SUMMARY: NESTED | FIELD | | METHOD
DETAIL: FIELD | METHOD

Class CIM_Identity

Used in features: Simple Identity , Role Based
Compatible with the following Intel AMT Releases: 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0 
CIM_ManagedElement
   extended by CIM_Identity
Known Subclasses:
CIM_RemoteIdentity 
class CIM_Identity
 extends CIM_ManagedElement


General Information:
An instance of an Identity represents a 
ManagedElement that acts as a security principal within the scope in which it is 
defined and authenticated. (Note that the Identity's scope is specified using 
the association, CIM_IdentityContext.) ManagedElements with Identities can be 
OrganizationalEntities, Services, Systems, etc. The ManagedElement 'behind' an 
Identity is described using the AssignedIdentity association. 

Within a 
given security context, an Identity may be imparted a level of trust, usually 
based on its credentials. A trust level is defined using the 
CIM_SecuritySensitivity class, and associated with Identity using 
CIM_ElementSecuritySensitivity. Whether an Identity is currently authenticated 
is evaluated by checking the CurrentlyAuthenticated boolean property. This 
property is set and cleared by the security infrastructure, and should only be 
readable within the management infrastructure. The conditions which must be 
met/authenticated in order for an Identity's CurrentlyAuthenticated Boolean to 
be TRUE are defined using a subclass of PolicyCondition - 
AuthenticationCondition. The inheritance tree for AuthenticationCondition is 
defined in the CIM Policy Model. 

Subclasses of Identity may include 
specific information related to a given AuthenticationService or authority (such 
as a security token or computer hardware port/communication details) that more 
specifically determine the authenticity of the Identity. An instance of Identity 
may be persisted even though it is not CurrentlyAuthenticated, in order to 
maintain static relationships to Roles, associations to accounting information, 
and policy data defining authentication requirements. Note however, when an 
Identity is not authenticated (CurrentlyAuthenticated = FALSE), then Privileges 
or rights SHOULD NOT be authorized. The lifetime, validity, and propagation of 
the Identity is dependent on a security infrastructure's 
policies.

Product Specific Usage:
For every user in the system 
there is an instance of this class. 
There are matching instances of 
CIM_Account, CIM_Role and CIM_Privilege (a 1:1:1:1 structure). 
CIM_Identity 
and CIM_Account are associated by CIM_AssignedIdentity, CIM_Identity and 
CIM_Role by both CIM_MemberOfCollection and CIM_ConcreteDependency, and CIM_Role 
and CIM_Privilege by CIM_MemberOfCollection. 

Kerberos users have an 
instance of CIM_RemoteIdentity (which inherits from CIM_Identity) 
instead.

Qualifiers:
-------------
Version=2.19.0
UMLPackagePath=CIM::User::Identity









  
  

    Supported Fields 
      Summary

  

     string 
      
    ElementName 
A 
      user-friendly name for the object . . .

  

     string 
      
    InstanceID Key  
Within the scope of the instantiating Namespace, 
      InstanceID opaquely and uniquely identifies an instance of this class . . 
      .




  
  

    Methods Summary

  

     
    Get(Instance) 
Gets the 
      representation of the instance

  

     
    Pull(EnumerationContext, 
      MaxElements) 
Pulls instances of this class, following an 
      Enumerate operation

  

     
    Enumerate() 
      
Enumerates the instances of this class

  

     
    Release(EnumerationContext) 
      
Releases an enumeration context




  
  

    Field 
Detail


ElementName 
public string ElementName



  
General Information:
A user-friendly name for the object. This 
  property allows each instance to define a user-friendly name in addition to 
  its key properties, identity data, and description information. 
Note that 
  the Name property of ManagedSystemElement is also defined as a user-friendly 
  name. But, it is often subclassed to be a Key. It is not reasonable that the 
  same property can convey both identity and a user-friendly name, without 
  inconsistencies. Where Name exists and is not a Key (such as for instances of 
  LogicalDevice), the same information can be present in both the Name and 
  ElementName properties. Note that if there is an associated instance of 
  CIM_EnabledLogicalElementCapabilities, restrictions on this properties may 
  exist as defined in ElementNameMask and MaxElementNameLen properties defined 
  in that class.

Product Specific Usage:
Additional Notes: 
  
1) 'Max Length' qualifier in Intel AMT Release 3.2 and earlier releases is 
  '76'.

Qualifiers:
-------------
MaxLen=36


  

  





InstanceID Key 
public string InstanceID



  
General Information:
Within the scope of the instantiating 
  Namespace, InstanceID opaquely and uniquely identifies an instance of this 
  class. In order to ensure uniqueness within the NameSpace, the value of 
  InstanceID SHOULD be constructed using the following 'preferred' algorithm: 
  
<OrgID>:<LocalID> 
Where <OrgID> and <LocalID> 
  are separated by a colon ':', and where <OrgID> MUST include a 
  copyrighted, trademarked or otherwise unique name that is owned by the 
  business entity creating/defining the InstanceID, or is a registered ID that 
  is assigned to the business entity by a recognized global authority. (This is 
  similar to the <Schema Name>_<Class Name> structure of Schema 
  class names.) In addition, to ensure uniqueness <OrgID> MUST NOT contain 
  a colon (':'). When using this algorithm, the first colon to appear in 
  InstanceID MUST appear between <OrgID> and <LocalID>. 
  
<LocalID> is chosen by the business entity and SHOULD not be re-used 
  to identify different underlying (real-world) elements. If the above 
  'preferred' algorithm is not used, the defining entity MUST assure that the 
  resultant InstanceID is not re-used across any InstanceIDs produced by this or 
  other providers for this instance's NameSpace. 
For DMTF defined instances, 
  the 'preferred' algorithm MUST be used with the <OrgID> set to 
  'CIM'.

Product Specific Usage:
In Intel AMT Release 6.0 and 
  later releases value is 'Intel(r) 
  AMT:<userID>'

Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=76


  

  






  
  

    Method 
Detail


Get
public  Get([OUT]CIM_Identity Instance)



  
Permission Information:
This method is accessible from any 
  realm

General Information:
Gets the representation of the 
  instance

Product Specific Usage:
Only system with 
  ADMIN_SECURITY_ADMINISTRATION_REALM or the user of this CIM_Identity can see 
  the CIM_Identity instance. Otherwise - the access is denied.





Pull
public  Pull([IN]String EnumerationContext, [IN]String MaxElements)



  
Permission Information:
All users permitted to use method, only 
  instances to whom the user has permissions will be returned

General 
  Information:
Pulls instances of this class, following an Enumerate 
  operation





Enumerate
public  Enumerate()



  
Permission Information:
All users permitted to use 
  method

General Information:
Enumerates the instances of this 
  class





Release
public  Release([IN]String EnumerationContext)



  
Permission Information:
All users permitted to use 
  method

General Information:
Releases an enumeration 
  context






  
  

    SUMMARY: NESTED | FIELD | METHOD
  

  

    DETAIL: FIELD | METHOD



  
  

    
      
Copyright © 2006-2022, Intel 
      Corporation. All rights 
reserved.