|SUMMARY: NESTED | FIELD | | METHOD|
|DETAIL: FIELD | METHOD|
An instance of an Identity represents a ManagedElement that acts as a security principal within the scope in which it is defined and authenticated. (Note that the Identity's scope is specified using the association, CIM_IdentityContext.) ManagedElements with Identities can be OrganizationalEntities, Services, Systems, etc. The ManagedElement 'behind' an Identity is described using the AssignedIdentity association.
Within a given security context, an Identity may be imparted a level of trust, usually based on its credentials. A trust level is defined using the CIM_SecuritySensitivity class, and associated with Identity using CIM_ElementSecuritySensitivity. Whether an Identity is currently authenticated is evaluated by checking the CurrentlyAuthenticated boolean property. This property is set and cleared by the security infrastructure, and should only be readable within the management infrastructure. The conditions which must be met/authenticated in order for an Identity's CurrentlyAuthenticated Boolean to be TRUE are defined using a subclass of PolicyCondition - AuthenticationCondition. The inheritance tree for AuthenticationCondition is defined in the CIM Policy Model.
Subclasses of Identity may include specific information related to a given AuthenticationService or authority (such as a security token or computer hardware port/communication details) that more specifically determine the authenticity of the Identity. An instance of Identity may be persisted even though it is not CurrentlyAuthenticated, in order to maintain static relationships to Roles, associations to accounting information, and policy data defining authentication requirements. Note however, when an Identity is not authenticated (CurrentlyAuthenticated = FALSE), then Privileges or rights SHOULD NOT be authorized. The lifetime, validity, and propagation of the Identity is dependent on a security infrastructure's policies.
Product Specific Usage:
For every user in the system there is an instance of this class.
There are matching instances of CIM_Account, CIM_Role and CIM_Privilege (a 1:1:1:1 structure).
CIM_Identity and CIM_Account are associated by CIM_AssignedIdentity, CIM_Identity and CIM_Role by both CIM_MemberOfCollection and CIM_ConcreteDependency, and CIM_Role and CIM_Privilege by CIM_MemberOfCollection.
Kerberos users have an instance of CIM_RemoteIdentity (which inherits from CIM_Identity) instead.
|Supported Fields Summary|
A user-friendly name for the object . . .
Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class . . .
Gets the representation of the instance
Pulls instances of this class, following an Enumerate operation
Enumerates the instances of this class
Releases an enumeration context
public string ElementName
public string InstanceID
public Get([OUT]CIM_Identity Instance)
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
public Release([IN]String EnumerationContext)
|SUMMARY: NESTED | FIELD | METHOD|
|DETAIL: FIELD | METHOD|
Copyright © 2006-2022, Intel Corporation. All rights reserved.