The SecurityLevel3 interfaces and its security data structures are based on the Principal Calculus. This is a mathematical model of representing principals for the use of access control and auditing.
The SecurityLevel3 Security Service is represented by two objects that are returned by the ORB's resolve_initial_reference call. Those two objects are the SecurityManager and the SecurityCurrent. Other objects associated with the security service emanate from these two objects.
The SecurityLevel3 Security Service has a Credentials model. This model, which is heavily based on the Principal Calculus, yields an API for accessing principal information. The credentials represent a principal's credentials, as well as the establishment of security contexts between client and servers.
The SecurityLevel3 Security Service is currently CSIv2 Level 2 compliant:
The Security Level 3 ORB Security Service does supports retention of CSI state. Client Authentication information and Identity assertion information is transmitted on each request.
The Security Level 3 ORB Security Service does not automatically support endorsement at this time (CSIv2 Level 2 compliance), but does give you facility to do so.
CredentialsCurator object is a single object per an ORB
instance's Security Service.
SecurityCurrent object references thread specific
data pertaining to the security service.
SecurityManager object represents the Security Level 3
Security Service.
Credentials Usage refers to the concept that Credentials may be used to initiate security context, accept security contexts, or do both.
typedef string AcquisitionMethod;Credentials are acquired by a Credentials Acquirer by some acquisition mechanism specified in the Credentials Curator. Acquisition methods are available on the curator. The specifics of arguments needed and the acquisition process are defined by the method itself.
typedef sequence<AcquisitionMethod> AcquisitionMethodList;
typedef long AcquisitionStatus;An acquisition of credentials may quite possibly fail as well as be a multistep process. A status defines the current state of an acquisition.
typedef string ContextId;A Context Id is a system generated unique identifier for identifying a security context to the application. Security Contexts may be long lived and not established on every request. Therefore, an identifier is assigned.
Note that this Context Id is not directly related to the context defined in the CSIv2 specification.
typedef string CredentialsId;Credentials have system generated identifiers to which they can be referred and retrieved.
typedef sequence<CredentialsId> CredentialsIdList;
typedef sequence<Credentials> CredentialsList;A list of credentials.
typedef long CredentialsState;A Credentials object has a validity state. Some credentials may be time or use dependent.
typedef unsigned long CredentialsType;Credentials come in three types. OwnCredentials, ClientCredentials, and TargetCredentials. OwnCredentials represent the ORB instance's credentials. Each Credentials has initiating and accepting capability. ClientCredentials represent an established security context with a client. TargetCredentials represent an established security context with a Target's Server.
typedef unsigned long CredentialsUsage;Credentials Usage
Credentials Usage refers to the concept that Credentials may be used to initiate security context, accept security contexts, or do both. its values are used in the acquisition of credentials for the purpose of designating the abilities of the credentials acquired.
typedef unsigned long CredsDirective;A CredsDirective is a directive on a invocation as to the effects of the initiated security context will have on the the accepting side. Please see ContextEstablishmentPolicy for is use in context with establishing security contexts.
ContextEstablishmentPolicytypedef sequence<octet> Encoding;An encoding is a sequence of bytes.
typedef string EncodingType;Statement encoding type.
Statements carry their original encoding information, if they came from an encoding, such as list of X.509 identity certificates (i.e. a chain). The encoding type may be derivable from the encoding itself. For example, it's easy to tell the difference between a PEM encoded certificate, and a DER encoded certificate. Therefore, the encoding type may default to "Unknown". Other types may exist than the ones provided as constants in this module.
typedef long FeatureDirective;A Feature Directive is a general directive used in policy that stipulates the of a particular feature. Such examples include, confidentiality, integrity, client authentication, etc.
typedef unsigned long InitiatorType;The Initiator Type of the Initiator Side of the Credentials states the kind of Initiator it is. There are three types that mirror the type of Principal, Simple, Quoting, and Proxy, that the initiator intends to represent to a server while trying to establish a security context with the server.
typedef string ListenerId;This type is used to identify listeners for removal. A Listener identity will be assigned to a listener when it is assigned to a particular object.
typedef wstring NameComponent;A NameComponent is an ordered component of a NamePath. The least significant component is always the first component. It is the type of a wstring to handle international character values.
NameTypeNamePathNameValuePrincipalNametypedef sequence<NameComponent> NamePath;A NamePath is an ordered collection of NameComponents, ordered from the least significant to most significant. For example, an identity that is defined by a certificate that has a SubjectDN of "C=US,CN=Joe,O=Adiron" and an IssuerDN of "C=US,CN=AdironCA,O=Adiron" will have the following name components:
NameComponent[0] = "C=US,CN=Joe,O=Adiron" NameComponent[1] = "C=US,CN=AdironCA,O=Adiron"
NameTypeNameComponentNameValuePrincipalNametypedef string NameType;A NameType is used for typing a PrincipalName data structure. A NameType is a string that represents an ASN.1 OBJECT IDENTIFIER. Its representation usually of the form "oid:1.2.3.4". Other forms may be possible. It is used for encoding name type identifiers, which are ASN.1 DER encoded OBJECT IDENTIFIERs, in the CSI protocol.
NameComponentNamePathNameValuePrincipalNametypedef NamePath NameValue;A NameValue is the value component of a PrincipalName, which is a "type-value" pair. It is defined as a NamePath.
NameTypeNameComponentNamePathPrincipalNametypedef sequence<OwnCredentials> OwnCredentialsList;A list of OwnCredentials
typedef sequence<PrinAttribute> PrinAttributeList;A list of PrinAttributes.
PrinAttributetypedef string PrinAttributeType;A PrinAttribute is a "type-value" pair, usually attributed to a Principal by some means, such as values stored in its certificate or environmental concerns, such as the channel the principal was authenticated over.
The type of a PrinAttribute is represented by a string.
Privilege Attribute Types, that might come from X.509 certificates might be represented by OIDs. OIDs are represented as:
oid:n1.n2.n3.n4.n5.n6....
for an OID where ni are non-negative integers.
These OIDs are meant to be used to direct the "type-value" encoding
of a GSS-API ExportName, which uses an OID as a type that directs
the encoding of the value.
Example Environmental Attribute Types
SL3:ChannelIdentifier SL3:LocalAddress SL3:LocalPort SL3:TransportMechanism SL3:TLSCipherSuite
PrinAttributetypedef wstring PrinAttributeValue;A PrinAttributeValue is a wide character string that encodes or decodes the value of an attribute. An attempt is always meant to represent an attribute's value in a human readable string form. If the value cannot be decoded this way, and its native form is binary, then it is represented in a Hex encoding of the binary form.
PrinAttributetypedef sequence<Principal> PrincipalList;A list of Principals.
Principaltypedef sequence<PrincipalName> PrincipalNameList;A list of PrincipalNames.
PrincipalNametypedef unsigned long PrincipalType;A Principal comes in three forms, which correspond to the Principal Calculus. The forms are "Simple", "Quoting", and "Proxy". Simple is a principal that represents a single entity, usually "speaking for" itself. A "Quoting" principal is a "compound" principal that says that one principal is speaking on behalf of another, usually denoted by "(A|B)", i.e. "A is quoting B", which means that "A is speaking on behalf of B". A "Proxy" principal is almost the same as a "Quoting" principal. However, the security service has determined that enough evidence exists that proves that Principal A is authorized to speak in B's behalf. This principal is denoted in the calculus as "(A for B)" in contrast to the quoting principal "(A|B)".
typedef sequence<string> ResourceNameComponents;This is just a sequence of strings that make up the components of a ResourceName.
ResourceNametypedef sequence<ResourceName> ResourceNameList;A List of Resource Names.
typedef sequence<ScopedPrivileges> ScopedPrivilegesList;A list of ScopedPrivileges
ScopedPrivilegestypedef unsigned long StatementLayer;The Statement Layer is the layer of the protocol or security service from which the statement emanated, derived, or was collected.
typedef sequence<Statement> StatementList;
typedef unsigned long StatementType;A Statement is a value type that has extensions which represent the different relevant data directed by its StatementType. There are two basic Statement Types, an IdentityStatement and an EndorsementStatement. An identity statement is a statement that asserts an identity. It may represent a the components of an X.509 certificate during an authentication. An EndorsementStatement may represent the contents of an X.509 AttributeCertificate or some other notion of an endorsement, such as a certificate in BizTalk XML.
Statements are contained in the Credentials Objects. They represent pieces of evidence collected from which the security service deduces the Principal of the Credentials Objects.
typedef sequence<X509IdentityStatement> X509IdentityStatementList;
const unsigned long ADIRON_VMCID = 168935424;The Adiron VMCID, which is used in Minor Error Codes, Policy Tags, etc.
const AcquisitionStatus AQST_Continued = 1;Acquisition needs more processing.
const AcquisitionStatus AQST_Expired = -1;Acquisition has expired.
const AcquisitionStatus AQST_Failed = -2;Acquisition has failed.
const AcquisitionStatus AQST_Initialized = 0;Acquisition is initialized.
const AcquisitionStatus AQST_Succeeded = 2;Acquisition has succeeded.
const CredsDirective CD_Default = 0;The CD_Default CredsDirective is a value that signifies to use the capabilities of the selected credentials.
const CredsDirective CD_EmbodyTarget = 3;The CD_EmbodyTarget CredsDirective is a value that signifies that the selected credentials, if capable, should attempt to embody the target. In other words, it gives the accepting side the ability to impersonate the initiating side.
const CredsDirective CD_EndorseTarget = 2;The CD_EndorseTarget CredsDirective is a value that signifies that the selected credentials, if capable, should attempt to endorse the target. In other words, it gives the accepting side the ability to act on behalf of the initiating side.
const CredsDirective CD_InvokeTarget = 1;The CD_InvokeTarget CredsDirective is a value that signifies that the selected credentials should only be used in a simple invocation fashion. They shall not attempt to endorse or embody the target to act on its behalf.
const CredentialsState CS_Expired = -2;Credentials with a CredentialsState of CS_Expired can no longer be used for initiating or accepting establishment of any security contexts.
const CredentialsState CS_Initialized = 0;Credentials with a CredentialsState of CS_Initialized cannot be used for initiating or accepting establishment of any security contexts. It means that credentials are in an initial state. This value is for internal use, and there is no reason a SecurityLevel3 user should see credentials in this state.
const CredentialsState CS_Invalid = -3;The Credentials with a CredentialsState of CS_Invalid cannot be used in any the initiating or accepting establishment of any security contexts.
const CredentialsState CS_PendingRelease = -1;Credentials with a CredentialsState of CS_PendingRelease can no longer be used for initiating or accepting establishment of any security contexts. It means that "release_credentials" has been called on the credentials.
const CredentialsState CS_Valid = 1;Credentials with a CredentialsState of CS_Valid can be used for initiating or accepting establishment of security contexts.
const CredentialsType CT_ClientCredentials = 1;The CT_ClientCredentials CredentialsType signifies that the Credentials can be extended to the ClientCredentials Type.
const CredentialsType CT_OwnCredentials = 0;The CT_OwnCredentials CredentialsType signifies that the Credentials can be extended to the OwnCredentials Type.
const CredentialsType CT_TargetCredentials = 2;The CT_TargetCredentials CredentialsType signifies that the Credentials can be extended to the ClientCredentials Type.
const CredentialsUsage CU_AcceptOnly = 3;The CU_AcceptOnly CredentialsUsage type is a value that signifies that the credentials can only be used to accept the establishment of security contexts.
const CredentialsUsage CU_Indefinite = 1;The CU_Indefinite CredentialsUsage type is a value that signifies the default. Depending on some other acquisition arguments, the credentials usage may be able to be implicitly determined.
const CredentialsUsage CU_InitiateAndAccept = 5;The CU_InitiateAndAccept CredentialsUsage type is a value that signifies that the credentials can be used to both initiate and accept the establishment of security contexts.
const CredentialsUsage CU_InitiateOnly = 4;The CU_InitiateOnly CredentialsUsage type is a value that signifies that the credentials can only be used to initiate the establishment of security contexts.
const CredentialsUsage CU_None = 2;The CU_None CredentialsUsage type is a value that states the credentials cannot be used to make or accept security contexts. ClientCredentials and TargetCredentials have this credentials usage.
const CORBA::PolicyType ContextEstablishmentPolicyType = 168936425;The ContextEstablishmentPolicyType constant is holds value used to denote the ContextEstablishmentPolicy.
const EncodingType ET_NoEncoding = "NoEncoding";The ET_NoEncoding type signifies that the statement has been generated solely by the security service and has no encoding.
const EncodingType ET_Unknown = "Unknown";The ET_Unknown encoding type may always be used if the encoding type can only be figured out from encoding itself.
const FeatureDirective FD_DoNotUse = -2;The FD_DoNotUse FeatureDirective means definitely not to use the feature.
const FeatureDirective FD_DoNotUseIfPossible = -1;The FD_DoNotUseIfPossible FeatureDirective means not to use the feature if it is possible. Note, some mechanisms may always use confidentiality.
const FeatureDirective FD_Use = 2;The FD_Use FeatureDirective means definitely to use the feature.
const FeatureDirective FD_UseDefault = 0;The FD_UseDefault FeatureDirective means to use or not to use the feature depending on defaults.
const FeatureDirective FD_UseIfPossible = 1;The FD_UseIfPossible FeatureDirective means to use the feature if it is possible.
const InitiatorType IT_None = 0;The IT_None InitiatorType is a value that is defined for completeness, and has no real use.
const InitiatorType IT_Proxy = 3;The IT_Proxy InitiatorType is a value that states that the initiator will quote another principal to the server along with getting or providing proof to the server that it can act on behalf of the quoted principals. This principal is denoted in the Principal Calculus as (A for B).
const InitiatorType IT_Quoting = 2;The IT_Quoting InitiatorType is a value that states that the initiator will quote another principal to the server. This principal is denoted in the Principal Calculus as (A|B), i.e. A quoting B.
const InitiatorType IT_Simple = 1;The IT_Simple InitiatorType is a value that states that the initiator is a "Simple" Principal.
const NameType NT_Anonymous = "SL3:anonymous";The NT_Anonymous is a name type that specifies that the PrincipalName is representing the "anonymous" principal. Its value always as a single name component of "anonymous"
const NameType NT_KerberosName = "oid:1.2.840.113554.1.2.2.1";An NT_KerberosName is a NameType that signifies that the value of a PrincipalName is a Kerberos formated name. A KerberosName is a single string encoded in the familiar "name
const NameType NT_StringName = "oid:2.23.130.1.2.1";The NT_StringName is a NameType that specifies that the PrincipalName is represented by a single NameComponent of name in a "scoped" name space. The name and scope are separated by a single "
const NameType NT_X509DirectoryNamePath = "SL3:X509DirectoryPathName";An NT_X509DirectoryNamePath is a NameType that signifies that the value of a PrincipalName is constructed from a chain of certificates, such that the end entity is the least significant position, with the subsequent issuers following in order of signature.
The coding of the names is the string encoding of complete X.500 DN's, such as "C=US, CN=Joe, O=Adiron". There is no indication whether the last DN in the path is a "root", i.e. it's issuer is the same.
const CORBA::PolicyType ObjectCredentialsPolicyType = 168936426;The ObjectCredentialsPolicyType constant is holds value used to denote the ObjectCredentialsPolicy.
const PrincipalType PT_Proxy = 2;The Proxy Principal Type (A for B)
PrincipalTypeconst PrincipalType PT_Quoting = 1;The Quoting Principal Type (A|B)
PrincipalTypeconst PrincipalType PT_Simple = 0;The Simple Principal Type (A)
PrincipalTypeconst StatementLayer SL_CSIAuthorization = 2;The SL_CSIAuthorization statement type signifies that the associated statement is derived from the CSI Authorization Layer in the CSIv2 protocol.
const StatementLayer SL_CSIClientAuth = 3;The SL_CSIClientAuth statement type signifies that the associated statement is derived from the CSI Client Authentication Layer in the CSIv2 protocol.
const StatementLayer SL_CSIIdentity = 4;The SL_CSIIdentity statement type signifies that the associated statement is derived from the CSI Identity Assertion Layer in the CSIv2 protocol.
const StatementLayer SL_Transport = 1;The SL_Transport statement type signifies that the associated statement is derived from the transport layer, such as an X.509 Certificate from a TLS handshake.
const StatementLayer SL_Unknown = 0;Default type for a Statement Layer
const StatementLayer SL_UserDefined = 5;The SL_UserDefined statement layer signifies that the associate statement is derived or created by a user or some other entity than the security service.
const StatementType ST_EndorsementStatement = 2;The Endorsement Statement Type.
A statement of this type at least extends to the EndorsementStatement valuetype, if not truncated
EndorsementStatementconst StatementType ST_IdentityStatement = 1;The Identity Statement Type.
A statement of this type at least extends to the IdentityStatement valuetype, if not truncated
IdentityStatementstruct PrinAttribute
{
PrinAttributeType the_type;
PrinAttributeValue the_value;
};
A PrinAttribute is a "type-value" pair, usually attributed to
a Principal by some means, such as values stored in its certificate
or environmental concerns, such as the channel the principal was
authenticated over.
PrinAttributestruct PrincipalName
{
NameType the_type;
NameValue the_name;
};
A PrincipalName is a "type-value" structure. The type directs
what the encoding and format of the components in the the
value component are. For example, a type of "X509DirectoryPath"
means that the value contains the DNs of the subject and
subsequent issuers.
NameTypeNameComponentNamePathNameValuestruct ResourceName
{
ResourceNameComponents components;
};
A ResourceName is the constructed name of a "resource". A
ResourceName is closely modeled after CORBAmed's Resource
Access Decision (RAD) facility's "Resource". It contains
a sequence of strings.
struct ScopedPrivileges
{
PrincipalName privilege_authority;
PrinAttributeList privileges;
};
A ScopedPrivileges structure represents privileges that
belong to a scope defined by a principal. This structure
is used to represent a principal that is a privilege authority
that issues privileges. Privileges are represented as
PrinAttributes.
exception BadEncoding
{
};
User Exception for a bad encoding.
exception BadEncodingType
{
};
User Exception for a bad or unsupported encoding type.