//Security Service, v1.8 - OMG IDL Summary File
//Object Management Group, Inc.
//
//Copyright 1995, AT&T Global Information Solutions Company
//Copyright 1995, Digital Equipment Corporation
//Copyright 1995, Expersoft Corporation
//Copyright 1995, Groupe Bull
//Copyright 1995, Hewlett-Packard Company
//Copyright 1995, IBM (in collaboration with Taligent, Inc.)
//Copyright 1995, International Computers Limited
//Copyright 2000, Object Management Group, Inc.
//Copyright 1995, Netscape Communications Corporation
//Copyright 1997, Northern Telecom Limited
//Copyright 1995, Novell, Inc.
//Copyright 1995, Siemens Nixdorf Informationssysteme AG
//Copyright 1995, 1997, SunSoft, Inc.
//Copyright 1995, Tandem Computer, Inc. (in collaboration with Odyssey Research Assoc, Inc.)
//Copyright 1995, Tivoli Systems, Inc.
//Copyright 1997, Visigenic Software, Inc.
//
//The companies listed above have granted to the Object Management Group, Inc.
//(OMG) a nonexclusive, royalty-free, paid up, worldwide license to copy and
//distribute this document and to modify this document and distribute copies of
//the modified version. Each of the copyright holders listed above has agreed
//that no person shall be deemed to have infringed the copyright in the included
//material of any such copyright holder by reason of having used the
//specification set forth herein or having conformed any computer software to
//the specification.
//
//This file contains OMG IDL from the Security Service, v1.8 specification.
//OMG regularly publishes a summary file that contains all the "code" parts of
//an OMG formal document. Every formal document line that is IDL, PIDL, or
//language code is included in the summary file. The reason for such a listing
//is to give readers an electronic version of the "code" so that they can
//extract pieces of it. Readers might want to test an example, include it in
//their own code, or use it for documentation purposes. Having the code lines
//available electronically means there is less likelihood of a transcription
//error.
//
//This subsection defines the OMG IDL for security data types common to the
//other security modules, which is the module Security. The Security module
//depends on the TimeBase module and the CORBA module.




#ifndef _SECURITY_IDL_
#define _SECURITY_IDL_
#include <orb.idl>
#include <TimeBase.idl>
#pragma prefix "omg.org"

module Security {

# pragma version Security 1.8

	typedef string 			SecurityName;
	typedef sequence <octet> 	Opaque;
	
	// Constant declarations for Security Service Options
	
	const CORBA::ServiceOption SecurityLevel1 = 1;
	const CORBA::ServiceOption SecurityLevel2 = 2;
	const CORBA::ServiceOption NonRepudiation = 3;
	const CORBA::ServiceOption SecurityORBServiceReady = 4;
	const CORBA::ServiceOption SecurityServiceReady = 5;
	const CORBA::ServiceOption ReplaceORBServices = 6;
	const CORBA::ServiceOption ReplaceSecurityServices = 7;
	const CORBA::ServiceOption StandardSecureInteroperability = 8;
	const CORBA::ServiceOption DCESecureInteroperability = 9;
	
	// Service options for Common Secure Interoperability
	
	const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
	const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
	const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;
	
	// Security mech types supported for secure association
	const CORBA::ServiceDetailType SecurityMechanismType = 1;
	
	// privilege types supported in standard access policy
	const CORBA::ServiceDetailType SecurityAttribute = 2;
	
	// extensible families for standard data types
	
	struct ExtensibleFamily {
		unsigned short family_definer;
		unsigned short family;
	};
	
	typedef sequence<octet> 	OID;
	
	typedef sequence<OID> 		OIDList;
	
	// security attributes
	
	typedef unsigned long SecurityAttributeType;
	
	// other attributes; family = 0
	
	const SecurityAttributeType AuditId = 1;
	const SecurityAttributeType AccountingId = 2;
	const SecurityAttributeType NonRepudiationId = 3;

	// privilege attributes; family = 1
	
	const SecurityAttributeType _Public = 1;
	const SecurityAttributeType AccessId = 2;
	const SecurityAttributeType PrimaryGroupId = 3;
	const SecurityAttributeType GroupId = 4;
	const SecurityAttributeType Role = 5;
	const SecurityAttributeType AttributeSet = 6;
	const SecurityAttributeType Clearance = 7;
	const SecurityAttributeType Capability = 8;
	
	struct AttributeType {
		ExtensibleFamily attribute_family;
		SecurityAttributeType attribute_type;
	};
	
	typedef sequence<AttributeType> AttributeTypeList;
	
	struct SecAttribute {
		AttributeType attribute_type;
		OID defining_authority;
		Opaque value;
		// the value of this attribute can be
		// decoded only with knowledge of defining_authority
	};
	
	typedef sequence <SecAttribute> AttributeList;
	
	// Authentication return status
	
	enum AuthenticationStatus {
	SecAuthSuccess,
		SecAuthFailure,
		SecAuthContinue,
		SecAuthExpired
	};
	
	// Association return status
	
	enum AssociationStatus {
		SecAssocSuccess,
		SecAssocFailure,
		SecAssocContinue
	};
	
	// Authentication method
	
	typedef unsigned long AuthenticationMethod;
	
	typedef sequence<AuthenticationMethod> AuthenticationMethodList;
	
	// Credential types
	
	enum InvocationCredentialsType {
		SecOwnCredentials,
		SecReceivedCredentials,
		SecTargetCredentials
	};
	
	// Declarations related to Rights
	struct Right {
		ExtensibleFamily rights_family;
		string the_right;
	};
	
	typedef sequence <Right> RightsList;
	
	enum RightsCombinator {
		SecAllRights,
		SecAnyRight
	};
	
	// Delegation related
	
	enum DelegationState {
		SecInitiator,
		SecDelegate
	};
	
	enum DelegationDirective {
		Delegate,
		NoDelegate
	};
	
	// pick up from TimeBase
	
	typedef TimeBase::UtcT UtcT;
	typedef TimeBase::IntervalT IntervalT;
	typedef TimeBase::TimeT TimeT;
	
	// Security features available on credentials.
	
	enum SecurityFeature {
		SecNoDelegation,
		SecSimpleDelegation,
		SecCompositeDelegation,
		SecNoProtection,
		SecIntegrity,
		SecConfidentiality,
		SecIntegrityAndConfidentiality,
		SecDetectReplay,
		SecDetectMisordering,
		SecEstablishTrustInTarget,
		SecEstablishTrustInClient
	};
	
	// Quality of protection which can be specified
	// for an object reference and used to protect messages
	
	enum QOP {
		SecQOPNoProtection,
		SecQOPIntegrity,
		SecQOPConfidentiality,
		SecQOPIntegrityAndConfidentiality
	};
	
	// Type of SecurityContext
	
	enum SecurityContextType {
		SecClientSecurityContext,
		SecServerSecurityContext
	};
	
	// Operational State of a Security Context
	
	enum SecurityContextState {
		SecContextInitialized,
		SecContextContinued,
		SecContextClientEstablished,
		SecContextEstablished,
		SecContextEstablishExpired,
		SecContextExpired,
		SecContextInvalid
	};
	
	struct ChannelBindings {
		unsigned long initiator_addrtype;
		sequence<octet> initiator_address;
		unsigned long acceptor_addrtype;
		sequence<octet> acceptor_address;
		sequence<octet> application_data;
	};
	
	// For use with SecurityReplaceable
	
	struct OpaqueBuffer {
		Opaque buffer;
		unsigned long startpos;
		unsigned long endpos;
		// startpos <= endpos
		// OpaqueBuffer is said to be empty if startpos == endpos
	};
	
	// Association options which can be administered
	// on secure invocation policy and used to
	// initialize security context
	
	typedef unsigned short AssociationOptions;
	
	const AssociationOptions NoProtection = 1;
	const AssociationOptions Integrity = 2;
	const AssociationOptions Confidentiality = 4;
	const AssociationOptions DetectReplay = 8;
	const AssociationOptions DetectMisordering = 16;
	const AssociationOptions EstablishTrustInTarget = 32;
	const AssociationOptions EstablishTrustInClient = 64;
	const AssociationOptions NoDelegation = 128;
	const AssociationOptions SimpleDelegation = 256;
	const AssociationOptions CompositeDelegation = 512;
	
	// Flag to indicate whether association options being
	// administered are the "required" or "supported" set
	
	enum RequiresSupports {
		SecRequires,
		SecSupports
	};
	
	// Direction of communication for which
	// secure invocation policy applies
	
	enum CommunicationDirection {
		SecDirectionBoth,
		SecDirectionRequest,
		SecDirectionReply
	};
	
	// security association mechanism type
	
	typedef string MechanismType;
	typedef sequence<MechanismType> MechanismTypeList;
	
	// AssociationOptions-Direction pair
	
	struct OptionsDirectionPair {
		AssociationOptions options;
		CommunicationDirection direction;
	};
	
	typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;
	
	// Delegation mode which can be administered
	
	enum DelegationMode {
		SecDelModeNoDelegation, // i.e. use own credentials
		SecDelModeSimpleDelegation, // delegate received credentials
		SecDelModeCompositeDelegation // delegate both;
	};
	
	// Association options supported by a given mech type
	
	struct MechandOptions {
		MechanismType mechanism_type;
		AssociationOptions options_supported;
	};
	
	typedef sequence <MechandOptions> MechandOptionsList;
	
	// Attribute of the SecurityLevel2::EstablishTrustPolicy
	
	struct EstablishTrust {
		boolean trust_in_client;
		boolean trust_in_target;
	};
	
	// Audit
	
	typedef unsigned long AuditChannelId;
	typedef unsigned short EventType;
	
	const EventType AuditAll = 0;
	const EventType AuditPrincipalAuth = 1;
	const EventType AuditSessionAuth = 2;
	const EventType AuditAuthorization = 3;
	const EventType AuditInvocation = 4;
	const EventType AuditSecEnvChange = 5;
	const EventType AuditPolicyChange = 6;
	const EventType AuditObjectCreation = 7;
	const EventType AuditObjectDestruction = 8;
	const EventType AuditNonRepudiation = 9;
	
	enum DayOfTheWeek {
		Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
	};
		
	enum AuditCombinator {
		SecAllSelectors,
		SecAnySelector
	};
	
	struct AuditEventType {
		ExtensibleFamily event_family;
		EventType event_type;
	};
	
	typedef sequence <AuditEventType> AuditEventTypeList;

	typedef unsigned long SelectorType;
	
	const SelectorType InterfaceName = 1;
	const SelectorType ObjectRef = 2;
	const SelectorType Operation = 3;
	const SelectorType Initiator = 4;
	const SelectorType SuccessFailure = 5;
	const SelectorType Time = 6;
	const SelectorType DayOfWeek = 7;
	
	// values defined for audit_needed and audit_write are:
	// InterfaceName: CORBA::RepositoryId
	// ObjectRef: object reference
	// Operation: op_name
	// Initiator: Credentials
	// SuccessFailure: boolean
	// Time: utc time on audit_write; time picked up from
	// environment in audit_needed if required
	// DayOfWeek: DayOfTheWeek
	
	struct SelectorValue {
		SelectorType selector;
		any value;
	};
	
	typedef sequence <SelectorValue> SelectorValueList;
	
	// Constant declaration for valid Security Policy Types
	
	// General administrative policies
	
	const CORBA::PolicyType SecClientInvocationAccess = 1;
	const CORBA::PolicyType SecTargetInvocationAccess = 2;
	const CORBA::PolicyType SecApplicationAccess = 3;
	const CORBA::PolicyType SecClientInvocationAudit = 4;
	const CORBA::PolicyType SecTargetInvocationAudit = 5;
	const CORBA::PolicyType SecApplicationAudit = 6;
	const CORBA::PolicyType SecDelegation = 7;
	const CORBA::PolicyType SecClientSecureInvocation = 8;
	const CORBA::PolicyType SecTargetSecureInvocation = 9;
	const CORBA::PolicyType SecNonRepudiation = 10;
	
	// Policies used to control attributes of a binding to a target
	const CORBA::PolicyType SecMechanismsPolicy = 12;
	const CORBA::PolicyType SecInvocationCredentialsPolicy = 13;
	const CORBA::PolicyType SecFeaturePolicy = 14; // obsolete
	const CORBA::PolicyType SecQOPPolicy = 15;
	const CORBA::PolicyType SecDelegationDirectivePolicy = 38;
	const CORBA::PolicyType SecEstablishTrustPolicy = 39;
};
#endif /* _SECURITY_IDL_ */