geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r332145 [3/4] - in /geronimo/specs/trunk/geronimo-spec-corba: ./ src/idl/ src/java/ src/main/ src/main/idl/ src/main/java/
Date Wed, 09 Nov 2005 21:21:53 GMT
Added: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/NRService.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/NRService.idl?rev=332145&view=auto
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/NRService.idl (added)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/NRService.idl Wed Nov  9 13:21:41 2005
@@ -0,0 +1,162 @@
+#ifndef _NR_SERVICE_IDL
+#define _NR_SERVICE_IDL
+
+#pragma prefix "omg.org"
+
+#include <SecurityLevel2.idl>
+
+module NRService  {
+
+    typedef Security::MechanismType 	NRMech;
+    typedef Security::ExtensibleFamily	NRPolicyId;
+
+    enum EvidenceType {     	
+        SecProofofCreation,
+        SecProofofReceipt,
+        SecProofofApproval,
+        SecProofofRetrieval,
+        SecProofofOrigin,
+        SecProofofDelivery,
+        SecNoEvidence     // used when request-only token desired
+    };
+
+    enum NRVerificationResult {
+        SecNRInvalid,
+        SecNRValid,
+        SecNRConditionallyValid 
+    };
+
+    // the following are used for evidence validity duration
+    typedef unsigned long   DurationInMinutes;
+
+    const DurationInMinutes DurationHour   = 60;
+    const DurationInMinutes DurationDay    = 1440;
+    const DurationInMinutes DurationWeek   = 10080; 
+    const DurationInMinutes DurationMonth = 43200;// 30 days;
+    const DurationInMinutes DurationYear   = 525600;//365 days;
+
+    typedef long TimeOffsetInMinutes; 
+
+    struct NRPolicyFeatures {
+         NRPolicyId         policy_id; 
+         unsigned long      policy_version;
+         NRMech             mechanism;
+    };
+
+    typedef sequence <NRPolicyFeatures> NRPolicyFeaturesList;
+
+    // features used when generating requests
+    struct RequestFeatures {
+        NRPolicyFeatures    requested_policy;
+        EvidenceType        requested_evidence;
+        string              requested_evidence_generators;
+        string              requested_evidence_recipients;
+        boolean             include_this_token_in_evidence;
+    };
+
+    struct EvidenceDescriptor {
+        EvidenceType        evidence_type;
+        DurationInMinutes   evidence_validity_duration;
+        boolean             must_use_trusted_time;
+    };
+
+    typedef sequence <EvidenceDescriptor> EvidenceDescriptorList;
+
+    struct AuthorityDescriptor {    
+        string              authority_name;
+        string              authority_role;
+        TimeOffsetInMinutes last_revocation_check_offset;
+                 // may be >0 or <0; add this to evid. gen. time to
+                 // get latest time at which mech. will check to see
+                 // if this authority's key has been revoked.
+    };
+
+    typedef sequence <AuthorityDescriptor> AuthorityDescriptorList;
+
+    struct MechanismDescriptor {
+        NRMech                  mech_type;
+        AuthorityDescriptorList authority_list;     
+        TimeOffsetInMinutes     max_time_skew; 
+                // max permissible difference between evid. gen. time
+                // and time of time service countersignature
+                // ignored if trusted time not reqd.
+    };
+
+    typedef sequence <MechanismDescriptor> MechanismDescriptorList;
+
+
+    interface NRCredentials : SecurityLevel2::Credentials{
+
+        boolean set_NR_features(
+            in   NRPolicyFeaturesList         requested_features,
+            out  NRPolicyFeaturesList         actual_features 
+        );
+
+        NRPolicyFeaturesList get_NR_features ();            
+
+        void generate_token(
+            in   Security::Opaque             input_buffer,
+            in   EvidenceType                 generate_evidence_type,
+            in   boolean                      include_data_in_token,
+            in   boolean                      generate_request,
+            in   RequestFeatures              request_features,
+            in   boolean                      input_buffer_complete,
+            out  Security::Opaque             nr_token,
+            out  Security::Opaque             evidence_check
+        );
+
+        NRVerificationResult verify_evidence(
+            in   Security::Opaque             input_token_buffer,
+            in   Security::Opaque             evidence_check, 
+            in   boolean                      form_complete_evidence,
+            in   boolean                      token_buffer_complete,
+            out  Security::Opaque             output_token,
+            out  Security::Opaque             data_included_in_token,
+            out  boolean                      evidence_is_complete,
+            out  boolean                      trusted_time_used,
+            out  Security::TimeT              complete_evidence_before,
+            out  Security::TimeT              complete_evidence_after
+        );
+
+        void get_token_details(
+            in   Security::Opaque             token_buffer,
+            in   boolean                      token_buffer_complete,
+            out  string                       token_generator_name,
+            out  NRPolicyFeatures             policy_features,
+            out  EvidenceType                 evidence_type,
+            out  Security::UtcT               evidence_generation_time,
+            out  Security::UtcT               evidence_valid_start_time,
+            out  DurationInMinutes            evidence_validity_duration,
+            out  boolean                      data_included_in_token,
+            out  boolean                      request_included_in_token,
+            out  RequestFeatures              request_features
+        );
+
+        boolean form_complete_evidence(
+            in   Security::Opaque             input_token,
+            out  Security::Opaque             output_token,
+            out  boolean                      trusted_time_used,
+            out  Security::TimeT              complete_evidence_before,
+            out  Security::TimeT              complete_evidence_after
+        );
+    };
+
+
+    interface NRPolicy : CORBA::Policy{
+
+        void get_NR_policy_info(
+            out  Security::ExtensibleFamily   NR_policy_id,
+            out  unsigned long                policy_version,
+            out  Security::TimeT              policy_effective_time,
+            out  Security::TimeT              policy_expiry_time,
+            out  EvidenceDescriptorList       supported_evidence_types,
+            out  MechanismDescriptorList      supported_mechanisms 
+        );
+
+        boolean set_NR_policy_info(
+            in   MechanismDescriptorList      requested_mechanisms,
+            out  MechanismDescriptorList      actual_mechanisms
+        );
+    };
+};
+#endif /* _NR_SERVICE_IDL */

Added: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/PortableInterceptor.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/PortableInterceptor.idl?rev=332145&view=auto
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/PortableInterceptor.idl (added)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/PortableInterceptor.idl Wed Nov  9 13:21:41 2005
@@ -0,0 +1,154 @@
+// File: PortableInterceptor.idl
+
+#ifndef _PORTABLE_INTERCEPTOR_IDL_
+#define _PORTABLE_INTERCEPTOR_IDL_
+
+#ifndef CORBA3
+#define local  
+#endif
+
+#include <orb.idl>
+#include <Dynamic.idl>
+// #include <IOP_N.idl>
+#include <Messaging.idl>
+
+#pragma prefix "omg.org"
+module PortableInterceptor {
+
+  interface Interceptor {
+    readonly attribute string name;
+  };
+
+  exception ForwardRequest {
+    Object forward;
+  };
+
+  typedef short ReplyStatus;
+
+  // Valid reply_status values:
+  const ReplyStatus SUCCESSFUL = 0;
+  const ReplyStatus SYSTEM_EXCEPTION = 1;
+  const ReplyStatus USER_EXCEPTION = 2;
+  const ReplyStatus LOCATION_FORWARD = 3;
+  const ReplyStatus TRANSPORT_RETRY = 4;
+
+  typedef unsigned long SlotId;
+
+  exception InvalidSlot {};
+
+  interface Current : CORBA::Current {
+    any get_slot (in SlotId id) raises (InvalidSlot);
+    void set_slot (in SlotId id, in any data) raises (InvalidSlot);
+  };
+
+  interface RequestInfo {
+    readonly attribute unsigned long request_id;
+    readonly attribute string operation;
+    readonly attribute Dynamic::ParameterList arguments;
+    readonly attribute Dynamic::ExceptionList exceptions;
+    readonly attribute Dynamic::ContextList contexts;
+    readonly attribute Dynamic::RequestContext operation_context;
+    readonly attribute any result;
+    readonly attribute boolean response_expected;
+    readonly attribute Messaging::SyncScope sync_scope;
+    readonly attribute ReplyStatus reply_status;
+    readonly attribute Object forward_reference;
+    any get_slot (in SlotId id) raises (InvalidSlot);
+    IOP::ServiceContext get_request_service_context (in IOP::ServiceId id);
+    IOP::ServiceContext get_reply_service_context (in IOP::ServiceId id);
+  };
+
+  interface ClientRequestInfo : RequestInfo {
+    readonly attribute Object target;
+    readonly attribute Object effective_target;
+    readonly attribute IOP::TaggedProfile effective_profile;
+    readonly attribute any received_exception;
+    readonly attribute CORBA::RepositoryId received_exception_id;
+    IOP::TaggedComponent get_effective_component (in IOP::ComponentId id);
+    // IOP_N::TaggedComponentSeq get_effective_components (in IOP::ComponentId id);
+    CORBA::Policy get_request_policy (in CORBA::PolicyType type);
+    void add_request_service_context (
+      in IOP::ServiceContext service_context,
+      in boolean replace);
+  };
+
+  interface ServerRequestInfo : RequestInfo {
+    readonly attribute any sending_exception;
+    readonly attribute CORBA::OctetSeq object_id;
+    readonly attribute CORBA::OctetSeq adapter_id;
+    readonly attribute CORBA::RepositoryId target_most_derived_interface;
+    CORBA::Policy get_server_policy (in CORBA::PolicyType type);
+    void set_slot (in SlotId id, in any data) raises (InvalidSlot);
+    boolean target_is_a (in CORBA::RepositoryId id);
+    void add_reply_service_context (
+      in IOP::ServiceContext service_context,
+      in boolean replace);
+  };
+
+  interface ClientRequestInterceptor : Interceptor {
+    void send_request  (in ClientRequestInfo ri) raises (ForwardRequest);
+    void send_poll (in ClientRequestInfo ri);
+    void receive_reply (in ClientRequestInfo ri);
+    void receive_exception (in ClientRequestInfo ri) raises (ForwardRequest);
+    void receive_other (in ClientRequestInfo ri) raises (ForwardRequest);
+  };
+
+  interface ServerRequestInterceptor : Interceptor {
+    void receive_request_service_contexts (in ServerRequestInfo ri) raises (ForwardRequest);
+    void receive_request (in ServerRequestInfo ri) raises (ForwardRequest);
+    void send_reply (in ServerRequestInfo ri);
+    void send_exception (in ServerRequestInfo ri) raises (ForwardRequest);
+    void send_other (in ServerRequestInfo ri) raises (ForwardRequest);
+  };
+
+  interface IORInfo {
+    CORBA::Policy get_effective_policy (in CORBA::PolicyType type);
+    void add_ior_component (in IOP::TaggedComponent component);
+    void add_ior_component_to_profile (
+      in IOP::TaggedComponent component,
+      in IOP::ProfileId profile_id);
+    };
+
+  interface IORInterceptor : Interceptor {
+    void establish_components (in IORInfo info);
+  };
+
+  interface PolicyFactory
+  {
+    CORBA::Policy create_policy (in CORBA::PolicyType type, in any value)
+      raises (CORBA::PolicyError);
+  };
+
+  interface ORBInitInfo {
+    typedef string ObjectId;
+    exception DuplicateName {
+      string name;
+    };
+    exception InvalidName {};
+
+    readonly attribute CORBA::StringSeq arguments;
+    readonly attribute string orb_id;
+    readonly attribute IOP::CodecFactory codec_factory;
+    void register_initial_reference (in ObjectId id, in Object obj)
+      raises (InvalidName);
+    Object resolve_initial_references (in ObjectId id) raises (InvalidName);
+    void add_client_request_interceptor (in ClientRequestInterceptor interceptor)
+      raises (DuplicateName);
+    void add_server_request_interceptor (
+      in ServerRequestInterceptor interceptor)
+      raises (DuplicateName);
+    void add_ior_interceptor (in IORInterceptor interceptor)
+      raises (DuplicateName);
+    SlotId allocate_slot_id ();
+    void register_policy_factory (
+      in CORBA::PolicyType type,
+      in PolicyFactory policy_factory);
+  };
+
+  interface ORBInitializer {
+    void pre_init (in ORBInitInfo info);
+    void post_init (in ORBInitInfo info);
+  };
+};
+#endif  // _PORTABLE_INTERCEPTOR_IDL_
+

Modified: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SSLIOP.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SSLIOP.idl?rev=332145&r1=331651&r2=332145&view=diff
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SSLIOP.idl (original)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SSLIOP.idl Wed Nov  9 13:21:41 2005
@@ -1,53 +1,15 @@
-/*
-
-Copyright 1995 AT&T Global Information Solutions Company
-Copyright 1995 Digital Equipment Corporation
-Copyright 1995 Expersoft Corporation
-Copyright 1995 Groupe Bull
-Copyright 1995 Hewlett-Packard Company
-Copyright 1995 IBM (in collaboration with Taligent, Inc.)
-Copyright 1995 International Computers Limited
-Copyright 2002 Object Management Group, Inc.
-Copyright 1997 Netscape Communications Corporation
-Copyright 1997 Northern Telecom LImited
-Copyright 1995 Novell, Inc.
-Copyright 1995 Siemens Nixdorf Informationssysteme AG
-Copyright 1995, 1997 SunSoft, Inc.
-Copyright 1995 Tandem Computer Inc. (in collaboration with Odyssey Research Assoc., Inc.)
-Copyright 1995 Tivoli Systems, Inc.
-Copyright 1997 Visigenic Software, Inc.
-
-The companies listed above have granted to the Object Management Group, Inc. (OMG) a nonexclusive, royalty-free, paid up,
-worldwide license to copy and distribute this document and to modify this document and distribute copies of the modified version.
-Each of the copyright holders listed above has agreed that no person shall be deemed to have infringed the copyright in
-the included material of any such copyright holder by reason of having used the specification set forth herein or having conformed
-any computer software to the specification.
-
-PATENT
-
-The attention of adopters is directed to the possibility that compliance with or adoption of OMG specifications may require use
-of an invention covered by patent rights. OMG shall not be responsible for identifying patents for which a license may be
-required by any OMG specification, or for conducting legal inquiries into the legal validity or scope of those patents that are
-brought to its attention. OMG specifications are prospective and advisory only. Prospective users are responsible for protecting
-themselves against liability for infringement of patents.
-
-*/
-
 #ifndef _SSLIOP_IDL
 #define _SSLIOP_IDL
-#pragma prefix "omg.org"
 #include <IOP.idl>
-#include<Security.idl>
-
+#include <Security.idl>
+#pragma prefix "omg.org"
 module SSLIOP {
-	// Security mechanism SSL
-
-	const IOP::ComponentId TAG_SSL_SEC_TRANS = 20;
-
-	struct SSL {
-		Security::AssociationOptions target_supports;
-		Security::AssociationOptions target_requires;
-		unsigned short port;
-	};
+    // Security mechanism SSL
+    const IOP::ComponentId TAG_SSL_SEC_TRANS = 20;
+    struct SSL {
+        Security::AssociationOptions target_supports;
+        Security::AssociationOptions target_requires;
+        unsigned short port;
+    };
 };
 #endif /* _SSLIOP_IDL */

Added: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecIOP.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecIOP.idl?rev=332145&view=auto
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecIOP.idl (added)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecIOP.idl Wed Nov  9 13:21:41 2005
@@ -0,0 +1,156 @@
+#ifndef _SECIOP_IDL_
+#define _SECIOP_IDL
+#include <IOP.idl>
+#include <Security.idl>
+#pragma prefix "omg.org"
+module SECIOP {
+    const IOP::ComponentId TAG_GENERIC_SEC_MECH = 22;
+    const IOP::ComponentId TAG_ASSOCIATION_OPTIONS = 13;
+    const IOP::ComponentId TAG_SEC_NAME = 14;
+    struct TargetAssociationOptions{
+        Security::AssociationOptions target_supports;
+        Security::AssociationOptions target_requires;
+    };
+    struct GenericMechanismInfo {
+        sequence <octet> security_mechanism_type;
+        sequence <octet> mech_specific_data;
+        sequence <IOP::TaggedComponent> components;
+    };
+
+    enum MsgType {
+        MTEstablishContext,
+        MTCompleteEstablishContext,
+        MTContinueEstablishContext,
+        MTDiscardContext,
+        MTMessageError,
+        MTMessageInContext
+    };
+    typedef unsigned long long ContextId;
+    enum ContextIdDefn {
+        CIDClient,
+        CIDPeer,
+        CIDSender
+    };
+    struct EstablishContext {
+        ContextId client_context_id;
+        sequence <octet> initial_context_token;
+    };
+    struct CompleteEstablishContext {
+        ContextId client_context_id;
+        boolean target_context_id_valid;
+        ContextId target_context_id;
+        sequence <octet> final_context_token;
+    };
+    struct ContinueEstablishContext {
+        ContextId client_context_id;
+        sequence <octet> continuation_context_token;
+    };
+    struct DiscardContext {
+        ContextIdDefn message_context_id_defn;
+        ContextId message_context_id;
+        sequence <octet> discard_context_token;
+    };
+    struct MessageError {
+        ContextIdDefn message_context_id_defn;
+        ContextId message_context_id;
+        long major_status;
+        long minor_status;
+    };
+    enum ContextTokenType {
+        SecTokenTypeWrap,
+        SecTokenTypeMIC
+    };
+    struct MessageInContext {
+        ContextIdDefn message_context_id_defn;
+        ContextId message_context_id;
+        ContextTokenType message_context_type;
+        sequence <octet> message_protection_token;
+    };
+    // message_protection_token is obtained by CDR encoding
+    // the following SequencingHeader followed by the octets of the
+    // frame data. SequencingHeader + Frame Data is called a
+    // SequencedDataFrame
+    struct SequencingHeader {
+        octet control_state;
+        unsigned long direct_sequence_number;
+        unsigned long reverse_sequence_number;
+        unsigned long reverse_window;
+    };
+    typedef sequence <octet> SecurityName;
+    typedef unsigned short CryptographicProfile;
+    typedef sequence <CryptographicProfile> CryptographicProfileList;
+    // Cryptographic profiles for SPKM
+    const CryptographicProfile MD5_RSA = 20;
+    const CryptographicProfile MD5_DES_CBC = 21;
+    const CryptographicProfile DES_CBC = 22;
+    const CryptographicProfile MD5_DES_CBC_SOURCE = 23;
+    const CryptographicProfile DES_CBC_SOURCE = 24;
+    // Security Mechanism SPKM_1
+    const IOP::ComponentId TAG_SPKM_1_SEC_MECH = 15;
+    struct SPKM_1 {
+        Security::AssociationOptions target_supports;
+        Security::AssociationOptions target_requires;
+        CryptographicProfileList crypto_profile;
+        SecurityName security_name;
+    };
+    // Security Mechanism SPKM_1
+    const IOP::ComponentId TAG_SPKM_2_SEC_MECH = 16;
+    struct SPKM_2 {
+        Security::AssociationOptions target_supports;
+        Security::AssociationOptions target_requires;
+        CryptographicProfileList crypto_profile;
+        SecurityName security_name;
+    };
+    // Cryptographic profiles for GSS Kerberos Protocol
+    const CryptographicProfile DES_CBC_DES_MAC = 10;
+    const CryptographicProfile DES_CBC_MD5 = 11;
+    const CryptographicProfile DES_MAC = 12;
+    const CryptographicProfile MD5 = 13;
+    // Security Mechanism KerberosV5
+    const IOP::ComponentId TAG_KerberosV5_SEC_MECH = 17;
+    struct KerberosV5 {
+        Security::AssociationOptions target_supports;
+        Security::AssociationOptions target_requires;
+        CryptographicProfileList crypto_profile;
+        SecurityName security_name;
+    };
+    // Cryptographic profiles for CSI-ECMA Protocol
+    const CryptographicProfile FullSecurity = 1;
+    const CryptographicProfile NoDataConfidentiality = 2;
+    const CryptographicProfile LowGradeConfidentiality = 3;
+    const CryptographicProfile AgreedDefault = 5;
+    // Security Mechanism CSI_ECMA_Secret
+    const IOP::ComponentId TAG_CSI_ECMA_Secret_SEC_MECH = 18;
+    struct CSI_ECMA_Secret {
+        Security::AssociationOptions target_supports;
+        Security::AssociationOptions target_requires;
+        CryptographicProfileList crypto_profile;
+        SecurityName security_name;
+    };
+    // Security Mechanism CSI_ECMA_Hybrid
+    const IOP::ComponentId TAG_CSI_ECMA_Hybrid_SEC_MECH = 19;
+    struct CSI_ECMA_Hybrid {
+        Security::AssociationOptions target_supports;
+        Security::AssociationOptions target_requires;
+        CryptographicProfileList crypto_profile;
+        SecurityName security_name;
+    };
+    // Security Mechanism CSI_ECMA_Public
+    const IOP::ComponentId TAG_CSI_ECMA_Public_SEC_MECH = 21;
+    struct CSI_ECMA_Public {
+        Security::AssociationOptions target_supports;
+        Security::AssociationOptions target_requires;
+        CryptographicProfileList crypto_profile;
+        SecurityName security_name;
+    };
+    // Tagged component for configuring SECIOP as a CSIv2 mechanism transport
+    const IOP::ComponentId TAG_SECIOP_SEC_TRANS = 35;
+    struct SECIOP_SEC_TRANS {
+        Security::AssociationOptions target_supports;
+        Security::AssociationOptions target_requires;
+        Security::OID mech_oid;
+        Security::GSS_NT_ExportedName target_name;
+        unsigned short port;
+    };
+};
+#endif /* _SECIOP_IDL */

Modified: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/Security.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/Security.idl?rev=332145&r1=331651&r2=332145&view=diff
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/Security.idl (original)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/Security.idl Wed Nov  9 13:21:41 2005
@@ -1,412 +1,313 @@
-//Security Service, v1.8 - OMG IDL Summary File
-//Object Management Group, Inc.
-//
-//Copyright 1995, AT&T Global Information Solutions Company
-//Copyright 1995, Digital Equipment Corporation
-//Copyright 1995, Expersoft Corporation
-//Copyright 1995, Groupe Bull
-//Copyright 1995, Hewlett-Packard Company
-//Copyright 1995, IBM (in collaboration with Taligent, Inc.)
-//Copyright 1995, International Computers Limited
-//Copyright 2000, Object Management Group, Inc.
-//Copyright 1995, Netscape Communications Corporation
-//Copyright 1997, Northern Telecom Limited
-//Copyright 1995, Novell, Inc.
-//Copyright 1995, Siemens Nixdorf Informationssysteme AG
-//Copyright 1995, 1997, SunSoft, Inc.
-//Copyright 1995, Tandem Computer, Inc. (in collaboration with Odyssey Research Assoc, Inc.)
-//Copyright 1995, Tivoli Systems, Inc.
-//Copyright 1997, Visigenic Software, Inc.
-//
-//The companies listed above have granted to the Object Management Group, Inc.
-//(OMG) a nonexclusive, royalty-free, paid up, worldwide license to copy and
-//distribute this document and to modify this document and distribute copies of
-//the modified version. Each of the copyright holders listed above has agreed
-//that no person shall be deemed to have infringed the copyright in the included
-//material of any such copyright holder by reason of having used the
-//specification set forth herein or having conformed any computer software to
-//the specification.
-//
-//This file contains OMG IDL from the Security Service, v1.8 specification.
-//OMG regularly publishes a summary file that contains all the "code" parts of
-//an OMG formal document. Every formal document line that is IDL, PIDL, or
-//language code is included in the summary file. The reason for such a listing
-//is to give readers an electronic version of the "code" so that they can
-//extract pieces of it. Readers might want to test an example, include it in
-//their own code, or use it for documentation purposes. Having the code lines
-//available electronically means there is less likelihood of a transcription
-//error.
-//
-//This subsection defines the OMG IDL for security data types common to the
-//other security modules, which is the module Security. The Security module
-//depends on the TimeBase module and the CORBA module.
-
-
-
-
 #ifndef _SECURITY_IDL_
 #define _SECURITY_IDL_
-#include "geronimo-orb.idl"
-#include "TimeBase.idl"
-#pragma prefix "omg.org"
 
+#include <orb.idl>
+#include <TimeBase.idl>
+#pragma prefix "omg.org"
 module Security {
-
-# pragma version Security 1.8
-
-	typedef string 			SecurityName;
-	typedef sequence <octet> 	Opaque;
-	
-	// Constant declarations for Security Service Options
-	
-	const CORBA::ServiceOption SecurityLevel1 = 1;
-	const CORBA::ServiceOption SecurityLevel2 = 2;
-	const CORBA::ServiceOption NonRepudiation = 3;
-	const CORBA::ServiceOption SecurityORBServiceReady = 4;
-	const CORBA::ServiceOption SecurityServiceReady = 5;
-	const CORBA::ServiceOption ReplaceORBServices = 6;
-	const CORBA::ServiceOption ReplaceSecurityServices = 7;
-	const CORBA::ServiceOption StandardSecureInteroperability = 8;
-	const CORBA::ServiceOption DCESecureInteroperability = 9;
-	
-	// Service options for Common Secure Interoperability
-	
-	const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
-	const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
-	const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;
-	
-	// Security mech types supported for secure association
-	const CORBA::ServiceDetailType SecurityMechanismType = 1;
-	
-	// privilege types supported in standard access policy
-	const CORBA::ServiceDetailType SecurityAttribute = 2;
-	
-	// extensible families for standard data types
-	
-	struct ExtensibleFamily {
-		unsigned short family_definer;
-		unsigned short family;
-	};
-	
-	typedef sequence<octet> 	OID;
-	
-	typedef sequence<OID> 		OIDList;
-	
-	// security attributes
-	
-	typedef unsigned long SecurityAttributeType;
-	
-	// other attributes; family = 0
-	
-	const SecurityAttributeType AuditId = 1;
-	const SecurityAttributeType AccountingId = 2;
-	const SecurityAttributeType NonRepudiationId = 3;
-
-	// privilege attributes; family = 1
-	
-	const SecurityAttributeType _Public = 1;
-	const SecurityAttributeType AccessId = 2;
-	const SecurityAttributeType PrimaryGroupId = 3;
-	const SecurityAttributeType GroupId = 4;
-	const SecurityAttributeType Role = 5;
-	const SecurityAttributeType AttributeSet = 6;
-	const SecurityAttributeType Clearance = 7;
-	const SecurityAttributeType Capability = 8;
-	
-	struct AttributeType {
-		ExtensibleFamily attribute_family;
-		SecurityAttributeType attribute_type;
-	};
-	
-	typedef sequence<AttributeType> AttributeTypeList;
-	
-	struct SecAttribute {
-		AttributeType attribute_type;
-		OID defining_authority;
-		Opaque value;
-		// the value of this attribute can be
-		// decoded only with knowledge of defining_authority
-	};
-	
-	typedef sequence <SecAttribute> AttributeList;
-	
-	// Authentication return status
-	
-	enum AuthenticationStatus {
-	SecAuthSuccess,
-		SecAuthFailure,
-		SecAuthContinue,
-		SecAuthExpired
-	};
-	
-	// Association return status
-	
-	enum AssociationStatus {
-		SecAssocSuccess,
-		SecAssocFailure,
-		SecAssocContinue
-	};
-	
-	// Authentication method
-	
-	typedef unsigned long AuthenticationMethod;
-	
-	typedef sequence<AuthenticationMethod> AuthenticationMethodList;
-	
-	// Credential types
-	
-	enum InvocationCredentialsType {
-		SecOwnCredentials,
-		SecReceivedCredentials,
-		SecTargetCredentials
-	};
-	
-	// Declarations related to Rights
-	struct Right {
-		ExtensibleFamily rights_family;
-		string the_right;
-	};
-	
-	typedef sequence <Right> RightsList;
-	
-	enum RightsCombinator {
-		SecAllRights,
-		SecAnyRight
-	};
-	
-	// Delegation related
-	
-	enum DelegationState {
-		SecInitiator,
-		SecDelegate
-	};
-	
-	enum DelegationDirective {
-		Delegate,
-		NoDelegate
-	};
-	
-	// pick up from TimeBase
-	
-	typedef TimeBase::UtcT UtcT;
-	typedef TimeBase::IntervalT IntervalT;
-	typedef TimeBase::TimeT TimeT;
-	
-	// Security features available on credentials.
-	
-	enum SecurityFeature {
-		SecNoDelegation,
-		SecSimpleDelegation,
-		SecCompositeDelegation,
-		SecNoProtection,
-		SecIntegrity,
-		SecConfidentiality,
-		SecIntegrityAndConfidentiality,
-		SecDetectReplay,
-		SecDetectMisordering,
-		SecEstablishTrustInTarget,
-		SecEstablishTrustInClient
-	};
-	
-	// Quality of protection which can be specified
-	// for an object reference and used to protect messages
-	
-	enum QOP {
-		SecQOPNoProtection,
-		SecQOPIntegrity,
-		SecQOPConfidentiality,
-		SecQOPIntegrityAndConfidentiality
-	};
-	
-	// Type of SecurityContext
-	
-	enum SecurityContextType {
-		SecClientSecurityContext,
-		SecServerSecurityContext
-	};
-	
-	// Operational State of a Security Context
-	
-	enum SecurityContextState {
-		SecContextInitialized,
-		SecContextContinued,
-		SecContextClientEstablished,
-		SecContextEstablished,
-		SecContextEstablishExpired,
-		SecContextExpired,
-		SecContextInvalid
-	};
-	
-	struct ChannelBindings {
-		unsigned long initiator_addrtype;
-		sequence<octet> initiator_address;
-		unsigned long acceptor_addrtype;
-		sequence<octet> acceptor_address;
-		sequence<octet> application_data;
-	};
-	
-	// For use with SecurityReplaceable
-	
-	struct OpaqueBuffer {
-		Opaque buffer;
-		unsigned long startpos;
-		unsigned long endpos;
-		// startpos <= endpos
-		// OpaqueBuffer is said to be empty if startpos == endpos
-	};
-	
-	// Association options which can be administered
-	// on secure invocation policy and used to
-	// initialize security context
-	
-	typedef unsigned short AssociationOptions;
-	
-	const AssociationOptions NoProtection = 1;
-	const AssociationOptions Integrity = 2;
-	const AssociationOptions Confidentiality = 4;
-	const AssociationOptions DetectReplay = 8;
-	const AssociationOptions DetectMisordering = 16;
-	const AssociationOptions EstablishTrustInTarget = 32;
-	const AssociationOptions EstablishTrustInClient = 64;
-	const AssociationOptions NoDelegation = 128;
-	const AssociationOptions SimpleDelegation = 256;
-	const AssociationOptions CompositeDelegation = 512;
-	
-	// Flag to indicate whether association options being
-	// administered are the "required" or "supported" set
-	
-	enum RequiresSupports {
-		SecRequires,
-		SecSupports
-	};
-	
-	// Direction of communication for which
-	// secure invocation policy applies
-	
-	enum CommunicationDirection {
-		SecDirectionBoth,
-		SecDirectionRequest,
-		SecDirectionReply
-	};
-	
-	// security association mechanism type
-	
-	typedef string MechanismType;
-	typedef sequence<MechanismType> MechanismTypeList;
-	
-	// AssociationOptions-Direction pair
-	
-	struct OptionsDirectionPair {
-		AssociationOptions options;
-		CommunicationDirection direction;
-	};
-	
-	typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;
-	
-	// Delegation mode which can be administered
-	
-	enum DelegationMode {
-		SecDelModeNoDelegation, // i.e. use own credentials
-		SecDelModeSimpleDelegation, // delegate received credentials
-		SecDelModeCompositeDelegation // delegate both;
-	};
-	
-	// Association options supported by a given mech type
-	
-	struct MechandOptions {
-		MechanismType mechanism_type;
-		AssociationOptions options_supported;
-	};
-	
-	typedef sequence <MechandOptions> MechandOptionsList;
-	
-	// Attribute of the SecurityLevel2::EstablishTrustPolicy
-	
-	struct EstablishTrust {
-		boolean trust_in_client;
-		boolean trust_in_target;
-	};
-	
-	// Audit
-	
-	typedef unsigned long AuditChannelId;
-	typedef unsigned short EventType;
-	
-	const EventType AuditAll = 0;
-	const EventType AuditPrincipalAuth = 1;
-	const EventType AuditSessionAuth = 2;
-	const EventType AuditAuthorization = 3;
-	const EventType AuditInvocation = 4;
-	const EventType AuditSecEnvChange = 5;
-	const EventType AuditPolicyChange = 6;
-	const EventType AuditObjectCreation = 7;
-	const EventType AuditObjectDestruction = 8;
-	const EventType AuditNonRepudiation = 9;
-	
-	enum DayOfTheWeek {
-		Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
-	};
-		
-	enum AuditCombinator {
-		SecAllSelectors,
-		SecAnySelector
-	};
-	
-	struct AuditEventType {
-		ExtensibleFamily event_family;
-		EventType event_type;
-	};
-	
-	typedef sequence <AuditEventType> AuditEventTypeList;
-
-	typedef unsigned long SelectorType;
-	
-	const SelectorType InterfaceName = 1;
-	const SelectorType ObjectRef = 2;
-	const SelectorType Operation = 3;
-	const SelectorType Initiator = 4;
-	const SelectorType SuccessFailure = 5;
-	const SelectorType Time = 6;
-	const SelectorType DayOfWeek = 7;
-	
-	// values defined for audit_needed and audit_write are:
-	// InterfaceName: CORBA::RepositoryId
-	// ObjectRef: object reference
-	// Operation: op_name
-	// Initiator: Credentials
-	// SuccessFailure: boolean
-	// Time: utc time on audit_write; time picked up from
-	// environment in audit_needed if required
-	// DayOfWeek: DayOfTheWeek
-	
-	struct SelectorValue {
-		SelectorType selector;
-		any value;
-	};
-	
-	typedef sequence <SelectorValue> SelectorValueList;
-	
-	// Constant declaration for valid Security Policy Types
-	
-	// General administrative policies
-	
-	const CORBA::PolicyType SecClientInvocationAccess = 1;
-	const CORBA::PolicyType SecTargetInvocationAccess = 2;
-	const CORBA::PolicyType SecApplicationAccess = 3;
-	const CORBA::PolicyType SecClientInvocationAudit = 4;
-	const CORBA::PolicyType SecTargetInvocationAudit = 5;
-	const CORBA::PolicyType SecApplicationAudit = 6;
-	const CORBA::PolicyType SecDelegation = 7;
-	const CORBA::PolicyType SecClientSecureInvocation = 8;
-	const CORBA::PolicyType SecTargetSecureInvocation = 9;
-	const CORBA::PolicyType SecNonRepudiation = 10;
-	
-	// Policies used to control attributes of a binding to a target
-	const CORBA::PolicyType SecMechanismsPolicy = 12;
-	const CORBA::PolicyType SecInvocationCredentialsPolicy = 13;
-	const CORBA::PolicyType SecFeaturePolicy = 14; // obsolete
-	const CORBA::PolicyType SecQOPPolicy = 15;
-	const CORBA::PolicyType SecDelegationDirectivePolicy = 38;
-	const CORBA::PolicyType SecEstablishTrustPolicy = 39;
+# pragma version Security 1.5
+    typedef string SecurityName;
+    typedef sequence <octet> Opaque;
+    // Constant declarations for Security Service Options
+    const CORBA::ServiceOption SecurityLevel1 = 1;
+    const CORBA::ServiceOption SecurityLevel2 = 2;
+    const CORBA::ServiceOption NonRepudiation = 3;
+    const CORBA::ServiceOption SecurityORBServiceReady = 4;
+    const CORBA::ServiceOption SecurityServiceReady = 5;
+    const CORBA::ServiceOption ReplaceORBServices = 6;
+    const CORBA::ServiceOption ReplaceSecurityServices = 7;
+    const CORBA::ServiceOption StandardSecureInteroperability = 8;
+    const CORBA::ServiceOption DCESecureInteroperability = 9;
+    // Service options for Common Secure Interoperability
+    const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
+    const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
+    const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;
+    // Security mech types supported for secure association
+    const CORBA::ServiceDetailType SecurityMechanismType = 1;
+    // privilege types supported in standard access policy
+    const CORBA::ServiceDetailType SecurityAttribute = 2;
+    // extensible families for standard data types
+    struct ExtensibleFamily {
+        unsigned short family_definer;
+        unsigned short family;
+    };
+    // security attributes
+    typedef unsigned long SecurityAttributeType;
+    // other attributes; family = 0
+    const SecurityAttributeType AuditId = 1;
+    const SecurityAttributeType AccountingId = 2;
+    const SecurityAttributeType NonRepudiationId = 3;
+    // privilege attributes; family = 1
+    const SecurityAttributeType _Public = 1;
+    const SecurityAttributeType AccessId = 2;
+    const SecurityAttributeType PrimaryGroupId = 3;
+    const SecurityAttributeType GroupId = 4;
+    const SecurityAttributeType Role = 5;
+    const SecurityAttributeType AttributeSet = 6;
+    const SecurityAttributeType Clearance = 7;
+    const SecurityAttributeType Capability = 8;
+    struct AttributeType {
+        ExtensibleFamily attribute_family;
+        SecurityAttributeType attribute_type;
+    };
+    typedef sequence<AttributeType> AttributeTypeList;
+    struct SecAttribute {
+        AttributeType attribute_type;
+        Opaque defining_authority;
+        Opaque value;
+        // the value of this attribute can be
+        // interpreted only with knowledge of type
+    };
+    typedef sequence <SecAttribute> AttributeList;
+    // Authentication return status
+    enum AuthenticationStatus {
+        SecAuthSuccess,
+        SecAuthFailure,
+        SecAuthContinue,
+        SecAuthExpired
+    };
+    // Association return status
+    enum AssociationStatus {
+        SecAssocSuccess,
+        SecAssocFailure,
+        SecAssocContinue
+    };
+    // Authentication method
+    typedef unsigned long AuthenticationMethod;
+    typedef sequence<AuthenticationMethod> AuthenticationMethodList;
+    // Credential types which can be set as Current default
+    enum CredentialType {
+        SecInvocationCredentials,
+        SecNRCredentials
+    };
+    enum InvocationCredentialsType {
+        SecOwnCredentials,
+        SecReceivedCredentials
+    };
+    // Declarations related to Rights
+    struct Right {
+        ExtensibleFamily rights_family;
+        string right;
+    };
+    typedef sequence <Right> RightsList;
+    enum RightsCombinator {
+        SecAllRights,
+        SecAnyRight
+    };
+    // Delegation related
+    enum DelegationState {
+        SecInitiator,
+        SecDelegate
+    };
+    enum DelegationDirective {
+        Delegate,
+        NoDelegate
+    };
+    // pick up from TimeBase
+    typedef TimeBase::UtcT UtcT;
+    typedef TimeBase::IntervalT IntervalT;
+    typedef TimeBase::TimeT TimeT;
+    // Security features available on credentials.
+    enum SecurityFeature {
+        SecNoDelegation,
+        SecSimpleDelegation,
+        SecCompositeDelegation,
+        SecNoProtection,
+        SecIntegrity,
+        SecConfidentiality,
+        SecIntegrityAndConfidentiality,
+        SecDetectReplay,
+        SecDetectMisordering,
+        SecEstablishTrustInTarget,
+        SecEstablishTrustInClient
+    };
+    // Quality of protection which can be specified
+    // for an object reference and used to protect messages
+    enum QOP {
+        SecQOPNoProtection,
+        SecQOPIntegrity,
+        SecQOPConfidentiality,
+        SecQOPIntegrityAndConfidentiality
+    };
+    // Type of SecurityContext
+    enum SecurityContextType {
+        SecClientSecurityContext,
+        SecServerSecurityContext
+    };
+    // Operational State of a Security Context
+    enum SecurityContextState {
+        SecContextInitialized,
+        SecContextContinued,
+        SecContextClientEstablished,
+        SecContextEstablished,
+        SecContextEstablishExpired,
+        SecContextExpired,
+        SecContextInvalid
+    };
+    // For use with SecurityReplaceable
+    struct OpaqueBuffer {
+        Opaque buffer;
+        unsigned long startpos;
+        unsigned long endpos;
+        // startpos <= endpos
+        // OpaqueBuffer is said to be empty if startpos == endpos
+    };
+    // Association options which can be administered
+    // on secure invocation policy and used to
+    // initialize security context
+    typedef unsigned short AssociationOptions;
+    const AssociationOptions NoProtection = 1;
+    const AssociationOptions Integrity = 2;
+    const AssociationOptions Confidentiality = 4;
+    const AssociationOptions DetectReplay = 8;
+    const AssociationOptions DetectMisordering = 16;
+    const AssociationOptions EstablishTrustInTarget = 32;
+    const AssociationOptions EstablishTrustInClient = 64;
+    const AssociationOptions NoDelegation = 128;
+    const AssociationOptions SimpleDelegation = 256;
+    const AssociationOptions CompositeDelegation = 512;
+    const AssociationOptions IdentityAssertion = 1024;
+    const AssociationOptions DelegationByClient = 2048;
+    //Types Defined for CSIv2
+    typedef sequence <octet> OID;
+    // An X509CertificateChain contains an ASN.1 BER encoded SEQUENCE [1..MAX]
+    // OF X.509 certificates encapsulated in a sequence of octets. The
+    // subject’s certificate shall come first in the list. Each following
+    // certificate shall directly certify the one preceding it. The ASN.1
+    // representation of Certificate is as defined in [IETF RFC 2459].
+    typedef sequence <octet> X509CertificateChain;
+    // an X.501 type name or Distinguished Name encapsulated in a sequence of
+    // octets containing the ASN.1 encoding.
+    
+    typedef sequence <octet> X501DistinguishedName;
+    typedef sequence <octet> UTF8String;
+    typedef UTF8String NameValue;
+    struct ScopedName {
+        Security::NameValue name_scope;
+        Security::NameValue name_value;
+    };
+    // A sequence of octets containing a GSStoken. Initial context tokens are
+    // ASN.1 encoded as defined in [IETF RFC 2743] Section 3.1,
+    // "Mechanism-Independent token Format", pp. 81-82. Initial context tokens
+    // contain an ASN.1 tag followed by a token length, a mechanism identifier,
+    // and a mechanism-specific token (i.e. a GSSUP::InitialContextToken). The
+    // encoding of all other GSS tokens (e.g.  error tokens and final context
+    // tokens) is mechanism dependent.
+    typedef sequence <octet> GSSToken;
+    // An encoding of a GSS Mechanism-Independent Exported Name Object as
+    // defined in [IETF RFC 2743] Section 3.2, "GSS Mechanism-Independent
+    // Exported Name Object Format," p. 84.
+    typedef sequence <octet> GSS_NT_ExportedName;
+    // End types defined for CSIv2 Flag to indicate whether association options
+    // being administered are the “required” or “supported” set
+    enum RequiresSupports {
+        SecRequires,
+        SecSupports
+    };
+    // Direction of communication for which
+    // secure invocation policy applies
+    enum CommunicationDirection {
+        SecDirectionBoth,
+        SecDirectionRequest,
+        SecDirectionReply
+    };
+    // security association mechanism type
+    typedef string MechanismType;
+    typedef sequence<MechanismType> MechanismTypeList;
+    struct SecurityMechanismData {
+        MechanismType mechanism;
+        Opaque security_name;
+        AssociationOptions options_supported;
+        AssociationOptions options_required;
+    };
+    typedef sequence<SecurityMechanismData>SecurityMechanismDataList;
+    // AssociationOptions-Direction pair
+    struct OptionsDirectionPair {
+        AssociationOptions options;
+        CommunicationDirection direction;
+    };
+    typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;
+    // Delegation mode which can be administered
+    enum DelegationMode {
+        SecDelModeNoDelegation, // i.e. use own credentials
+        SecDelModeSimpleDelegation, // delegate received credentials
+        SecDelModeCompositeDelegation // delegate both;
+    };
+    // Association options supported by a given mech type
+    struct MechandOptions {
+        MechanismType mechanism_type;
+        AssociationOptions options_supported;
+    };
+    typedef sequence <MechandOptions> MechandOptionsList;
+    // Attribute of the SecurityLevel2::EstablishTrustPolicy
+    struct EstablishTrust {
+        boolean trust_in_client;
+        boolean trust_in_target;
+    };
+    // Audit
+    typedef unsigned long AuditChannelId;
+    typedef unsigned short EventType;
+    const EventType AuditAll = 0;
+    const EventType AuditPrincipalAuth = 1;
+    const EventType AuditSessionAuth = 2;
+    const EventType AuditAuthorization = 3;
+    const EventType AuditInvocation = 4;
+    const EventType AuditSecEnvChange = 5;
+    const EventType AuditPolicyChange = 6;
+    const EventType AuditObjectCreation = 7;
+    const EventType AuditObjectDestruction = 8;
+    const EventType AuditNonRepudiation = 9;
+    enum DayOfTheWeek {
+        Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday};
+    enum AuditCombinator {
+        SecAllSelectors,
+        SecAnySelector
+    };
+    struct AuditEventType {
+        ExtensibleFamily event_family;
+        EventType event_type;
+    };
+    typedef sequence <AuditEventType> AuditEventTypeList;
+    typedef unsigned long SelectorType;
+    const SelectorType InterfaceName = 1;
+    const SelectorType ObjectRef = 2;
+    const SelectorType Operation = 3;
+    const SelectorType Initiator = 4;
+    const SelectorType SuccessFailure = 5;
+    const SelectorType Time = 6;
+    const SelectorType DayOfWeek = 7;
+    // values defined for audit_needed and audit_write are:
+    // InterfaceName: CORBA::RepositoryId
+    // ObjectRef: object reference
+    // Operation: op_name
+    // Initiator: Credentials
+    // SuccessFailure: boolean
+    // Time: utc time on audit_write; time picked up from
+    // environment in audit_needed if required
+    // DayOfWeek: DayOfTheWeek
+    struct SelectorValue {
+        SelectorType selector;
+        any value;
+    };
+    typedef sequence <SelectorValue> SelectorValueList;
+    // Constant declaration for valid Security Policy Types
+    // General administrative policies
+    const CORBA::PolicyType SecClientInvocationAccess = 1;
+    const CORBA::PolicyType SecTargetInvocationAccess = 2;
+    const CORBA::PolicyType SecApplicationAccess = 3;
+    const CORBA::PolicyType SecClientInvocationAudit = 4;
+    const CORBA::PolicyType SecTargetInvocationAudit = 5;
+    const CORBA::PolicyType SecApplicationAudit = 6;
+    const CORBA::PolicyType SecDelegation = 7;
+    const CORBA::PolicyType SecClientSecureInvocation = 8;
+    const CORBA::PolicyType SecTargetSecureInvocation = 9;
+    const CORBA::PolicyType SecNonRepudiation = 10;
+    // Policies used to control attributes of a binding to a target
+    const CORBA::PolicyType SecMechanismsPolicy = 12;
+    const CORBA::PolicyType SecInvocationCredentialsPolicy = 13;
+    const CORBA::PolicyType SecFeaturePolicy = 14; // obsolete
+    const CORBA::PolicyType SecQOPPolicy = 15;
+    const CORBA::PolicyType SecDelegationDirectivePolicy = 38;
+    const CORBA::PolicyType SecEstablishTrustPolicy = 39;
 };
 #endif /* _SECURITY_IDL_ */

Added: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityAdmin.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityAdmin.idl?rev=332145&view=auto
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityAdmin.idl (added)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityAdmin.idl Wed Nov  9 13:21:41 2005
@@ -0,0 +1,127 @@
+#ifndef _SECURITY_ADMIN_IDL
+#define _SECURITY_ADMIN_IDL
+
+#pragma prefix "omg.org"
+#include <SecurityLevel2.idl>
+
+module SecurityAdmin 
+{
+
+    // interface AccessPolicy
+    interface AccessPolicy : CORBA::Policy 
+    {
+
+	Security::RightsList get_effective_rights (
+		     in      Security::AttributeList            attrib_list,
+		     in Security::ExtensibleFamily  rights_family
+		     );
+
+	Security::RightsList get_all_effective_rights( 
+		     in     Security::AttributeList            attrib_list 
+		     ); 
+    };
+
+    // interface DomainAccessPolicy
+    interface DomainAccessPolicy : AccessPolicy 
+    {
+
+	void grant_rights(
+			  in Security::SecAttribute                  priv_attr,
+			  in Security::DelegationState               del_state,
+			  in Security::RightsList                    rights
+			  );
+
+	void revoke_rights(
+                           in Security::SecAttribute                  priv_attr,
+                           in Security::DelegationState               del_state,
+                           in Security::RightsList                    rights
+			   );
+
+	void replace_rights (
+			     in Security::SecAttribute                  priv_attr,
+			     in Security::DelegationState               del_state,
+			     in Security::RightsList                    rights
+			     );
+
+	Security::RightsList get_rights (
+			   in Security::SecAttribute                  priv_attr,
+			   in Security::DelegationState               del_state,
+			   in Security::ExtensibleFamily  rights_family
+			   );
+
+	Security::RightsList get_all_rights( 
+			   in     Security::SecAttribute                                   priv_attr, 
+			   in     Security::DelegationState                                del_state 
+			   ); 
+    };
+
+    // interface AuditPolicy
+    interface AuditPolicy : CORBA::Policy 
+    {
+
+	void set_audit_selectors (
+                    in      CORBA::RepositoryId                                      object_type,
+		    in      Security::AuditEventTypeList                             events,
+		    in      Security::SelectorValueList                              selectors,
+		    in Security::AuditCombinator  audit_combinator 
+		    );
+
+	void clear_audit_selectors (
+		    in      CORBA::RepositoryId                                      object_type,
+		    in      Security::AuditEventTypeList                             events 
+		    );
+
+	void replace_audit_selectors (
+		in      CORBA::RepositoryId                                     object_type,
+		in      Security::AuditEventTypeList                             events,
+		in      Security::SelectorValueList                              selectors,
+		in Security::AuditCombinator  audit_combinator 
+		); 
+
+	void get_audit_selectors (
+		   in      CORBA::RepositoryId                                      object_type,
+		   in      Security::AuditEventType event_type,
+		   out     Security::SelectorValueList                              selectors,
+		   out Security::AuditCombinator                                    audit_combinator 
+		   ); 
+
+	void set_audit_channel (
+		in      Security::AuditChannelId                                 audit_channel_id
+		);
+    };
+
+    // interface SecureInvocationPolicy
+    
+    interface SecureInvocationPolicy : CORBA::Policy 
+    {
+
+	void set_association_options(
+		in CORBA::InterfaceDef                                           object_type,
+		in Security::RequiresSupports                                    requires_supports,
+		in Security::CommunicationDirection  direction,
+		in Security::AssociationOptions                                  options 
+		);
+
+	Security::AssociationOptions get_association_options(
+		in CORBA::InterfaceDef                           object_type,
+		in Security::RequiresSupports                    requires_supports,
+		in Security::CommunicationDirection direction
+		); 
+    };
+
+    // interface DelegationPolicy
+    interface DelegationPolicy : CORBA::Policy 
+    {
+
+	void set_delegation_mode(
+		in CORBA::InterfaceDef                           object_type,
+		in Security::DelegationMode                      mode
+		);
+
+	Security::DelegationMode get_delegation_mode(
+		in CORBA::InterfaceDef                           object_type
+		);
+    };
+};
+
+#endif /* _SECURITY_ADMIN_IDL_ */

Added: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityLevel1.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityLevel1.idl?rev=332145&view=auto
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityLevel1.idl (added)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityLevel1.idl Wed Nov  9 13:21:41 2005
@@ -0,0 +1,21 @@
+// $Id: SecurityLevel1.idl,v 1.2 2001/09/22 14:51:13 jso Exp $
+
+#ifndef _SECURITY_LEVEL_1_IDL
+#define _SECURITY_LEVEL_1_IDL
+
+#pragma prefix "omg.org"
+
+#include <Security.idl>
+
+module SecurityLevel1 
+{		
+    interface Current : CORBA::Current 
+    {	
+	// Locality Constrained
+	// thread specific operations
+
+      Security::AttributeList get_attributes (in Security::AttributeTypeList attributes );
+    };
+	
+};
+#endif /* _SECURITY_LEVEL_1_IDL */

Added: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityLevel2.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityLevel2.idl?rev=332145&view=auto
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityLevel2.idl (added)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityLevel2.idl Wed Nov  9 13:21:41 2005
@@ -0,0 +1,237 @@
+// $Id: SecurityLevel2.idl,v 1.2 2001/09/22 14:51:13 jso Exp $
+
+#ifndef _SECURITY_LEVEL_2_IDL
+#define _SECURITY_LEVEL_2_IDL
+
+#pragma prefix "omg.org"
+#include <SecurityLevel1.idl>
+
+module SecurityLevel2 
+{
+    // Forward declaration of interfaces
+    interface PrincipalAuthenticator;
+    interface Credentials;
+    interface Current;
+
+
+    interface PrincipalAuthenticator 
+    {
+	Security::AuthenticationMethodList get_supported_authen_methods(
+                in     Security::MechanismType                   mechanism
+		);
+
+	Security::AuthenticationStatus authenticate (
+		in Security::AuthenticationMethod method,
+		in Security::MechanismType        mechanism,
+		in Security::SecurityName         security_name,
+		in Security::Opaque               auth_data,
+		in Security::AttributeList        privileges,
+		out Credentials                   creds,
+		out Security::Opaque              continuation_data,
+		out Security::Opaque              auth_specific_data
+		);
+	
+	Security::AuthenticationStatus continue_authentication (
+		in    Security::Opaque            response_data,
+		in    Credentials                 creds,
+		out  Security::Opaque             continuation_data,
+		out  Security::Opaque             auth_specific_data
+		);
+    };
+    
+
+    interface Credentials 
+    {
+
+	Credentials copy ();
+
+	void destroy();
+
+	readonly attribute Security::InvocationCredentialsType credentials_type;
+	readonly attribute Security::AuthenticationStatus authentication_state;
+	readonly attribute Security::MechanismType mechanism;
+
+	attribute Security::AssociationOptions accepting_options_supported;
+	attribute Security::AssociationOptions accepting_options_required;
+	attribute Security::AssociationOptions invocation_options_supported;
+	attribute Security::AssociationOptions invocation_options_required;
+
+	boolean get_security_feature(
+		in    Security::CommunicationDirection           direction,
+		in    Security::SecurityFeature                  feature
+		);
+
+	boolean set_privileges (
+		in      boolean                                force_commit,
+		in      Security::AttributeList                requested_privileges,
+		out     Security::AttributeList                actual_privileges
+		);
+
+	Security::AttributeList get_attributes (in Security::AttributeTypeList attributes);
+
+	boolean is_valid (
+                out     Security::UtcT                         expiry_time
+		);
+
+	boolean refresh(
+		in      Security::Opaque                               refresh_data
+		);
+    };
+
+    typedef sequence <Credentials>                          CredentialsList;
+
+    interface ReceivedCredentials : Credentials 
+    {
+	readonly attribute Credentials  accepting_credentials;
+	readonly attribute Security::AssociationOptions association_options_used;
+	readonly attribute Security::DelegationState  delegation_state;
+	readonly attribute Security::DelegationMode delegation_mode;
+    };
+
+    // RequiredRights Interface
+
+    interface RequiredRights
+    {
+	void get_required_rights(
+		in Object                                      obj,
+		in CORBA::Identifier                           operation_name,
+		in CORBA::RepositoryId                         interface_name,
+		out Security::RightsList                       rights,
+		out Security::RightsCombinator rights_combinator
+		);
+
+	    void set_required_rights(
+		in CORBA::Identifier                     operation_name,
+		in     CORBA::RepositoryId               interface_name,
+		in Security::RightsList                  rights,
+		in Security::RightsCombinator            rights_combinator
+		);
+    };
+
+    // interface audit channel
+    interface AuditChannel 
+    {
+	void audit_write (
+		in     Security::AuditEventType                               event_type,
+		in     CredentialsList                                        creds,  
+		in     Security::UtcT                                         time,
+		in     Security::SelectorValueList                            descriptors,
+		in     Security::Opaque                                       event_specific_data
+		);
+	
+	readonly attribute Security::AuditChannelId  audit_channel_id;
+    };
+
+    // interface for Audit Decision 
+
+    interface AuditDecision 
+    {
+	boolean audit_needed (
+		in Security::AuditEventType                                   event_type,
+		in Security::SelectorValueList                                value_list
+		);
+
+	readonly attribute AuditChannel audit_channel;
+    };
+
+    interface AccessDecision 
+    {
+	boolean access_allowed (
+		in     SecurityLevel2::CredentialsList cred_list,
+		in     Object                          target,
+		in     CORBA::Identifier               operation_name,
+		in     CORBA::Identifier               target_interface_name
+		);
+    };
+
+    // Policy interfaces to control bindings
+
+    interface QOPPolicy : CORBA::Policy 
+    {
+	readonly attribute Security::QOP                 qop;
+    };
+
+
+    interface MechanismPolicy : CORBA::Policy 
+    {
+	readonly attribute Security::MechanismTypeList mechanisms;
+    };
+
+    interface InvocationCredentialsPolicy : CORBA::Policy 
+    {
+	readonly attribute CredentialsList                          creds;
+    };
+
+    interface EstablishTrustPolicy : CORBA::Policy 
+    {
+	readonly attribute Security::EstablishTrust                 trust;
+    };
+
+    interface DelegationDirectivePolicy : CORBA::Policy 
+    { 
+	readonly attribute Security::DelegationDirective  delegation_directive;
+    };
+
+    enum DelegationMode { Delegate, NoDelegate };
+
+
+    // Interface Current derived from SecurityLevel1::Current  providing 
+    // additional operations on Current at this security level. 
+    // This is implemented by the ORB
+
+    interface Current : SecurityLevel1::Current 
+    {
+	// Thread specific
+
+	readonly attribute ReceivedCredentials received_credentials;
+
+	void set_credentials (
+		 in      Security::CredentialType cred_type,
+		 in      CredentialsList                     creds,
+		 in      DelegationMode                      del
+		 );
+
+	CredentialsList get_credentials (
+       		 in      Security::CredentialType cred_type
+		 );
+
+	CORBA::Policy get_policy (
+	      	 in      CORBA::PolicyType                   policy_type
+		 );
+
+	void remove_own_credentials(
+      	         in      Credentials                         credentials
+		 );
+
+	    // Process/Capsule/ORB Instance specific operations
+
+	readonly attribute Security::MechandOptionsList              supported_mechanisms;
+	readonly attribute CredentialsList                 own_credentials;
+	readonly attribute RequiredRights                  required_rights_object;
+	readonly attribute PrincipalAuthenticator          principal_authenticator;
+	readonly attribute AccessDecision                  access_decision;
+	readonly attribute AuditDecision                   audit_decision;
+
+	// Security mechanism data for a given target
+	Security::SecurityMechanismDataList get_security_mechanisms (
+		in    Object                                 obj_ref
+		);
+
+	// Factory operations for local policies controlling bindings
+	QOPPolicy create_qop_policy(
+	        in    Security::QOP                          qop
+		);
+
+	MechanismPolicy create_mechanism_policy(
+	      	in    Security::MechanismTypeList                               mechanisms
+		);
+
+	InvocationCredentialsPolicy create_invoc_creds_policy(
+		in    CredentialsList                        creds
+		);
+    };
+};
+
+
+
+#endif /* _SECURITY_LEVEL_2_IDL */

Added: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityReplaceable.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityReplaceable.idl?rev=332145&view=auto
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityReplaceable.idl (added)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SecurityReplaceable.idl Wed Nov  9 13:21:41 2005
@@ -0,0 +1,143 @@
+// taken from OMG Security Service Spec. V 1.5
+
+#ifndef _SECURITY_REPLACEABLE_IDL
+#define _SECURITY_REPLACEABLE_IDL
+
+#pragma prefix "omg.org"
+
+#include <SecurityLevel2.idl>
+
+module SecurityReplaceable 
+{
+
+    interface SecurityContext;
+    interface ClientSecurityContext;
+    interface ServerSecurityContext;
+
+    interface Vault 
+    {                            
+	    // Locality Constrained
+
+	Security::AuthenticationMethodList get_supported_authen_methods(
+		in Security::MechanismType mechanism
+		);
+
+	Security::AuthenticationStatus acquire_credentials(
+		in       Security::AuthenticationMethod method,
+		in       Security::MechanismType                 mechanism,
+		in       Security::SecurityName security_name,
+		in       Security::Opaque auth_data,
+		in       Security::AttributeList                 privileges,
+		out      SecurityLevel2::Credentials creds,
+		out      Security::Opaque                        continuation_data,
+		out      Security::Opaque                        auth_specific_data
+		);
+
+	Security::AuthenticationStatus continue_credentials_acquisition(
+		in       Security::Opaque response_data,
+		in       SecurityLevel2::Credentials             creds,
+		out      Security::Opaque                        continuation_data,
+		out      Security::Opaque                        auth_specific_data
+		);
+
+	Security::AssociationStatus init_security_context (
+	        in  SecurityLevel2::Credentials   creds,
+		in Security::SecurityName         target_security_name,
+		in Object                         target,
+		in Security::DelegationMode       delegation_mode,
+		in Security::OptionsDirectionPairList association_options,
+		in Security::MechanismType        mechanism,
+		in     Security::Opaque           mech_data, //from IOR
+		in Security::Opaque               chan_binding,
+		out Security::OpaqueBuffer        security_token,
+		out ClientSecurityContext         security_context
+		);
+	
+	Security::AssociationStatus accept_security_context (
+		in SecurityLevel2::CredentialsList creds_list,
+		in Security::Opaque                chan_bindings,
+		in Security::OpaqueBuffer          in_token,
+		out Security::OpaqueBuffer         out_token,
+		out    ServerSecurityContext       security_context
+		);
+
+	Security::MechandOptionsList get_supported_mechs ();
+    };
+
+    interface SecurityContext 
+    {              // Locality Constrained
+
+	readonly attribute Security::SecurityContextType    context_type; 
+	readonly attribute Security::SecurityContextState   context_state; 
+	readonly attribute Security::MechanismType          mechanism; 
+	readonly attribute boolean                          supports_refresh; 
+	readonly attribute Security::Opaque                 chan_binding; 
+	readonly attribute SecurityLevel2::ReceivedCredentials received_credentials;
+
+	Security::AssociationStatus continue_security_context (
+		in     Security::OpaqueBuffer in_token,
+		out    Security::OpaqueBuffer out_token
+		);
+
+
+	void protect_message (
+		in      Security::OpaqueBuffer message,
+		in      Security::QOP                       qop,
+		out     Security::OpaqueBuffer              text_buffer,
+		out     Security::OpaqueBuffer              token
+		);
+
+	boolean reclaim_message (
+		in      Security::OpaqueBuffer text_buffer,
+		in      Security::OpaqueBuffer token,
+		out     Security::QOP                       qop,
+		out     Security::OpaqueBuffer message
+		);
+
+	boolean is_valid (out Security::UtcT  expiry_time );
+
+	boolean refresh_security_context (
+		in      Security::Opaque refresh_data,
+		out     Security::OpaqueBuffer out_token
+		);
+
+	boolean process_refresh_token (
+		in      Security::OpaqueBuffer refresh_token
+		);
+
+	boolean discard_security_context (
+       	        in      Security::Opaque discard_data,
+		out     Security::OpaqueBuffer out_token
+		);
+
+	boolean process_discard_token (
+		in      Security::OpaqueBuffer discard_token
+		);
+    };
+
+
+    interface ClientSecurityContext : SecurityContext 
+    {
+	// Locality Constrained
+	readonly attribute Security::AssociationOptions  association_options_used; 
+	readonly attribute Security::DelegationMode      delegation_mode; 
+	readonly attribute Security::Opaque              mech_data; 
+	readonly attribute SecurityLevel2::Credentials         client_credentials; 
+	readonly attribute Security::AssociationOptions  server_options_supported; 
+	readonly attribute Security::Opaque server_security_name;
+    };
+
+    interface ServerSecurityContext : SecurityContext 
+    {
+	// Locality Constrained
+	readonly attribute Security::AssociationOptions
+	    association_options_used; 
+	readonly attribute Security::DelegationMode
+	    delegation_mode; 
+	readonly attribute SecurityLevel2::Credentials server_credentials; 
+	readonly attribute Security::AssociationOptions  server_options_supported; 
+	readonly attribute Security::Opaque server_security_name;
+    };
+};
+
+#endif /* _SECURITY_REPLACEABLE_IDL_ */

Added: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SendingContext.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SendingContext.idl?rev=332145&view=auto
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SendingContext.idl (added)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/SendingContext.idl Wed Nov  9 13:21:41 2005
@@ -0,0 +1,41 @@
+
+#ifndef SendingContext_IDL
+#define SendingContext_IDL
+
+#include <Corba.idl>
+
+#pragma prefix "omg.org"
+
+module CORBA {
+  //
+  // The abstract type for runtime representations
+  //
+  interface RunTime {};
+
+  //
+  // The specific code base for implementation repository access
+  //
+  interface CodeBase : RunTime {
+
+    typedef sequence<CORBA::ValueDef::FullValueDescription> ValueDescSeq;
+    typedef string URL;
+    typedef sequence<URL> URLSeq;
+    
+    //
+    // acces to implementation repository (Java code base)
+    //
+    URL implementation (in string id);
+    URLSeq implementations (in CORBA::StringSeq ids);
+    
+    //
+    // access to interface repository
+    //
+    CORBA::StringSeq bases (in string id);
+    CORBA::Repository get_ir ();
+    CORBA::ValueDef::FullValueDescription meta (in string id);
+    ValueDescSeq metas (in string id);
+  };
+
+};
+
+#endif

Modified: geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/TimeBase.idl
URL: http://svn.apache.org/viewcvs/geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/TimeBase.idl?rev=332145&r1=331651&r2=332145&view=diff
==============================================================================
--- geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/TimeBase.idl (original)
+++ geronimo/specs/trunk/geronimo-spec-corba/src/main/idl/TimeBase.idl Wed Nov  9 13:21:41 2005
@@ -1,40 +1,39 @@
-//File: TimeBase.idl
-//Part of the Time Service
-// Note: if your IDL compiler does not yet support the 
-//   "long long" data type, compile this module with the 
-//   preprocessor definition "NOLONGLONG". With many 
-//   compilers this would be done with a qualifier on 
-//   the command line, something like -DNOLONGLONG
+// $Id: TimeBase.idl,v 1.2 2001/09/22 14:51:13 jso Exp $
 
-#ifndef _TIME_BASE_IDL_
-#define _TIME_BASE_IDL_
+#ifndef _TIME_BASE_IDL
+#define _TIME_BASE_IDL
 #pragma prefix "omg.org"
 
-module TimeBase {
+#include <orb.idl>
 
+module TimeBase 
+{
+		
 #ifdef NOLONGLONG
-	struct ulonglong{
-		unsigned long 		low;
-		unsigned long		high;
-	};
-	typedef ulonglong 		TimeT;
+    struct ulonglong {
+	unsigned long low;
+	unsigned long high;
+    };
+    typedef ulonglong TimeT;
 #else
-	typedef unsigned long long	TimeT;
+    typedef unsigned long long TimeT;
 #endif
-	
-	typedef TimeT 			InaccuracyT;
-	typedef short 			TdfT;
-	struct UtcT {
-		TimeT			time;		// 8 octets
-		unsigned long	inacclo;	// 4 octets
-		unsigned short	inacchi;	// 2 octets
-		TdfT			tdf;		// 2 octets 
-									// total 16 octets.
-	};
+		
+    typedef TimeT              InaccuracyT;
+    typedef short              TdfT;
+		
+    struct UtcT {
+	TimeT            time;    // 8 octets
+	unsigned long    inacclo; // 4 octets
+	unsigned short   inacchi; // 4 octets
+	TdfT             tdf;     // 2 octets
+	// total 16 octets
+    };
+		
+    struct IntervalT {
+	TimeT            lower_bound;
+	TimeT            upper_bound;
+    };
 
-	struct IntervalT {
-		TimeT			lower_bound;
-		TimeT			upper_bound;
-	};
 };
-#endif /* ifndef _TIME_BASE_IDL_ */
+#endif /* _TIME_BASE_IDL */



Mime
View raw message