Policy\CIM_AcceptCredentialFrom.mof.mof (HTML version)

Return to index
CIM_AcceptCredentialFrom Superclass: CIM_Dependency
This association specifies that a credential management service (e.g., CertificateAuthority or Kerberos key distribution service) is to be trusted to certify credentials, presented at the packet level. The association defines an 'approved' CredentialManagementService that is used for validation.

The use of this class is best explained via an example:
If a CertificateAuthority is specified using this association, and a corresponding X509CredentialFilterEntry is also associated with a PacketFilterCondition (via the relationship, FilterOfPacketCondition), then the credential MUST match the FilterEntry data AND be certified by that CA (or one of the CredentialManagementServices in its trust hierarchy). Otherwise, the X509CredentialFilterEntry is deemed not to match. If a credential is certified by a CredentialManagementService associated with the PacketFilterCondition through the AcceptCredentialFrom relationship, but there is no corresponding CredentialFilterEntry, then all credentials from the related service are considered to match.
Qualifiers:Version ( "2.8" ) MappingStrings { "IPSP Policy Model.IETF|AcceptCredentialFrom" } UMLPackagePath ( "CIM::Policy" ) Association
Parameters (local in grey)
MappingStrings { "IPSP Policy " "Model.IETF|AcceptCredentialFrom.Dependent" }
Override ( "Dependent" )
CIM_PacketFilterCondition REF Dependent ;
The PacketFilterCondition that associates the CredentialManagementService and any FilterLists/FilterEntries.
MappingStrings { "IPSP Policy " "Model.IETF|AcceptCredentialFrom.Antecedent" }
Override ( "Antecedent" )
CIM_CredentialManagementService REF Antecedent ;
The CredentialManagementService that is issuing the credential to be matched in the PacketFilterCondition.