struct SecAttribute {
  AttributeType      attribute_type;
  Opaque             defining_authority;
  Opaque             value;
}

A.1.1 OMG Attribute Types
A.1.2 Security Extension Attribute Types

A.1.1 OMG Attribute Types

The following table describes the values that NetCrusader/CORBA uses for the defining_authority and value fields of each supported attribute type under the family definer SecFamilyDefinerOMG.

Table 1-1: Attribute Type Descriptions

Attribute Type Defining Authority (Opaque Value) Value (Opaque Value)
AuditId

The realm UUID (Universal Unique Identifier) or GUID (Globally Unique Identifier) of the security server represented as a string.

The string representation of the user's name represented as a Kerberos name string.

AccessId

The realm UUID or GUID of the security server represented as a string.

The UUID of the user within the security domain.

PrimaryGroupId
GroupId

The realm UUID or GUID of the security server represented as a string.

The UUID of the group within the security domain..

Public

The realm UUID or GUID of the security server. If the user is authenticated, this is represented as a string. If access is unauthenticated, this is empty.

Empty.

Table 1-1: Attribute Type Descriptions
Attribute Type	Defining Authority (Opaque Value)	Value (Opaque Value)
AuditId	The realm UUID (Universal Unique Identifier) or GUID (Globally Unique Identifier) of the security server represented as a string.	The string representation of the user's name represented as a Kerberos name string.
AccessId	The realm UUID or GUID of the security server represented as a string.	The UUID of the user within the security domain.
PrimaryGroupId GroupId	The realm UUID or GUID of the security server represented as a string.	The UUID of the group within the security domain..
Public	The realm UUID or GUID of the security server. If the user is authenticated, this is represented as a string. If access is unauthenticated, this is empty.	Empty.

A.1.2 Security Extension Attribute Types

NetCrusader/CORBA supports attributes for an additional interface called SecurityExtension. These attributes use the family definer SecFamilyDefinerGradient and family SecFamilyPrivilege. The SecurityExtension interface supports the following attribute types:

DCECredentialsId — Use this attribute type for integration with DCE infrastructures, such as to bridge from a CORBA to a DCE environment.
GSSCredentialsId — Use this attribute type for calls to GSS APIs or in DCE environments.

The following table describes the values that NetCrusader/CORBA uses for the Opaque fields of the DCECredentialsId attribute.

Table 1-2: DCECredentialsId Attribute

Attribute Type Defining Authority (Opaque Value) Value (Opaque Value)
DCECredentialsId

The realm UUID or GUID of the security server represented as a string (DCE login handle).

A pointer to a DCE sec_login_handle_t representing a DCE login context that can be used to impersonate the client.

GSSCredentialsId

The realm UUID or GUID of the security server represented as a string (GSS handle).

A pointer to a gss_cred_id_t value.

Table 1-2: DCECredentialsId Attribute
Attribute Type	Defining Authority (Opaque Value)	Value (Opaque Value)
DCECredentialsId	The realm UUID or GUID of the security server represented as a string (DCE login handle).	A pointer to a DCE sec_login_handle_t representing a DCE login context that can be used to impersonate the client.
GSSCredentialsId	The realm UUID or GUID of the security server represented as a string (GSS handle).	A pointer to a gss_cred_id_t value.

A.2 AttributeTypeList

The get_attributes operation on the Credentials interface requires an AttributeTypeList. Use the following structure for the AttributeTypeList:

struct AttributeType (
  ExtensibleFamily        attribute_family;
  SecurityAttributeType   attribute_type;
);

attribute_family — The OMG defines two attribute families:
- 0 (other attributes) — Includes the following attribute type:
  
  const SecurityAttributeType AuditId = 1;
- 1 (privilege attributes) — Includes the following attribute types:
  
  const SecurityAttributeType Public = 1; const SecurityAttributeType AccessId = 2; const SecurityAttributeType PrimaryGroupId = 3; const SecurityAttributeType GroupId = 4;

A.3 AuditEventType

The AuditEventType structure is used in the operations audit_needed (AuditDecision interface), audit_write (AuditChannel interface), get_audit_selectors, and set_audit_selectors (AuditPolicy interface).

Use the following structure:

struct AuditEventTypeSelectors (
  Security::EventType            event;
  Security::SelectorValueList    selectors;
  Security::AuditCombinator      audit_combinator;
);

A.4 SecurityFeatureValueList

The SecurityFeatureValueList structure is used in the operation Credentials::get_security_features.

Use the following structure:

struct SecurityFeatureValue {
  SecurityFeature feature;
  boolean value;
);

A.5 SelectorValueList

The SelectorValueList structure is used in the operations audit_needed (AuditDecision interface), audit_write (AuditChannel interface), and set_audit_selectors (AuditPolicy interface).

Use the following structure:

struct SelectorValue {
  SelectorType selector;
  any value;
};

const SelectorType InterfaceRef = 1;
const SelectorType ObjectRef = 2;
const SelectorType Operation = 3;
const SelectorType Initiator = 4;
const SelectorType SuccessFailure = 5;
const SelectorType Time = 6;

[Previous] [Next] [Table of Contents] [Index]

To make comments or ask for help, contact support@gradient.com.

A — Data Structures

A.1 Attribute Type Descriptions

A.1.1 OMG Attribute Types

Table 1-1: Attribute Type Descriptions

A.1.2 Security Extension Attribute Types

Table 1-2: DCECredentialsId Attribute

A.2 AttributeTypeList

A.3 AuditEventType

A.4 SecurityFeatureValueList

A.5 SelectorValueList

Copyright © 1999 Gradient Technologies, Inc.