-- IDL module extracted from ITU-T Q Suppl. 28 (12/1999)
// File SPFEEProviderInitial.idl
#ifndef spfeeproviderinitial_idl
#define spfeeproviderinitial_idl
#include "SPFEECommonTypes.idl"
#include "SPFEEAccessCommonTypes.idl"
module SPFEEProviderInitial {
enum t_AuthenticationStatus {
SecAuthSuccess,
SecAuthFailure,
SecAuthContinue,
SecAuthExpired
};
typedef unsigned long t_AuthMethod;
typedef SPFEECommonTypes::t_PropertyList t_AuthMethodProperties;
typedef SPFEECommonTypes::t_MatchProperties t_AuthMethodSearchProperties;
struct t_AuthMethodDesc {
t_AuthMethod method;
t_AuthMethodProperties properties;
};
typedef sequence<t_AuthMethodDesc> t_AuthMethodDescList;
exception e_AuthMethodNotSupported {
// removed t_AuthMethodDescList authMethods;
};
exception e_AccessNotPossible {
};
exception e_AuthenticationError {
SPFEECommonTypes::Istring sIOR;
};
exception e_AuthMethodPropertiesError {
SPFEECommonTypes::t_PropertyErrorStruct propertyError;
};
interface i_ProviderInitial {
// behaviour
// behaviourText
// " A reference to an interface of this type is returned to the PA
// when it has authenticated (or requires no authentication)
// to obtain specific userAgent interfaces.";
// usage
// "to obtain a userAgent reference according to the business
// needs of the consumer";
// requestNamedAccess() types
// Operation 'requestNamedAccess()'
// Used when the user is known to the provider and has already been
// authenticated, either by DPE security or by authenticate()
// input:
// userId: (user name identifying requested user agent.)
// user_name="anonymous" for anonymous access.
// user_name may be an empty string, if the provider is
// using userProperties to identify the user.
// userProperties: PropertyList which can be used to send
// additional provider specific user privilege
// information. This is generic, and can be used to send
// any type of info to the provider
// output:
// i_nameduaAccess: return: Interface reference of the UserAgent.
// accessSessionId: Identifies the access session the operation is
// associated with. Must be supplied in all subsequent
// operations with the InitialAgent and UserAgent.
void requestNamedAccess (
in SPFEECommonTypes::t_UserId userId,
in SPFEECommonTypes::t_UserProperties userProperties,
out Object namedAccessIR, // type: i_ProviderNamedAccess
out SPFEEAccessCommonTypes::t_AccessSessionSecretId asSecretId,
out SPFEEAccessCommonTypes::t_AccessSessionId asId
) raises (
e_AccessNotPossible,
e_AuthenticationError,
SPFEEAccessCommonTypes::e_UserPropertiesError
);
// Operation 'requestAnonymousAccess()'
// Used when the user wants to access anonymously to the provider.
// A secure session may already be established by DPE security or by
// authenticate() (the laater does not mean the user is known to the
// provider if a third party authentication protocol is used.)
// input:
// userProperties: may be a null list
// output: as request_access
void requestAnonymousAccess (
in SPFEECommonTypes::t_UserProperties userProperties,
out Object anonAccessIR, // type: i_ProviderAnonAccess
out SPFEEAccessCommonTypes::t_AccessSessionSecretId asSecretId,
out SPFEEAccessCommonTypes::t_AccessSessionId asId
) raises (
e_AccessNotPossible,
e_AuthenticationError,
SPFEEAccessCommonTypes::e_UserPropertiesError
);
}; // i_ProviderInitial
interface i_ProviderAuthenticate {
// behaviour
// behaviourText
// " A reference to an interface of this type is returned to the PA
// when it wishes to choose this route to authenticate
// itself/mutually to the provider. ";
// usage
// "to agree authentication options supported, acquire
// privelege attributes for the consumer and establish
// an access session between the consumer and the provider";
// getAuthenticationMethods() types
typedef sequence<octet> t_opaque;
//Operations 'getAuthenticationMethods ()'
//input:
// property list used to filter output
//output:
// list of available authentication configurations
void getAuthenticationMethods (
in t_AuthMethodSearchProperties desiredProperties,
out t_AuthMethodDescList authMethods
) raises (
e_AuthMethodPropertiesError,
SPFEECommonTypes::e_ListError
);
// Operation 'authenticate()'
// Used to authenticate a consumer attempting to gain access to a
// user agent. invocation is a prerequsite to establishing client /
// side credentails for establishing secure bindings unless
// an alternative route is used
//input:
// Method: used to identify the authentication method proposed by
// the client, reflects the composition and generation
// method of other opaque data
// securityName: name assumed by consumer for authentication. may be
// null accroding to the authentication method used.
// authenData: opaque data containing consumer attributes to be
// authenticated
// privAttribReq: opaque specification of the privileges requested
// by the consumer to create credential for subsequent
// interactions.
//output:
// privAttrib: privilege attributes returned in response to request.
// continuationData: contains challenge data for the client if the
// authentication method requires continuation of the
// protocol
// authSpecificData: data specific to the authentication service
// used.
// raises:
// e_AuthMethodNotSupported: when the authentication mechanism used
// by client is not supported by i_iaAuthenticate
void authenticate(
in t_AuthMethod authMethod,
in string securityName,
in t_opaque authenData,
in t_opaque privAttribReq,
out t_opaque privAttrib,
out t_opaque continuationData,
out t_opaque authSpecificData,
out t_AuthenticationStatus authStatus
) raises (
e_AuthMethodNotSupported
);
// Operation continue_authentication ()'
// To complete an authentication protocol initiated by authenticate.
// used for second and subsequent continuations.
// input:
// responseData: response from the client to the continuationData
// output from the to authenticate() or previous calls to
// continue_authenticate()
// output:
// continuation_data
// as per authenticate, if continuation is necessary.
// credential_data:
// as per authenticate, initialiation values or extra
// items.
void continueAuthentication(
in t_opaque responseData,
out t_opaque privAttrib,
out t_opaque continuationData,
out t_opaque authSpecificData,
out t_AuthenticationStatus authStatus
);
}; // i_ProviderAuthenticate
};
#endif