Interface SecurityLevel2::Credentials

interface Credentials

This is the credentials object. This object has some problems right off in its semantic model and required a couple of modifications to be able to work properly within SecurityReplaceable. However, be warned, it has many other serious semantic problems pertaining to the whole security model and needs a good reworking. For the time being, they are still pretty close to the 1.3 version of the spec.



Attribute Index

accepting_options_required
This attribute is for examination and modification of the assocation options that these credentials require.
accepting_options_supported
This attribute is for examination and modification of the association options that these credentials support.
authentication_state
This readonly attribute specifies the authentication state of the Credentials object.
credentials_type
This attribute specifies the type of credentials.
invocation_options_required
This attribute is for examination an modification of the association options that these credentials use to establish invocation security contexts with a remote target.
invocation_options_supported
This attribute is for examination and modification of the invocation association options that these credentials support.
mechanism
This attribute names the type that this credential currently supports.

Operation Index

copy
Copies the credentials.
destroy
Destroys the credentials.
get_attributes
This operation retrieves an unordered set of SecAttributes that pertain to the particular mechanism and implementation of the Credentials.
get_security_feature
Get a security feature.
is_valid
This operation returns the validity of the credentials an output the expiry time of the credentials.
refresh
Refreshes the credentials.
set_attributes
This operation sets the set of all attributes of this Credentials object.
set_privileges
This method has been deprecated.

Attributes

accepting_options_required
attribute Security::AssociationOptions accepting_options_required;

This attribute is for examination and modification of the assocation options that these credentials require. They cannot be set to something more than the accepting_options_supported. These options are the options that get stored in the "target_requires" part of the security component for the crendentials mechanism in the IOR. This attribute generally applies to the Own type credentials.


accepting_options_supported
attribute Security::AssociationOptions accepting_options_supported;

This attribute is for examination and modification of the association options that these credentials support. A CORBA::BAD_PARAM exception will be raised should an attempt to set this attribute to a set of options below or above the credentials capabilities.

These options are the options that get stored in the "target_supports" part of the security component for the mechanism in the IOR. This attribute generally applies to the Own type credentials.


authentication_state
readonly attribute Security::AuthenticationStatus authentication_state;

This readonly attribute specifies the authentication state of the Credentials object. For Credentials that are created by the PrincipalAuthenticator this attribute tells whether the Credentials are partially initialized.


credentials_type
readonly attribute Security::CredentialsType credentials_type;

This attribute specifies the type of credentials. The possible values are Own or Received, depending on whether they were created with the Principal Authenticator or were received while servicing an invocation.


invocation_options_required
attribute Security::AssociationOptions invocation_options_required;

This attribute is for examination an modification of the association options that these credentials use to establish invocation security contexts with a remote target. A CORBA::BAD_PARAM exception will be raised if they are set to a value beyond the credential's capabilities.


invocation_options_supported
attribute Security::AssociationOptions invocation_options_supported;

This attribute is for examination and modification of the invocation association options that these credentials support. A CORBA::BAD_PARAM exception will be raised should an attempt to set this attribute to a set of options below or above the credentials capabilities.


mechanism
readonly attribute Security::MechanismType mechanism;

This attribute names the type that this credential currently supports. With the supplied Kerberos Vault in Orbasec this means that the value of mechanism is "Kerberos,11".



Operations

copy
Credentials copy();

Copies the credentials. This operation is not meant to be directly called by the application, as the ORB should be using this call to do its own credentials management, being that Credentials objects are created from within SecurityReplaceable. (Well, at least now they are).


destroy
void destroy();

Destroys the credentials. This operation is not meant to be directly caled by the application, as the ORB shoud be using this call to do its own credentials management.

Note: If the appliciation wanted to "destroy" some credentails the proper terminology should invoke a revocation process, such as "revoke", or something along those lines.


get_attributes
Security::AttributeList get_attributes(in Security::AttributeTypeList attributes);

This operation retrieves an unordered set of SecAttributes that pertain to the particular mechanism and implementation of the Credentials. See the particular mechanism documentation for a specification of the values of security attributes.


get_security_feature
boolean get_security_feature(in Security::CommunicationDirection direction,
                             in Security::SecurityFeature feature);

Get a security feature. This method is used to get a on/off value for a particular security feature that this credentials object supports.


is_valid
boolean is_valid(out Security::UtcT expiry_time);

This operation returns the validity of the credentials an output the expiry time of the credentials.


refresh
boolean refresh(in Security::Opaque refresh_data);

Refreshes the credentials. Note that this may or may not be a viable operation depending on the mechanism and type of credentials, Own or Received.


set_attributes
boolean set_attributes(in Security::AttributeList requested_privileges,
                       out Security::AttributeList actual_privileges);

This operation sets the set of all attributes of this Credentials object. It must be a subset of all the attributes. If it is not, it raises a system exception. However, sometimes a mechanism may not allow you to eliminate some attributes. If this is the case, this operation will return false, and the actual_attributes parameter will return the list of all the attributes that are still exist.


set_privileges
boolean set_privileges(in boolean force_commit,
                       in Security::AttributeList requested_privileges,
                       out Security::AttributeList actual_privileges);

This method has been deprecated.



Generated by the ORBacus IDL-to-HTML translator (non-commercial)