// Copyright (c) 2008 DMTF. All rights reserved. [Version ( "2.19.0" ), UMLPackagePath ( "CIM::User::SecurityLevel" ), Description ( "An instance of this class defines a security label used to " "characterize the security clearance necessary to access " "information in a system that supports mandatory access " "controls. The labels have two components, one a hierarchical " "security level and the other a set of non-hierarchical " "security categories. \n" "\n" "Mandatory access control determines whether to allow certain " "actions, based on the following rules: - If the security level " "of a security principal is equal to or greater than the " "security level of an element, and the security categories the " "security principal include all of the security categories of " "the element, then the security principal may read from the " "element. - If the security label of a security principal is " "equal to or less than the security label of an element, and " "the security categories the element include all of the " "security categories of the security principal, then the " "security principal may write to the element.\n" "\n" "An element is assigned a security level via the association, " "ElementSecurityLevel. It can be assigned to any " "ManagedElement, such as Locations, Identities, Roles, Systems, " "Services and LogicalFiles. \n" "\n" "The clearance of a security principal, represented by an " "instance of Identity may be specified by associating an " "instance of this class via IdentitySecurityClearance.\n" "\n" "The set of security levels and categories are determined by a " "business, organization and/or government based on the need to " "protect data and entities from attack, loss, abuse or " "unauthorized disclosure, and the ramifications if this " "protection is not maintained." )] class CIM_SecuritySensitivity : CIM_ManagedElement { [Key, Override ( "InstanceID" ), Description ( "Within the scope of the instantiating Namespace, " "InstanceID opaquely and uniquely identifies an instance " "of this class. In order to ensure uniqueness within the " "NameSpace, the value of InstanceID SHOULD be constructed " "using the following \'preferred\' algorithm: \n" ": \n" "Where and are separated by a colon " "\':\', and where MUST include a copyrighted, " "trademarked or otherwise unique name that is owned by " "the business entity creating/defining the InstanceID, or " "is a registered ID that is assigned to the business " "entity by a recognized global authority. (This is " "similar to the _ structure of " "Schema class names.) In addition, to ensure uniqueness " " MUST NOT contain a colon (\':\'). When using " "this algorithm, the first colon to appear in InstanceID " "MUST appear between and . \n" " is chosen by the business entity and SHOULD " "not be re-used to identify different underlying " "(real-world) elements. If the above \'preferred\' " "algorithm is not used, the defining entity MUST assure " "that the resultant InstanceID is not re-used across any " "InstanceIDs produced by this or other providers for this " "instance\'s NameSpace. For DMTF defined instances, the " "\'preferred\' algorithm MUST be used with the " "set to \'CIM\'." )] string InstanceID; [Description ( "A string defining the security sensitivity level. Since " "individual organizations each may have their own " "classification systems, the value of this property " "should include sufficient information to assure that the " "value is unambiguous. The value of SecurityLevel should " "be constructed using the following \'preferred\' algorithm:\n" ":[:] \n" "Where and and " "are each separated by a colon \':\', and where " "MUST include a copyrighted, trademarked or otherwise " "unique name that is owned by the business or government " "entity creating/defining the classification scheme or is " "a registered ID that is assigned to the business or " "government entity by a recognized global authority. In " "addition, to ensure uniqueness both and " " MUST NOT contain a colon (\':\'). " "When using this algorithm, the first colon to appear in " "SecurityLevel MUST appear between and " " and the second colon to appear in " "SecurityLevel MUST appear between " "and . \n" " is chosen by the business or " "government entity and SHOULD not be re-used to identify " "classification schemes. Each classification scheme " "defines one or more LevelNames that are unique within " "the classification scheme. An organization may choose to " "not use a classification scheme. In that case, each " " must not contain a colon (\':\') and must be " "unique within the organization.\n" "Examples: \'Buffalo.edu:Public\', \'Buffalo.edu:Internal " "Use\', \'Buffalo.edu:Confidential\', " "\'Buffalo.edu:Restricted Confidential\', " "\'NSI:Confidential\', \'NSI:Secret\', and \'NSI: Top " "Secret\'" )] string SecurityLevel; [Experimental, Description ( "A string array that defines zero or more security " "categories. Examples are business categories such as: " "Finance, Engineering, Sales, Project X." )] string SecurityCategories[]; [Experimental, Description ( "Expiration date for this secutitysensitivity label. " "After this date and time, the clearance represented by " "this label of a security principal associated by " "IdentitySecurityClearance shall be revoked.\n" "After this date and time, the security sensitivity of an " "element associated by ElementSecuritySensitivity should " "be reevaluated.\n" "If set to NULL, then no expiration date is set, the " "infinite future default is used, which and implies no " "expiration date." )] datetime LabelExpiration = "99991231115959.999999-720"; };