associated system." )]
+ CIM_UserEntity REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SystemAdministratorGroup.mof b/Schemas/CIM236/DMTF/User/CIM_SystemAdministratorGroup.mof
new file mode 100644
index 0000000..47ad684
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SystemAdministratorGroup.mof
@@ -0,0 +1,19 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Group" ),
+ Description (
+ "CIM_SystemAdministratorGroup is an association used to "
+ "identify a Group that has system administrator "
+ "responsibilities for a CIM_System." )]
+class CIM_SystemAdministratorGroup : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Description ( "The administered system." )]
+ CIM_System REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Description ( "The Group of administrators." )]
+ CIM_Group REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_SystemAdministratorRole.mof b/Schemas/CIM236/DMTF/User/CIM_SystemAdministratorRole.mof
new file mode 100644
index 0000000..65d2c2e
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_SystemAdministratorRole.mof
@@ -0,0 +1,18 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Role" ),
+ Description (
+ "CIM_SystemAdministratorRole is an association used to identify "
+ "a system administrator Role for a CIM_System." )]
+class CIM_SystemAdministratorRole : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Description ( "The administered system." )]
+ CIM_System REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Description ( "The system administration role." )]
+ CIM_Role REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_TrustHierarchy.mof b/Schemas/CIM236/DMTF/User/CIM_TrustHierarchy.mof
new file mode 100644
index 0000000..c38b845
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_TrustHierarchy.mof
@@ -0,0 +1,22 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_TrustHierarchy is an association between two "
+ "CredentialManagementService instances that establishes the "
+ "trust hierarchy between them." )]
+class CIM_TrustHierarchy : CIM_Dependency {
+
+ [Override ( "Antecedent" ),
+ Max ( 1 ),
+ Description (
+ "The superior CredentialManagementService from which the "
+ "dependent service gets its authority." )]
+ CIM_CredentialManagementService REF Antecedent;
+
+ [Override ( "Dependent" ),
+ Description ( "The subordinate CredentialManagementService." )]
+ CIM_CredentialManagementService REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_UnsignedCredential.mof b/Schemas/CIM236/DMTF/User/CIM_UnsignedCredential.mof
new file mode 100644
index 0000000..ea67d5d
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_UnsignedCredential.mof
@@ -0,0 +1,70 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "A UnsignedCredential represents an unsigned public key "
+ "credential. Services accept the public key as authentic "
+ "because of a direct trust relationship, rather than via a "
+ "third-party Certificate Authority." )]
+class CIM_UnsignedCredential : CIM_Credential {
+
+ [Key, Override ( "InstanceID" )]
+ string InstanceID;
+
+ [Description (
+ "The Identity of the Peer with whom a direct trust "
+ "relationship exists. The public key may be used for "
+ "security functions with the Peer." ),
+ MaxLen ( 256 ),
+ ModelCorrespondence {
+ "CIM_UnsignedCredential.PeerIdentityType" }]
+ string PeerIdentity;
+
+ [Description (
+ "PeerIdentityType is used to describe the type of the "
+ "PeerIdentity. The currently defined values are used for "
+ "IKE identities." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
+ "10", "11" },
+ Values { "Other", "IPV4_ADDR", "FQDN", "USER_FQDN",
+ "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
+ "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
+ "DER_ASN1_GN", "KEY_ID" },
+ ModelCorrespondence { "CIM_UnsignedCredential.PeerIdentity" }]
+ uint16 PeerIdentityType;
+
+ [Description (
+ "The public key, encoded as indicated by PublicKeyEncoding."
+ ),
+ OctetString, ModelCorrespondence {
+ "CIM_UnsignedCredential.OtherPublicKeyEncoding",
+ "CIM_UnsignedCredential.PublicKeyEncoding" }]
+ string PublicKey[];
+
+ [Description (
+ "An enumeration defining the encoding in PublicKey.\n"
+ "ASN.1 DER: encoded according to the Abstract Syntax "
+ "Notation One (ASN.1) Distinguished Encoding Rules (DER), "
+ "defined in the ITU-T X.680 series of standards.\n"
+ "SSH mpint: encoded according to the mpint format defined "
+ "in IETF RFC4251 for representation of multiple-precision "
+ "integers in SSH and other network protocols." ),
+ ValueMap { "0", "1", "2", "3", ".." },
+ Values { "Unknown", "Other", "ASN.1 DER", "SSH mpint",
+ "DMTF Reserved" },
+ ModelCorrespondence { "CIM_UnsignedCredential.PublicKey",
+ "CIM_UnsignedCredential.OtherPublicKeyEncoding" }]
+ uint16 PublicKeyEncoding;
+
+ [Description (
+ "A string that describes the encoding of PublicKey when "
+ "PublicKeyEncoding is set to 1 (\"Other\"). This property "
+ "shall be set to null when PublicKeyEncoding is any value "
+ "other than 1." ),
+ ModelCorrespondence {
+ "CIM_UnsignedCredential.PublicKeyEncoding",
+ "CIM_UnsignedCredential.PublicKey" }]
+ string OtherPublicKeyEncoding;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_UnsignedPublicKey.mof b/Schemas/CIM236/DMTF/User/CIM_UnsignedPublicKey.mof
new file mode 100644
index 0000000..303fc81
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_UnsignedPublicKey.mof
@@ -0,0 +1,67 @@
+// Copyright (c) 2007, DMTF. All rights reserved.
+ [Deprecated { "CIM_UnsignedCredential" },
+ Version ( "2.16.0" ),
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "A CIM_UnsignedPublicKey represents an unsigned public key "
+ "credential. Services accept the public key as authentic "
+ "because of a direct trust relationship, rather than via a "
+ "third-party Certificate Authority." )]
+class CIM_UnsignedPublicKey : CIM_Credential {
+
+ [Deprecated { "CIM_UnsignedCredential.InstanceID" },
+ Key, Description ( "The scoping System\'s CCN." ),
+ MaxLen ( 256 ),
+ Propagated (
+ "CIM_PublicKeyManagementService.SystemCreationClassName" )]
+ string SystemCreationClassName;
+
+ [Deprecated { "CIM_UnsignedCredential.InstanceID" },
+ Key, Description ( "The scoping System\'s Name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_PublicKeyManagementService.SystemName" )]
+ string SystemName;
+
+ [Deprecated { "CIM_UnsignedCredential.InstanceID" },
+ Key, Description ( "The scoping Service\'s CCN." ),
+ MaxLen ( 256 ),
+ Propagated (
+ "CIM_PublicKeyManagementService.CreationClassName" )]
+ string ServiceCreationClassName;
+
+ [Deprecated { "CIM_UnsignedCredential.InstanceID" },
+ Key, Description ( "The scoping Service\'s Name." ),
+ MaxLen ( 256 ),
+ Propagated ( "CIM_PublicKeyManagementService.Name" )]
+ string ServiceName;
+
+ [Deprecated { "CIM_UnsignedCredential.PeerIdentity" },
+ Key, Description (
+ "The Identity of the Peer with whom a direct trust "
+ "relationship exists. The public key may be used for "
+ "security functions with the Peer." ),
+ MaxLen ( 256 ),
+ ModelCorrespondence { "CIM_UnsignedPublicKey.PeerIdentityType" }]
+ string PeerIdentity;
+
+ [Deprecated { "CIM_UnsignedCredential.PeerIdentityType" },
+ Description (
+ "PeerIdentityType is used to describe the type of the "
+ "PeerIdentity. The currently defined values are used for "
+ "IKE identities." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
+ "10", "11" },
+ Values { "Other", "IPV4_ADDR", "FQDN", "USER_FQDN",
+ "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
+ "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
+ "DER_ASN1_GN", "KEY_ID" },
+ ModelCorrespondence { "CIM_UnsignedPublicKey.PeerIdentity" }]
+ uint16 PeerIdentityType;
+
+ [Deprecated { "CIM_UnsignedCredential.PublicKey" },
+ Description ( "The DER-encoded raw public key." ),
+ OctetString]
+ uint8 PublicKey[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_UserContact.mof b/Schemas/CIM236/DMTF/User/CIM_UserContact.mof
new file mode 100644
index 0000000..e82564d
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_UserContact.mof
@@ -0,0 +1,83 @@
+// Copyright (c) 2012 DMTF. All rights reserved.
+ [Version ( "2.33.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "UserContact contains the details related to contacting a user. "
+ "This information will be promoted to UserEntity in a later "
+ "major release of CIM, but cannot be promoted at this time "
+ "since UserEntity is abstract today, with no keys. Key and "
+ "required properties cannot be added to a class in a minor "
+ "version release since this breaks backward compatibility." )]
+class CIM_UserContact : CIM_UserEntity {
+
+ [Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Key, Description (
+ "The Name property defines the label by which the object "
+ "is known. In the case of an LDAP-derived instance, the "
+ "Name property value may be set to the distinguished name "
+ "of the LDAP-accessed object instance." ),
+ MaxLen ( 1024 )]
+ string Name;
+
+ [Description (
+ "The Given Name property is used for the part of a "
+ "person\'s name that is not their surname nor their "
+ "middle name (i.e., their first name)." )]
+ string GivenName;
+
+ [Description (
+ "The Surname property specifies the linguistic construct "
+ "that normally is inherited by an individual from the "
+ "individual\'s parent or assumed by marriage, and by "
+ "which the individual is commonly known." )]
+ string Surname;
+
+ [Description (
+ "Based on RFC1274, the mail box addresses for the person "
+ "as defined in RFC822." )]
+ string Mail;
+
+ [Description (
+ "A User ID property. Based on RFC1274, the property may "
+ "be used to specify a computer system login name." )]
+ string UserID;
+
+ [Description (
+ "This property contains the name of a locality, such as a "
+ "city, county or other geographic region." )]
+ string LocalityName;
+
+ [Description (
+ "The PostalAddress property values specify the address "
+ "information required for the physical delivery of postal "
+ "messages by the postal authority to the person." )]
+ string PostalAddress[];
+
+ [Description (
+ "The State or Province name property specifies a state or province."
+ )]
+ string StateOrProvince;
+
+ [Description (
+ "The PostalCode property specifies the postal code of the "
+ "organization. If this value is present it will be part "
+ "of the object\'s postal address." ),
+ MaxLen ( 40 )]
+ string PostalCode;
+
+ [Description (
+ "The TelephoneNumber property specifies a telephone "
+ "number of the organization, e.g. + 44 582 10101)." ),
+ MaxLen ( 32 )]
+ string TelephoneNumber;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_UserEntity.mof b/Schemas/CIM236/DMTF/User/CIM_UserEntity.mof
new file mode 100644
index 0000000..cf43eb9
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_UserEntity.mof
@@ -0,0 +1,10 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Abstract, Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::Org" ),
+ Description (
+ "UserEntity is an abstract class that represents users - their "
+ "names, contact data and similar information." )]
+class CIM_UserEntity : CIM_OrganizationalEntity {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_UsersAccess.mof b/Schemas/CIM236/DMTF/User/CIM_UsersAccess.mof
new file mode 100644
index 0000000..c71d4e1
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_UsersAccess.mof
@@ -0,0 +1,62 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Deprecated { "CIM_Identity" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::UsersAccess" ),
+ Description (
+ "The UsersAccess object class is used to specify a \'user\' "
+ "that is permitted access to resources. The ManagedElement that "
+ "has access to the resources (represented in the model using "
+ "the ElementAsUser association) may be a person, a service, a "
+ "service access point or any collection thereof. \n"
+ "\n"
+ "This class is deprecated in lieu of the simpler CIM_Identity "
+ "abstraction. The UsersAccess class combines credential "
+ "requirements (in the form of biometric requirements) with the "
+ "concepts of organizational information (via its position in "
+ "the inheritance hierarchy), and identity management. These "
+ "concepts need to be separated to be better understood and "
+ "managed - hence, the deprecation." )]
+class CIM_UsersAccess : CIM_UserEntity {
+
+ [Deprecated { "No value" },
+ Key, Description (
+ "CreationClassName indicates the name of the class or the "
+ "subclass used in the creation of an instance. When used "
+ "with the other key properties of this class, this "
+ "property allows all instances of this class and its "
+ "subclasses to be uniquely identified." ),
+ MaxLen ( 256 )]
+ string CreationClassName;
+
+ [Deprecated { "CIM_Identity.ElementName" },
+ Key, Description (
+ "The Name property defines the label by which the object is known."
+ ),
+ MaxLen ( 256 )]
+ string Name;
+
+ [Deprecated { "CIM_Identity.InstanceID" },
+ Key, Description (
+ "The ElementID property uniquely specifies the "
+ "ManagedElement object instance that is the user "
+ "represented by the UsersAccess object instance. The "
+ "ElementID is formatted similarly to a model path except "
+ "that the property-value pairs are ordered in "
+ "alphabetical order (US ASCII lexical order)." )]
+ string ElementID;
+
+ [Deprecated { "No value" },
+ Description (
+ "Biometric information used to identify a person. The "
+ "property value is left null or set to \'N/A\' for "
+ "non-human user or a user not using biometric information "
+ "for authentication. This property is deprecated as it "
+ "represents required Credential information and is more "
+ "correctly modeled as a specific biometric credential." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8" },
+ Values { "N/A", "Other", "Facial", "Retina", "Mark",
+ "Finger", "Voice", "DNA-RNA", "EEG" }]
+ uint16 Biometric[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_UsersAccount.mof b/Schemas/CIM236/DMTF/User/CIM_UsersAccount.mof
new file mode 100644
index 0000000..8dd54da
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_UsersAccount.mof
@@ -0,0 +1,26 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_AccountIdentity" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::Account" ),
+ Description (
+ "This relationship associates UsersAccess with the Accounts "
+ "with which they\'re able to interact. This association is "
+ "deprecated in lieu of AccountIdentity, which defines similar "
+ "semantics. This was done since the UsersAccess reference in "
+ "UsersAccount has been deprecated and replaced by the more "
+ "specific semantics of CIM_Identity." )]
+class CIM_UsersAccount : CIM_Dependency {
+
+ [Deprecated { "CIM_AccountIdentity.SystemElement" },
+ Override ( "Antecedent" ),
+ Description ( "The user\'s Account." )]
+ CIM_Account REF Antecedent;
+
+ [Deprecated { "CIM_AccountIdentity.SameElement" },
+ Override ( "Dependent" ),
+ Description (
+ "The User as identified by their UsersAccess instance." )]
+ CIM_UsersAccess REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_UsersCredential.mof b/Schemas/CIM236/DMTF/User/CIM_UsersCredential.mof
new file mode 100644
index 0000000..1e4b032
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_UsersCredential.mof
@@ -0,0 +1,28 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Association, Deprecated { "CIM_AuthenticationCondition" },
+ Version ( "2.8.0" ),
+ UMLPackagePath ( "CIM::User::UsersAccess" ),
+ Description (
+ "CIM_UsersCredential is an association used to establish the "
+ "credentials that may be used for a UsersAccess to a system or "
+ "set of systems. \n"
+ "\n"
+ "Since the UsersAccess class is deprecated in lieu of "
+ "CIM_Identity, this association is also deprecated and replaced "
+ "by policy - where the AuthenticationCondition class describes "
+ "the credentials that SHOULD be authenticated in order to "
+ "establish the Identity." )]
+class CIM_UsersCredential : CIM_Dependency {
+
+ [Deprecated { "CIM_AuthenticationCondition" },
+ Override ( "Antecedent" ),
+ Description ( "The issued credential that may be used." )]
+ CIM_Credential REF Antecedent;
+
+ [Deprecated { "CIM_Identity" },
+ Override ( "Dependent" ),
+ Description ( "The UsersAccess that has use of a credential." )]
+ CIM_UsersAccess REF Dependent;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_VerificationService.mof b/Schemas/CIM236/DMTF/User/CIM_VerificationService.mof
new file mode 100644
index 0000000..ddc31c1
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_VerificationService.mof
@@ -0,0 +1,12 @@
+// Copyright (c) 2005 DMTF. All rights reserved.
+ [Version ( "2.6.0" ),
+ UMLPackagePath ( "CIM::User::SecurityServices" ),
+ Description (
+ "CIM_VerificationService is the authentication service that "
+ "verifies a credential for use and may also verify the "
+ "appropriateness of a particular credential in conjunction with "
+ "a particular target resource." )]
+class CIM_VerificationService : CIM_AuthenticationService {
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_X509CRL.mof b/Schemas/CIM236/DMTF/User/CIM_X509CRL.mof
new file mode 100644
index 0000000..d1df358
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_X509CRL.mof
@@ -0,0 +1,61 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ ClassConstraint {
+ "/* The constraints below aim to efficiently */ /* represent a singular OctetString. Each of the properties*/ /* is a single encoded string, thus only the first element */ /* needs to be populated. */ inv:self.EncodedCRL->size()=1" },
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "CIM_X509CRL describes Internet X509 Public Key Infrastructure "
+ "(PKI) standard based Certificate Revocation List (CRL). CRL is "
+ "issued by a Certificate Authority\'s (CA) to update the list "
+ "of the certificates used in the authentication. Upon "
+ "application of a CRL to a set of certificates, the "
+ "certificates matched to those contained in the CRL would be "
+ "revoked and invalidated for use in authentication. Refer to "
+ "the Internet X.509 PKI standard (RFC 3280) for more "
+ "information." )]
+class CIM_X509CRL : CIM_X509Infrastructure {
+
+ [Override ( "Issued" ),
+ Description (
+ "This property corresponds to the thisUpdate field in the "
+ "Internet X509 PKI standard. The property represents the "
+ "issue date of the CRL. Use a value of all "
+ "\'00000101000000.000000+000\', (midnight, January 1, 1 "
+ "BCE at coordinated universal time +0 minutes), if this "
+ "information is not applicable. On CreateInstance, if "
+ "this property is unspecified, or set to NULL, then "
+ "current time is assumed." )]
+ datetime Issued;
+
+ [Override ( "Expires" ),
+ Description (
+ "This property is not applicable for CIM_X509CRL class "
+ "and shall either have value of \n"
+ "\'99991231115959.999999-720\' as defined by DSP0004 to "
+ "mean \"infinite future or NULL." )]
+ datetime Expires;
+
+ [Description (
+ "The property represents the date by which the next CRL "
+ "will be issued. The next CRL could be issued before the "
+ "indicated date, but it will not be issued any later than "
+ "the indicated date. If this information is not "
+ "applicable, use a value of \n"
+ "\'99991231115959.999999-720\' as defined by DSP0004 to "
+ "mean \"infinite future." )]
+ datetime NextUpdate;
+
+ [Description (
+ "The full content of the CRL in binary form.Only the "
+ "first element of the array property shall be populated." ),
+ OctetString]
+ string EncodedCRL[];
+
+ [Description (
+ "An array of serial numbers of X.509 certificates that "
+ "are part of CRL." ),
+ OctetString]
+ string SerialNumbers[];
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_X509Certificate.mof b/Schemas/CIM236/DMTF/User/CIM_X509Certificate.mof
new file mode 100644
index 0000000..6043fd3
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_X509Certificate.mof
@@ -0,0 +1,163 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ ClassConstraint {
+ "/* The constraints below aim to efficiently */ /* represent a singular OctetString. Each of the properties*/ /* is a single encoded stringthus only the first element */ /* needs to be populated. */ inv:self.PublicKey->size()<=1 and self.SerialNumber->size()<=1 and self.EncodedCertificate->size()<=1" },
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "CIM_X509Certificate describes Internet X509 Public Key "
+ "Infrastructure (PKI) standard based certificates. The "
+ "certificates are signed by a trusted Certificate Authority "
+ "(CA) or by the owner of the certificate and issued to an "
+ "authenticated entity (e.g., human user, service, etc.) called "
+ "the Subject in the certificate. The public key in the "
+ "certificate is cryptographically related to a private key that "
+ "is held and kept private by the authenticated Subject. The "
+ "certificate and its related private key can then be used for "
+ "establishing trust relationships and securing communications "
+ "with the Subject. Refer to the Internet X.509 PKI standard "
+ "(RFC 3280) for more information." )]
+class CIM_X509Certificate : CIM_X509Infrastructure {
+
+ [Description (
+ "Distinguished name identifying the subject of the "
+ "certificate.Subject shall contain information as "
+ "required by section 4.1.2.6 of RFC 3280 and shall be "
+ "formatted based on RFC 4514." ),
+ DN, MappingStrings { "RFC3280.IETF|Section 4.1.2.6" }]
+ string Subject;
+
+ [Description (
+ "Alternate subject identifier for the Certificate." ),
+ MappingStrings { "RFC3280.IETF|Section 4.2.1.7" }]
+ string AltSubject;
+
+ [Description (
+ "The DER-encoded raw public key that belongs to the "
+ "subject the certificate vouches for.Only the first "
+ "element of PublicKey array property shall be populated "
+ "with DER encoded raw public key octet string." ),
+ OctetString, MappingStrings { "RFC3280.IETF|Section 4.1.2.7" }]
+ string PublicKey[];
+
+ [Description (
+ "The length of the public key represented in the "
+ "PublicKey property." ),
+ MappingStrings { "RFC3280.IETF|Section 4.1.2.7" }]
+ uint16 PublicKeySize;
+
+ [Description (
+ "IsValid represents whether the certificate is currently "
+ "valid. When the certificate is revoked or expired or put "
+ "on hold or invalidated for any reason IsValid shall be "
+ "set to FALSE." )]
+ boolean IsValid;
+
+ [Description (
+ "Unique number that identifies this certificate.Only the "
+ "first element of the array property shall be populated." ),
+ OctetString, MappingStrings { "RFC3280.IETF|Section 4.1.2.2" }]
+ string SerialNumber[];
+
+ [Description ( "Public key algorithm." ),
+ ValueMap { "0", "2", "3", "4", "5..32767", "32768..65535" },
+ Values { "Unknown", "RSA", "DSA", "ECDSA", "DMTF Reserved",
+ "Vendor Specified" },
+ MappingStrings { "RFC3280.IETF|Section 4.1.2.7" }]
+ uint16 PublicKeyAlgorithm;
+
+ [Description (
+ "Key usage defines the purpose of the key. Key usage "
+ "could include digital signing, key agreement, "
+ "certificate signing, and more. The key usage is an "
+ "extension to the X.509 specification." ),
+ ValueMap { "0", "2", "3", "4", "5", "6", "7", "8..32767",
+ "32768..65535" },
+ Values { "Unknown", "Digital Signature", "Non Repudiation",
+ "Key Encipherment", "Data Encipherment", "Key Agreement",
+ "Key Certificate Signature", "DMTF Reserved",
+ "Vendor Specified" },
+ MappingStrings { "RFC3280.IETF|Section 4.2.1.3" }]
+ uint16 KeyUsage[];
+
+ [Description (
+ "This extension indicates one or more purposes for which "
+ "the certified public key may be used, in addition to or "
+ "in place of the basic purposes indicated in the key "
+ "usage extension." ),
+ MappingStrings { "RFC3280.IETF|Section 4.2.1.13" }]
+ string ExtendedKeyUsage[];
+
+ [Description (
+ "An X.509 certificate may contain an optional extension "
+ "that identifies whether the subject of the certificate "
+ "is a certificate authority (CA). If the subject is a CA, "
+ "this property defines the number of certificates that "
+ "may follow this certificate in a certification chain." ),
+ MappingStrings { "RFC3280.IETF|Section 4.2.1.10" }]
+ uint16 PathLengthConstraint;
+
+ [Description (
+ "The full content of the certificate in binary form.Only "
+ "the first element of the array property shall be "
+ "populated." ),
+ OctetString, MappingStrings { "RFC3280.IETF|Section 4" }]
+ string EncodedCertificate[];
+
+ [Description (
+ "Extension identifier array for additional attributes "
+ "associated with the certificate. The corresponding array "
+ "element in the IsCritical property denotes whether the "
+ "extension is critical. The corresponding array element "
+ "in the ExtensionValue property contains the value of the "
+ "extension attribute." ),
+ ArrayType ( "Indexed" ),
+ MappingStrings { "RFC3280.IETF|Section 4.1.2.9",
+ "RFC3280.IETF|Section 4.2" },
+ ModelCorrespondence { "CIM_X509Certificate.IsCritical",
+ "CIM_X509Certificate.ExtensionValue" }]
+ string ExtensionID[];
+
+ [Description (
+ "Certificate extension attribute value array. The "
+ "corresponding array element in the ExtensionID property "
+ "contains the identifier of the certificate extension "
+ "attribute. The corresponding array element in the "
+ "IsCritical property denotes whether the extension is "
+ "critical." ),
+ ArrayType ( "Indexed" ),
+ MappingStrings { "RFC3280.IETF|Section 4.1.2.9",
+ "RFC3280.IETF|Section 4.2" },
+ ModelCorrespondence { "CIM_X509Certificate.IsCritical",
+ "CIM_X509Certificate.ExtensionID" }]
+ string ExtensionValue[];
+
+ [Description (
+ "TRUE value represents that the extension attribute is "
+ "critical. The corresponding array element in the "
+ "ExtensionID property contains the identifier of the "
+ "extension attribute. The corresponding array element in "
+ "the ExtensionValue property contains the value of the "
+ "extension attribute." ),
+ ArrayType ( "Indexed" ),
+ MappingStrings { "RFC3280.IETF|Section 4.1.2.9",
+ "RFC3280.IETF|Section 4.2" },
+ ModelCorrespondence { "CIM_X509Certificate.ExtensionID",
+ "CIM_X509Certificate.ExtensionValue" }]
+ boolean IsCritical[];
+
+ [Description (
+ "String that identifies the issuer of the certificate." ),
+ MappingStrings { "RFC3280.IETF|Section 4.1.2.8" }]
+ string IssuerUniqueID;
+
+ [Description ( "Certificate\'s unique subject identifier." ),
+ MappingStrings { "RFC3280.IETF|Section 4.1.2.8" }]
+ string SubjectUniqueID;
+
+ [Description (
+ "TRUE value represents that the certificate is a trusted "
+ "root certificate." )]
+ boolean TrustedRootCertificate;
+
+
+};
diff --git a/Schemas/CIM236/DMTF/User/CIM_X509Infrastructure.mof b/Schemas/CIM236/DMTF/User/CIM_X509Infrastructure.mof
new file mode 100644
index 0000000..f69a65b
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_X509Infrastructure.mof
@@ -0,0 +1,86 @@
+// Copyright (c) 2011 DMTF. All rights reserved.
+ [Version ( "2.29.0" ),
+ ClassConstraint {
+ "/* The constraints below aim to efficiently */ /* represent a singular OctetString. Each of the properties*/ /* is a single encoded string, thus only the first element */ /* needs to be populated. */ inv:self.TBSCertificate->size()<=1" },
+ UMLPackagePath ( "CIM::User::PublicKey" ),
+ Description (
+ "CIM_X509Infrastructure describes Internet X509 Public Key "
+ "Infrastructure (PKI) standard based properties used by "
+ "certificates and certificate revocation lists. For more "
+ "information on the Internet X509 PKI refer to the RFC 3280." )]
+class CIM_X509Infrastructure : CIM_SignedCredential {
+
+ [Description ( "Version of X.509." ),
+ ValueMap { "0", "2", "3", "4", "..", "32768..65535" },
+ Values { "Unknown", "v1", "v2", "v3", "DMTF Reserved",
+ "Vendor Specified" },
+ MappingStrings { "RFC3280.IETF|Section 4.1.2.1",
+ "RFC3280.IETF|Section 5.1.2.1" }]
+ uint16 Version;
+
+ [Description (
+ "The To Be Signed (TBS) certificate is used as an input "
+ "data to the signature algorithm when the certificate is "
+ "signed or verified. Only the first element of the array "
+ "property shall be populated." ),
+ OctetString, MappingStrings { "RFC3280.IETF|Section 4.1.2",
+ "RFC3280.IETF|Section 5.1.2" }]
+ string TBSCertificate[];
+
+ [Description (
+ "Digital signature algorithm that verifies data integrity "
+ "by creating a 128-bit message digest or fingerprint. The "
+ "fingerprint is unique to the input data and contains the "
+ "binary hash of the encoded X509 object such as encoded "
+ "certificate or CRL." ),
+ OctetString]
+ string MD5Fingerprint[];
+
+ [Description (
+ "Secure hashing algorithm, a cryptographic message digest "
+ "algorithm used to verify data integrity by making "
+ "replication of the fingerprint. The fingerprint is "
+ "unique to the input data and contains the binary hash of "
+ "the encoded X509 object such as encoded certificate or "
+ "CRL." ),
+ OctetString]
+ string SHA1Fingerprint[];
+
+ [Description (
+ "The algorithm used for hashing the encoded X509 "
+ "certificate\'s or CRL\'s message digest represented in "
+ "the corresponding element of the FingerPrint array." ),
+ ValueMap { "2", "3", "..", "32768..65535" },
+ Values { "MD5", "SHA1", "DMTF Reserved", "Vendor Specified" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence { "CIM_X509Infrastructure.Fingerprints" }]
+ uint16 FingerprintDigestAlgorithms[];
+
+ [Description (
+ "Fingerprints property represents the message digests of "
+ "the encoded X509 certificate or CRL that uniquely "
+ "identify it and can be used for the integrity "
+ "verification of the X509 certificate or CRL. Fingerprint "
+ "is the hash of the encoded X509 certificate or CRL that "
+ "is based on the algorithm described in the corresponding "
+ "element of the FingerprintDigestAlgorithms array." ),
+ OctetString, ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_X509Infrastructure.FingerprintDigestAlgorithms" }]
+ string Fingerprints[];
+
+ [Override ( "IssuerName" ),
+ Description (
+ "Issuer represents the information about the issuer of "
+ "the CRL. The Issuer property shall contain information "
+ "as required by section 4.1.2.4 of RFC 3280 and shall be "
+ "formatted based on RFC 4514. An example of the value of "
+ "the Subject parameter could be \"CN=Marshall T. Rose, "
+ "O=Dover Beach Consulting, OU=Sales, L=Santa Clara, "
+ "ST=California, C=US\"." ),
+ DN, MappingStrings { "RFC3280.IETF|Section 4.1.2.4",
+ "RFC3280.IETF|Section 5.1.2.3" }]
+ string IssuerName;
+
+
+};