#ifndef _NR_SERVICE_IDL #define _NR_SERVICE_IDL #pragma prefix "omg.org" #include module NRService { typedef Security::MechanismType NRMech; typedef Security::ExtensibleFamily NRPolicyId; enum EvidenceType { SecProofofCreation, SecProofofReceipt, SecProofofApproval, SecProofofRetrieval, SecProofofOrigin, SecProofofDelivery, SecNoEvidence // used when request-only token desired }; enum NRVerificationResult { SecNRInvalid, SecNRValid, SecNRConditionallyValid }; // the following are used for evidence validity duration typedef unsigned long DurationInMinutes; const DurationInMinutes DurationHour = 60; const DurationInMinutes DurationDay = 1440; const DurationInMinutes DurationWeek = 10080; const DurationInMinutes DurationMonth = 43200;// 30 days; const DurationInMinutes DurationYear = 525600;//365 days; typedef long TimeOffsetInMinutes; struct NRPolicyFeatures { NRPolicyId policy_id; unsigned long policy_version; NRMech mechanism; }; typedef sequence NRPolicyFeaturesList; // features used when generating requests struct RequestFeatures { NRPolicyFeatures requested_policy; EvidenceType requested_evidence; string requested_evidence_generators; string requested_evidence_recipients; boolean include_this_token_in_evidence; }; struct EvidenceDescriptor { EvidenceType evidence_type; DurationInMinutes evidence_validity_duration; boolean must_use_trusted_time; }; typedef sequence EvidenceDescriptorList; struct AuthorityDescriptor { string authority_name; string authority_role; TimeOffsetInMinutes last_revocation_check_offset; // may be >0 or <0; add this to evid. gen. time to // get latest time at which mech. will check to see // if this authority's key has been revoked. }; typedef sequence AuthorityDescriptorList; struct MechanismDescriptor { NRMech mech_type; AuthorityDescriptorList authority_list; TimeOffsetInMinutes max_time_skew; // max permissible difference between evid. gen. time // and time of time service countersignature // ignored if trusted time not reqd. }; typedef sequence MechanismDescriptorList; interface NRCredentials : SecurityLevel2::Credentials{ boolean set_NR_features( in NRPolicyFeaturesList requested_features, out NRPolicyFeaturesList actual_features ); NRPolicyFeaturesList get_NR_features (); void generate_token( in Security::Opaque input_buffer, in EvidenceType generate_evidence_type, in boolean include_data_in_token, in boolean generate_request, in RequestFeatures request_features, in boolean input_buffer_complete, out Security::Opaque nr_token, out Security::Opaque evidence_check ); NRVerificationResult verify_evidence( in Security::Opaque input_token_buffer, in Security::Opaque evidence_check, in boolean form_complete_evidence, in boolean token_buffer_complete, out Security::Opaque output_token, out Security::Opaque data_included_in_token, out boolean evidence_is_complete, out boolean trusted_time_used, out Security::TimeT complete_evidence_before, out Security::TimeT complete_evidence_after ); void get_token_details( in Security::Opaque token_buffer, in boolean token_buffer_complete, out string token_generator_name, out NRPolicyFeatures policy_features, out EvidenceType evidence_type, out Security::UtcT evidence_generation_time, out Security::UtcT evidence_valid_start_time, out DurationInMinutes evidence_validity_duration, out boolean data_included_in_token, out boolean request_included_in_token, out RequestFeatures request_features ); boolean form_complete_evidence( in Security::Opaque input_token, out Security::Opaque output_token, out boolean trusted_time_used, out Security::TimeT complete_evidence_before, out Security::TimeT complete_evidence_after ); }; interface NRPolicy : CORBA::Policy{ void get_NR_policy_info( out Security::ExtensibleFamily NR_policy_id, out unsigned long policy_version, out Security::TimeT policy_effective_time, out Security::TimeT policy_expiry_time, out EvidenceDescriptorList supported_evidence_types, out MechanismDescriptorList supported_mechanisms ); boolean set_NR_policy_info( in MechanismDescriptorList requested_mechanisms, out MechanismDescriptorList actual_mechanisms ); }; }; #endif /* _NR_SERVICE_IDL */