CIM Elements (RBA/SIM)
The following table describes the CIM elements used to implement the Role–Based Authorization/Simple Identity Management means for managing Intel AMT users.
|
Element Name |
Description |
Instance Creation** |
Cardinality |
|
Classes | |||
|
The information used to track identity and privileges associated with an account. |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 4..14 4 Pre-defined + 10 that can be created (Release 6.1): 5..15 5 Pre-defined + 10 that can be created (Release 7.0): 3..14 3 Pre-defined + 11 that can be created | |
|
Describes the capabilities supported for managing accounts associated with an instance of CIM_AccountManagementService |
Static |
1 | |
|
Creates, manages, and destroys accounts on behalf of other security services |
Static |
1 | |
|
Created by invoking CIM_AccountManagementService.CreateAccount |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 4..15 4 Pre-defined + 10 that can be created + 1 for KVM usage (not part of Role-Based Authorization) (Release 6.1): 5..16 5 Pre-defined + 10 that can be created + 1 for KVM usage (Release 7.0): 3..15 3 Pre-defined + 11 that can be created + 1 for KVM usage (Release 8.0): 3..17 3 Pre-defined + 11 that can be created + 1 for KVM usage + 1 for LAN Endpoint usage + 1 for Ethernet Port Wired usage | |
|
Represents a ManagedElement that acts as a security principal within the scope in which it is defined and authenticated. Created by invoking CIM_AccountManagementService.CreateAccount |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 4..14 4 Pre-defined + 10 that can be created (Release 6.1): 5..15 5 Pre-defined + 10 that can be created (Release 7.0): 3..14 3 Pre-defined + 11 that can be created | |
|
Represents the feature profiles supported by Intel AMT |
Static |
1 for each supported profile type
| |
|
The base class for all types of activities which are granted or denied by a Role or an Identity. Created by invoking CIM_AccountManagementService.CreateAccount or CIM_RemoteIdentity.Create |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 4..14 4 Pre-defined + 10 that can be created (Release 6.1): 5..15 5 Pre-defined + 10 that can be created (Release 7.0): 3..14 3 Pre-defined + 11 that can be created | |
|
Extends the capabilities of CIM_RoleBasedAuthorizationService and describes the format the privilege is represented |
Static |
1 | |
|
Represents a position or set of responsibilities within an organization. Created by invoking CIM_AccountManagementService.CreateAccount or CIM_RemoteIdentity.Create |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 4..14 4 Pre-defined + 10 that can be created (Release 6.1): 5..15 5 Pre-defined + 10 that can be created (Release 7.0): 3..14 3 Pre-defined + 11 that can be created | |
|
Represents the authorization service that manages and configures roles on a managed system. |
Static |
1 | |
|
Used to define ACL entries that use Kerberos authentication. Created by invoking CIM_RemoteIdentity.Create |
User |
0..32 | |
|
Associations | |||
|
Associates between the ManagedSystem instance of CIM_ComputerSystem and CIM_Account |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 4..14 4 Pre-defined + 10 that can be created (Release 6.1): 5..15 5 Pre-defined + 10 that can be created (Release 7.0): 3..14 3 Pre-defined + 11 that can be created | |
|
Associates between CIM_Identity and CIM_Account |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 4..14 4 Pre-defined + 10 that can be created (Release 6.1): 5..15 5 Pre-defined + 10 that can be created (Release 7.0): 3..14 3 Pre-defined + 11 that can be created | |
|
Associates between CIM_Account and CIM_EnabledLogicalElementCapabilities |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 2..16 2 for SIM and RBA services + 4 Pre-defined + 10 that can be created (Release 6.1): 7..17 2 for SIM and RBA Services + 5 Pre-defined + 10 that can be created (Release 7.0): 5..16 2 for SIM & RBA Services + 3 Pre-defined + 11 that can be created | |
|
Associates between CIM_Role and CIM_Privilege |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 8..28: 2 for each - 4 Pre-defined + 10 that can be created (Release 6.1): 10..30: 2 for each - 5 Pre-defined + 10 that can be created (Release 7.0): 6..28: 2 for each - 3 Pre-defined + 11 that can be created | |
|
Associates between the ManagedSystem instance of CIM_ComputerSystem and CIM_Role |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 4..14 4 Pre-defined + 10 that can be created (Release 6.1): 5..15 5 Pre-defined + 10 that can be created (Release 7.0): 3..14 3 Pre-defined + 11 that can be created | |
|
Digest: Associates between CIM_RoleBasedAuthorizationService and CIM_Role and between CIM_AccountManagementService and CIM_Identity Kerberos: Associates between CIM_AccountManagementService and CIM_RemoteIdentity |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 8..60: 2 for each digest user 4 Pre-defined + 10 that can be created, 1 for 0..32 Kerberos users (Release 6.1): 10..62: 2 for each digest user 5 Pre-defined + 10 that can be created, 1 for 0..32 Kerberos users (Release 7.0): 6..60: 2 for each digest user 3 Pre-defined + 11 that can be created, 1 for 0..32 Kerberos users | |
|
Digest: Associates between CIM_Role and CIM_Identity Kerberos: Associates between CIM_Role and CIM_RemoteIdentity |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 4..14 4 Pre-defined + 10 that can be created (Release 6.1): 5..15 5 Pre-defined + 10 that can be created (Release 7.0): 3..14 3 Pre-defined + 11 that can be created | |
|
Associates between the ManagedSystem instance of CIM_ComputerSystem and CIM_Role |
Static (Predefined users) Implicit (New users) |
(Release 6.0): 4..14 4 Pre-defined + 10 that can be created (Release 6.1): 5..15 5 Pre-defined + 10 that can be created (Release 7.0): 3..14 3 Pre-defined + 11 that can be created | |
|
* Multiple instances ** Instance Creation: • Implicit: Instances created implicitly by Intel AMT in response to a user CIM operation • Static: Instances created by Intel AMT on initialization • User: The class supports create/delete | |||
The following diagrams illustrate the CIM elements used in the Role–Based Authorization/Simple Identity Management feature.
Digest Diagram:
Kerberos Diagram:
|
Copyright © 2006-2012, Intel Corporation. All rights reserved. |