
	Corporate Info \| News \| Solutions \| Products \| Partners \| Services \| Events \| Download \| How To Buy
	e-docs.beasys.com \| Site Map \| Search \| PDF Files \| Contact \| Glossary

WLE Doc Home \| Security & Related Topics \| Previous \| Next \| Contents \| Index

Security Modules

This topic contains the Object Management Group (OMG) Interface Definition Language (IDL) definitions for the following modules that are used in the WLE Security Service:

CORBA
TimeBase
Security
Security Level 1
Security Level 2
Tobj

CORBA Module

The OMG added the CORBA::Current interface to the CORBA module to support the Current pseudo-object. The change enables the CORBA module to support Security Replaceability and Security Level 2.

Listing 10-1 shows the CORBA::Current interface OMG IDL statements.

Listing 10-1 CORBA::Current Interface OMG IDL Statements

module CORBA {
       // Extensions to CORBA
       interface Current {
       };
};

// This information is taken from CORBAservices: Common Object
// Services Specification, page 15-230. Revised Edition:
// March 31, 1995. Updated: November 1997. Used with permission by OMG.

TimeBase Module

All data structures pertaining to the basic Time Service, Universal Time Object, and Time Interval Object are defined in the TimeBase module. This allows other services to use these data structures without requiring the interface definitions. The interface definitions and associated enums and exceptions are encapsulated in the TimeBase module.

Listing 10-2 shows the TimeBase module OMG IDL statements.

Listing 10-2 TimeBase Module OMG IDL Statements

// From time service
module TimeBase {
       // interim definition of type ulonglong pending the
       // adoption of the type extension by all client ORBs.
       struct ulonglong {
              unsigned long      low;
              unsigned long      high;
       };
       typedef ulonglong         TimeT;
       typedef short             TdfT;
       struct UtcT { 
              TimeT              time;     // 8 octets
              unsigned long      inacclo;  // 4 octets
              unsigned short     inacchi;  // 2 octets
              TdfT              tdf;       // 2 octets
                                          // total 16 octets
       };
};

// This information is taken from CORBAservices: Common Object
// Services Specification, p. 14-5. Revised Edition:
// March 31, 1995. Updated: November 1997. Used with permission by OMG.

Table 10-1 defines the TimeBase module data types.

Note: This information is taken from CORBAservices: Common Object Services Specification, p. 14-6. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.

Table 10-1 TimeBase Module Data Type Definitions

Data Type

Definition

Time ulonglong

OMG IDL does not at present have a native type representing an unsigned 64-bit integer. The adoption of technology submitted against that RFP will provide a means for defining a native type representing unsigned 64-bit integers in OMG IDL.
Pending the adoption of that technology, you can use this structure to represent unsigned 64-bit integers, understanding that when a native type becomes available, it may not be interoperable with this declaration on all platforms. This definition is for the interim, and is meant to be removed when the native unsigned 64-bit integer type becomes available in OMG IDL.

Time TimeT

TimeT represents a single time value, which is 64 bit in size, and holds the number of 100 nanoseconds that have passed since the base time. For absolute time, the base is 15 October 1582 00:00.

Time TdfT

TdfT is of size 16 bits short type and holds the time displacement factor in the form of seconds of displacement from the Greenwich Meridian. Displacements east of the meridian are positive, while those to the west are negative.

Time UtcT

UtcT defines the structure of the time value that is used universally in the service. When the UtcT structure is holding, a relative or absolute time is determined by its history. There is no explicit flag within the object holding that state information. The inacclo and inacchi fields together hold a value of type InaccuracyT packed into 48 bits. The tdf field holds time zone information. Implementation must place the time displacement factor for the local time zone in this field whenever it creates a Universal Time Object (UTO).
The content of this structure is intended to be opaque; to be able to marshal it correctly, the types of fields need to be identified.

Data Type	Definition
Time ulonglong	OMG IDL does not at present have a native type representing an unsigned 64-bit integer. The adoption of technology submitted against that RFP will provide a means for defining a native type representing unsigned 64-bit integers in OMG IDL. Pending the adoption of that technology, you can use this structure to represent unsigned 64-bit integers, understanding that when a native type becomes available, it may not be interoperable with this declaration on all platforms. This definition is for the interim, and is meant to be removed when the native unsigned 64-bit integer type becomes available in OMG IDL.
Time TimeT	TimeT represents a single time value, which is 64 bit in size, and holds the number of 100 nanoseconds that have passed since the base time. For absolute time, the base is 15 October 1582 00:00.
Time TdfT	TdfT is of size 16 bits short type and holds the time displacement factor in the form of seconds of displacement from the Greenwich Meridian. Displacements east of the meridian are positive, while those to the west are negative.
Time UtcT	UtcT defines the structure of the time value that is used universally in the service. When the UtcT structure is holding, a relative or absolute time is determined by its history. There is no explicit flag within the object holding that state information. The inacclo and inacchi fields together hold a value of type InaccuracyT packed into 48 bits. The tdf field holds time zone information. Implementation must place the time displacement factor for the local time zone in this field whenever it creates a Universal Time Object (UTO). The content of this structure is intended to be opaque; to be able to marshal it correctly, the types of fields need to be identified.

Security Module

The Security module defines the OMG IDL for security data types common to the other security modules. This module depends on the TimeBase module and must be available with any ORB that claims to be security ready.

Listing 10-3 shows the data types supported by the Security module.

Listing 10-3 Security Module OMG IDL Statements

module Security {
        typedef sequence<octet>   Opaque;

       // Extensible families for standard data types
       struct ExtensibleFamily {
              unsigned short       family_definer;
              unsigned short       family;
        };

       //security attributes
       typedef unsigned long        SecurityAttributeType;

       // identity attributes; family = 0
       const SecurityAttributeType  AuditId = 1;
       const SecurityAttributeType  AccountingId = 2;
       const SecurityAttributeType  NonRepudiationId = 3;

       // privilege attributes; family = 1
       const SecurityAttributeType  Public = 1;
       const SecurityAttributeType  AccessId = 2;
       const SecurityAttributeType  PrimaryGroupId = 3;
       const SecurityAttributeType  GroupId = 4;
       const SecurityAttributeType  Role = 5;
       const SecurityAttributeType  AttributeSet = 6;
       const SecurityAttributeType  Clearance = 7;
       const SecurityAttributeType  Capability = 8;

       struct AttributeType {
               ExtensibleFamily       attribute_family;
               SecurityAttributeType  attribute_type;
       };

       typedef sequence <AttributeType>   AttributeTypeLists;
       struct SecAttribute {
              AttributeType   attribute_type;
              Opaque          defining_authority;
              Opaque          value;
              // The value of this attribute can be
             // interpreted only with knowledge of type
       };

       typedef sequence<SecAttribute>  AttributeList;

       // Authentication return status
       enum AuthenticationStatus {
              SecAuthSuccess,
              SecAuthFailure,
              SecAuthContinue,
              SecAuthExpired
       };

// Authentication method
typedef unsigned long AuthenticationMethod;

enum CredentialType {
SecInvocationCredentials;
SecOwnCredentials;
SecNRCredentials

       // Pick up from TimeBase
       typedef TimeBase::UtcT      UtcT;
};

// This information is taken from CORBAservices: Common Object
// Services Specification, pp. 15-193 to195. Revised Edition:
// March 31, 1995. Updated: November 1997. Used with permission by OMG.

Table 10-2 describes the Security module data type.

Table 10-2 Security Module Data Type Definition

Data Type

Definition

sequence<octet>

Data whose representation is known only to the Security Service implementation.

Data Type	Definition
sequence<octet>	Data whose representation is known only to the Security Service implementation.

Security Level 1 Module

This section defines those interfaces available to client application objects that use only Level 1 Security functionality. This module depends on the CORBA module and the Security and TimeBase modules. The Current interface is implemented by the ORB.

Listing 10-4 shows the Security Level 1 module OMG IDL statements.

Listing 10-4 Security Level 1 Module OMG IDL Statements

module SecurityLevel1 {
       interface Current : CORBA::Current {	// PIDL
             Security::AttributeList get_attributes(
               in Security::AttributeTypeList  attributes
            );
       };
};

// This information is taken from CORBAservices: Common Object
// Services Specification, p. 15-198. Revised Edition:
// March 31, 1995. Updated: November 1997. Used with permission by OMG.

Security Level 2 Module

This section defines the additional interfaces available to client application objects that use Level 2 Security functionality. This module depends on the CORBA and Security modules.

Listing 10-5 shows the Security Level 2 module OMG IDL statements.

Listing 10-5 Security Level 2 Module OMG IDL Statements

module SecurityLevel2 {
// Forward declaration of interfaces
interface PrincipalAuthenticator;
interface Credentials;
interface Current;

// Interface Principal Authenticator
interface PrincipalAuthenticator {
Security::AuthenticationStatus authenticate(
in Security::AuthenticationMethod method,
in string security_name,
in Security::Opaque auth_data,
in Security::AttributeList privileges,
out Credentials creds,
out Security::Opaque continuation_data,
out Security::Opaque auth_specific_data
);

Security::AuthenticationStatus
continue_authentication(
in Security::Opaque response_data,
inout Credentials creds,
out Security::Opaque continuation_data,
out Security::Opaque auth_specific_data
);
};

// Interface Credentials
interface Credentials {
attribute Security::AssociationOptions
invocation_options_supported;
attribute Security::AssociationOptions
invocation_options_required;
Security::AttributeList get_attributes(
in Security::AttributeTypeList attributes
);
boolean is_valid(
out Security::UtcT expiry_time
);
};

// Interface Current derived from SecurityLevel1::Current
// providing additional operations on Current at this
// security level. This is implemented by the ORB.
interface Current : SecurityLevel1::Current { // PIDL
void set_credentials(
in Security::CredentialType cred_type,
in Credentials cred
);

Credentials get_credentials(
in Security::CredentialType cred_type
);
readonly attribute PrincipalAuthenticator
principal_authenticator;
};
};

// This information is taken from CORBAservices: Common Object
// Services Specification, pp. 15-198 to 200. Revised Edition:
// March 31, 1995. Updated: November 1997. Used with permission by // OMG.

Tobj Module

This section defines the Tobj module interfaces.

This module provides the interfaces you use to program the BEA TUXEDO style of authentication.

Listing 10-6 shows the Tobj module OMG IDL statements.

Listing 10-6 Tobj Module OMG IDL Statements

//Tobj Specific definitions

        //get_auth_type () return values
        enum AuthType {
              TOBJ_NOAUTH,
              TOBJ_SYSAUTH,
              TOBJ_APPAUTH
       };

       typedef sequence<octet>    UserAuthData;

      interface PrincipalAuthenticator :
              SecurityLevel2::PrincipalAuthenticator { // PIDL
               AuthType get_auth_type();

              Security::AuthenticationStatus logon(
                     in string            user_name,
                     in string            client_name,
                     in string            system_password,
                     in string            user_password,
                     in UserAuthData      user_data
               );
               void logoff();

              void build_auth_data(
                     in string                    user_name,
                     in string                    client_name,
                     in string                    system_password,
                     in string                    user_password,
                     in UserAuthData              user_data,
                     out Security::Opaque         auth_data,
                     out Security::AttributeList  privileges
              );
        };
};