Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 3060

Policy Core Information Model -- Version 1 Specification

Pages: 100
Proposed Standard
Updated by:  3460
Part 5 of 5 – Pages 65 to 100
First   Prev   None

Top   ToC   RFC3060 - Page 65   prevText

13. Appendix A: Class Identification in a Native CIM Implementation

While the CommonName property is present in the abstract superclass Policy, and is thus available in all of its instantiable subclasses, CIM does not use this property for naming instances. The following subsections discuss how naming is handled in a native CIM implementation for each of the instantiable classes in the Policy Core Information Model. Two things should be noted regarding CIM naming: o When a CIM association is specified as "weak", this is a statement about naming scopes: an instance of the class at the weak end of the association is named within the scope of an instance of the class at the other end of the association. This is accomplished by propagation of keys from the instance of the scoping class to the instance of the weak class. Thus the weak class has, via key propagation, all the keys from the scoping class, and it also has one or more additional keys for distinguishing instances of the weak class, within the context of the scoping class. o All class names in CIM are limited to alphabetic and numeric characters plus the underscore, with the restriction that the first character cannot be numeric. Refer to Appendix F "Unicode Usage" in reference [2] for an exact specification of how CIM class names are encoded in CIM strings.

13.1. Naming Instances of PolicyGroup and PolicyRule

A policy group always exists in the context of a system. In the Policy Core Information Model, this is captured by the weak aggregation PolicyGroupInSystem between a PolicyGroup and a System. Note that System serves as the base class for describing network devices and administrative domains. A policy rule also exists in the context of a system. In the Policy Core Information Model, this is captured by the weak association PolicyRuleInSystem between a PolicyRule and a System. The following sections define the CIM keys for PolicyGroup and PolicyRule.

13.1.1. PolicyGroup's CIM Keys

The CIM keys of the PolicyGroup class are: o SystemCreationClassName (A CIM_System key, propagated due to the weak association, PolicyGroupInSystem)
Top   ToC   RFC3060 - Page 66
   o  SystemName (A CIM_System key, propagated due to  the weak
      association, PolicyGroupInSystem)
   o  CreationClassName
   o  PolicyGroupName

   They are defined in Reference [1] as follows:

   NAME             SystemCreationClassName
   DESCRIPTION      SystemCreationClassName represents the class name of
                    the CIM System object providing the naming scope for
                    the instance of PolicyGroup.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

   NAME             SystemName
   DESCRIPTION      SystemName represent the individual name of the
                    particular System object, providing the naming scope
                    for the instance of PolicyGroup.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

   NAME             CreationClassName
   DESCRIPTION      This property is set to "CIM_PolicyGroup", if the
                    PolicyGroup object is directly instantiated.  Or, it
                    is equal to the class name of the PolicyGroup
                    subclass that is instantiated.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

   NAME             PolicyGroupName
   DESCRIPTION      The identifying name of this policy group.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

13.1.2. PolicyRule's CIM Keys

The CIM keys of the PolicyRule class are: o SystemCreationClassName (A CIM_System key, propagated due to the weak association PolicyRuleInSystem) o SystemName (A CIM_System key, propagated due to the weak association PolicyRuleInSystem) o CreationClassName o PolicyRuleName SystemCreationClassName and SystemName work the same as defined for the class PolicyGroup. See Section 13.1.1 for details.
Top   ToC   RFC3060 - Page 67
   The other two properties are defined in Reference [1] as follows:

      NAME             CreationClassName
      DESCRIPTION      This property is set to "CIM_PolicyRule", if the
                       PolicyRule object is directly instantiated.  Or,
                       it is equal to the class name of the PolicyRule
                       subclass that is instantiated.
      SYNTAX           string [MaxLen 256]
      QUALIFIER        key

      NAME             PolicyRuleName
      DESCRIPTION      The identifying name of this policy rule.
      SYNTAX           string [MaxLen 256]
      QUALIFIER        key

13.2. Naming Instances of PolicyCondition and Its Subclasses

The CIM keys of the PolicyCondition class are: o SystemCreationClassName o SystemName o PolicyRuleCreationClassName o PolicyRuleName o CreationClassName o PolicyConditionName Note that none of the keys are defined as propagated, although they appear to fit this convention. The reason for this difference is because (as indicated in Sections 5.1 and 6.4) the PolicyCondition class is used to represent both reusable and rule-specific conditions. This, in turn, affects what associations are valid for an instance of PolicyCondition, and how that instance is named. In an ideal world, an instance of the PolicyCondition class would be scoped either by its PolicyRepository (for a reusable condition) or by its PolicyRule (for a rule-specific condition). However, CIM has the restriction that a given class can only be "weak" to one other class (i.e., defined by one weak association). To work within the restrictions of CIM naming, it is necessary to "simulate" weak associations between PolicyCondition and PolicyRule, and between PolicyCondition and PolicyRepository, through a technique we'll call manual key propagation. Strictly speaking, manual key propagation isn't key propagation at all. But it has the same effect as (true) key propagation, so the name fits.
Top   ToC   RFC3060 - Page 68
   Figure 9 illustrates how manual propagation works in the case of
   PolicyCondition.  (Note that only the key properties are shown for
   each of the classes.)  In the figure, the line composed of 'I's
   indicates class inheritance, the one composed of 'P's indicates
   (true) key propagation via the weak aggregation PolicyRuleInSystem,
   and the ones composed of 'M's indicate manual key propagation.

      +------------------+
      |      System      |
      +------------------+
      |CreationClassName |
      |Name              |
      +------------------+
                ^     P
                I     PPPPPPPPPPPPPPPPPPPPPPPPPPPP
                I                                P
      +------------------+       +---------------v--------------+
      |    AdminDomain   |       |         PolicyRule           |
      +------------------+       +------------------------------+
      |CreationClassName |       | System.CreationClassName     |
      |Name              |       | System.Name                  |
      +------------------+       | CreationClassName            |
                ^                | PolicyRuleName               |
                I                +------------------------------+
                I                         M
                I                         M
      +------------------+                M
      | PolicyRepository |                M
      +------------------+                M
      |CreationClassName |                M
      |Name              |                M
      +------------------+                M
                      M                   M
                      M                   M
                      M                   M
                 +----v-------------------v----+
                 |       PolicyCondition       |
                 +-----------------------------+
                 | SystemCreationClassName     |
                 | SystemName                  |
                 | PolicyRuleCreationClassName |
                 | PolicyRuleName              |
                 | CreationClassName           |
                 | PolicyConditionName         |
                 +-----------------------------+

      Figure 9. Manual Key Propagation for Naming PolicyConditions
Top   ToC   RFC3060 - Page 69
   Looking at Figure 9, we see that two key properties,
   CreationClassName and Name, are defined in the System class, and
   inherited by its subclasses AdminDomain and PolicyRepository.  Since
   PolicyRule is weak to System, these two keys are propagated to it; it
   also has its own keys CreationClassName and PolicyRuleName.

   A similar approach, though not automatic, is used in "manual key
   propagation".  Here is the approach for rule-specific and reusable
   PolicyConditions:

   o  The manual propagation of keys from PolicyRule to PolicyCondition
      involves copying the values of PolicyRule's four key properties
      into four similarly named key properties in PolicyCondition.  From
      the point of view of the CIM specification language, the property
      SystemName in PolicyCondition is a completely new key property.
      However, the relationship to the Name property in System is
      defined in the description of SystemName.

   o  The manual propagation of keys from PolicyRepository to
      PolicyCondition works in exactly the same way for the first two
      key properties.  However, since PolicyRepository doesn't include
      PolicyRule properties, the PolicyRuleCreationClassName and
      PolicyRuleName have no values.  A special value, "No Rule", is
      assigned to both of these properties in this case, indicating that
      this instance of PolicyCondition is not named within the scope of
      any particular policy rule.

   The following section defines the specific CIM keys for
   PolicyCondition.

13.2.1. PolicyCondition's CIM Keys

PolicyCondition's key properties are defined in Reference [1] as follows: NAME SystemCreationClassName DESCRIPTION SystemCreationClassName represents the class name of the CIM System object providing the naming scope for the instance of PolicyCondition. For a rule-specific policy condition, this is the type of system (e.g., the name of the class that created this instance) in whose context the policy rule is defined. For a reusable policy condition, this is set to "CIM_PolicyRepository", if the PolicyRepository object is directly instantiated. Or, it is equal to the class name of the PolicyRepository subclass that is instantiated. SYNTAX string [MaxLen 256]
Top   ToC   RFC3060 - Page 70
   QUALIFIER        key

   NAME             SystemName
   DESCRIPTION      The name of the System object in whose scope this
                    policy condition is defined.  This property
                    completes the identification of the System object.
                    For a rule-specific policy condition, this is the
                    name of the instance of the system in whose
                    context the policy rule is defined.  For a
                    reusable policy condition, this is name of the
                    instance of PolicyRepository that holds the policy
                    condition.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

   NAME             PolicyRuleCreationClassName
   DESCRIPTION      For a rule-specific policy condition, this
                    property identifies the class name of the policy
                    rule instance, in whose scope this instance of
                    PolicyCondition exists.  For a reusable policy
                    condition, this property is set to a special
                    value, "No Rule", indicating that this instance
                    of PolicyCondition is not unique to one policy
                    rule.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

   NAME             PolicyRuleName
   DESCRIPTION      For a rule-specific policy condition,
                    PolicyRuleName completes the identification of
                    the PolicyRule object with which this condition
                    is associated.  For a reusable policy condition,
                    a special value, "No Rule", is used to indicate
                    that this condition is reusable.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

   NAME             CreationClassName
   DESCRIPTION      The class name of the PolicyCondition subclass
                    that is instantiated.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

   NAME             PolicyConditionName
   DESCRIPTION      The identifying name of this policy condition.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key
Top   ToC   RFC3060 - Page 71

13.3. Naming Instances of PolicyAction and Its Subclasses

From the point of view of naming, the PolicyAction class and its subclasses work exactly like the PolicyCondition class and its subclasses. See Section 13.2 and 13.2.1 for details. Specifically, the CIM keys of PolicyAction are: o SystemCreationClassName o SystemName o PolicyRuleCreationClassName o PolicyRuleName o CreationClassName o PolicyActionName They are defined in Reference [1] as follows: NAME SystemCreationClassName DESCRIPTION SystemCreationClassName represents the class name of the CIM System object providing the naming scope for the instance of PolicyAction. For a rule-specific policy action, this is the type of system (e.g., the name of the class that created this instance) in whose context the policy rule is defined. For a reusable policy action, this is set to "CIM_PolicyRepository", if the PolicyRepository object is directly instantiated. Or, it is equal to the class name of the PolicyRepository subclass that is instantiated. SYNTAX string [MaxLen 256] QUALIFIER key NAME SystemName DESCRIPTION The name of the System object in whose scope this policy action is defined. This property completes the identification of the System object. For a rule-specific policy action, this is the name of the instance of the system in whose context the policy rule is defined. For a reusable policy action, this is name of the instance of PolicyRepository that holds the policy action. SYNTAX string [MaxLen 256] QUALIFIER key NAME PolicyRuleCreationClassName DESCRIPTION For a rule-specific policy action, this property identifies the class name of the policy rule instance, in whose scope this instance of
Top   ToC   RFC3060 - Page 72
                    PolicyAction exists.  For a reusable policy
                    action, this property is set to a special value,
                    "No Rule", indicating that this instance of
                    PolicyAction is not unique to one policy rule.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

   NAME             PolicyRuleName
   DESCRIPTION      For a rule-specific policy action, PolicyRuleName
                    completes the identification of the PolicyRule
                    object with which this action is associated.  For
                    a reusable policy action, a special value, "No
                    Rule", is used to indicate that this action is
                    reusable.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

   NAME             CreationClassName
   DESCRIPTION      The class name of the PolicyAction subclass that is
                    instantiated.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

   NAME             PolicyActionName
   DESCRIPTION      The identifying name of this policy action.
   SYNTAX           string [MaxLen 256]
   QUALIFIER        key

13.4. Naming Instances of PolicyRepository

An instance of PolicyRepository is named by the two key properties CreationClassName and Name that it inherits from its superclass AdminDomain. These properties are actually defined in AdminDomain's superclass, System, and then inherited by AdminDomain. For instances of PolicyRepository itself, the value of CreationClassName must be "CIM_PolicyRepository". (Recall that for readability the prefix "CIM_" has been omitted from all class names in this document). If a subclass of PolicyRepository (perhaps QosPolicyRepository) is defined and instantiated, then the class name "CIM_QosPolicyRepository" is used in CreationClassName. The Name property simply completes the identification of the instance of PolicyRepository.
Top   ToC   RFC3060 - Page 73

13.5. Role of the CreationClassName Property in Naming

To provide for more flexibility in instance naming, CIM makes use of a property called CreationClassName. The idea of CreationClassName is to provide another dimension that can be used to avoid naming collisions, in the specific case of instances belonging to two different subclasses of a common superclass. An example will illustrate how CreationClassName works. Suppose we have instances of two different subclasses of PolicyCondition, FrameRelayPolicyCondition and BgpPolicyCondition, and that these instances apply to the same context. If we had only the single key property PolicyConditionName available for distinguishing the two instances, then a collision would result from naming both of the instances with the key value PCName = "PC-1". Thus policy administrators from widely different disciplines would have to coordinate their naming of PolicyConditions for this context. With CreationClassName, collisions of this type can be eliminated, without requiring coordination among the policy administrators. The two instances can be distinguished by giving their CreationClassNames different values. One instance is now identified with the two keys CreationClassName = "FrameRelayPolicyCondition" + PCName = "PC-1", while the other is identified with CreationClassName = "BgpPolicyCondition" + PCName = "PC-1". Each of the instantiable classes in the Core Model includes the CreationClassName property as a key in addition to its own class- specific key property.

13.6. Object References

Today, all CIM associations involve two object references. CIM decomposes an object reference into two parts: a high-order part that identifies an object manager and namespace, and a model path that identifies an object instance within a namespace. The model path, in turn, can be decomposed into an object class identifier and a set of key values needed to identify an instance of that class. Because the object class identifier is part of the model path, a CIM object reference is strongly typed. The GroupComponent object reference in the PolicyGroupInPolicyGroup association, for example, can only point to an instance of PolicyGroup, or to an instance of a
Top   ToC   RFC3060 - Page 74
   subclass of PolicyGroup.  Contrast this with LDAP, where a DN pointer
   is completely untyped:  it identifies (by DN) an entry, but places no
   restriction on that entry's object class(es).

   An important difference between CIM property definitions and LDAP
   attribute type definitions was identified earlier in Section 6:
   while an LDAP attribute type definition has global scope, a CIM
   property definition applies only to the class in which it is defined.
   Thus properties having the same name in two different classes are
   free to have different data types.  CIM takes advantage of this
   flexibility by allowing the data type of an object reference to be
   overridden in a subclass of the association class in which it was
   initially defined.

   For example, the object reference GroupComponent is defined in the
   abstract aggregation class PolicyComponent to be a reference to an
   instance of the class Policy.  This data type for GroupComponent is
   then overridden in subclasses of PolicyComponent.  In
   PolicyGroupInPolicyGroup, for example, GroupComponent becomes a
   reference to an instance of PolicyGroup.  But in
   PolicyConditionInPolicyRule it becomes a reference to an instance of
   PolicyRule.  Of course there is not total freedom in this overriding
   of object references.  In order to remain consistent with its
   abstract superclass, a subclass of PolicyComponent can only override
   GroupComponent to be a reference to a subclass of Policy.  A Policy
   class is the generic context for the GroupComponent reference in
   PolicyComponent.
Top   ToC   RFC3060 - Page 75

14. Appendix B: The Core Policy MOF

// ================================================================== // Title: Core Policy MOF Specification 2.4 // Filename: CIM_Policy24.MOF // Version: 2.4 // Release: 0 // Description: The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // Date: 06/27/2000 // CIMCR516a - Rooted the model associations under Policy // Component or PolicyInSystem. Corrected PolicyCondition/ // PolicyActionInPolicyRepository to subclass from // PolicyInSystem (similar to Groups and Roles 'InSystem') // ================================================================== // Author: DMTF SLA (Service Level Agreement) Working Group // ================================================================== // Pragmas // ================================================================== #pragma Locale ("en-US") // ================================================================== // Policy // ================================================================== [Abstract, Description ( "An abstract class describing common properties of all " "policy rule-related subclasses, such as PolicyGroup, Policy" "Rule and PolicyCondition. All instances of policy rule-" "related entities will be created from subclasses of CIM_" "Policy. The exception to this statement is PolicyRepository " "which is a type of CIM_System.") ] class CIM_Policy : CIM_ManagedElement { [Description ( "A user-friendly name of this policy-related object.") ] string CommonName; [Description ( "An array of keywords for characterizing / categorizing " "policy objects. Keywords are of one of two types: \n" " o Keywords defined in this and other MOFs, or in DMTF " " white papers. These keywords provide a vendor-" " independent, installation-independent way of " " characterizing policy objects. \n" " o Installation-dependent keywords for characterizing "
Top   ToC   RFC3060 - Page 76
         "    policy objects.  Examples include 'Engineering', "
         "    'Billing', and 'Review in December 2000'.  \n"
         "This MOF defines the following keywords:  'UNKNOWN', "
         "'CONFIGURATION', 'USAGE', 'SECURITY', 'SERVICE', "
         "'MOTIVATIONAL', 'INSTALLATION', and 'EVENT'.  These "
         "concepts are self-explanatory and are further discussed "
         "in the SLA/Policy White Paper.  One additional keyword "
         "is defined: 'POLICY'.  The role of this keyword is to "
         "identify policy-related instances that may not be otherwise "
         "identifiable, in some implementations.  The keyword 'POLICY' "
         "is NOT mutually exclusive of the other keywords "
         "specified above.")
      ]
   string PolicyKeywords [];
};

// ==================================================================
//    PolicyComponent
// ==================================================================
   [Association, Abstract, Aggregation, Description (
         "CIM_PolicyComponent is a generic association used to "
         "establish 'part of' relationships between the subclasses of "
         "CIM_Policy.  For example, the PolicyConditionInPolicyRule "
         "association defines that PolicyConditions are part of a "
         "PolicyRule.")
   ]
class CIM_PolicyComponent
{
       [Aggregate, Key, Description (
         "The parent Policy in the association.")
       ]
    CIM_Policy REF GroupComponent;
       [Key, Description (
         "The child/part Policy in the association.")
       ]
    CIM_Policy REF PartComponent;
};

// ==================================================================
//    PolicyInSystem
// ==================================================================
   [Association, Abstract, Description (
         "  CIM_PolicyInSystem is a generic association used to "
         "establish dependency relationships between Policies and the "
         "Systems that host them.  These Systems may be ComputerSystems "
         "where Policies are 'running' or they may be Policy"
         "Repositories where Policies are stored.  This relationship "
         "is similar to the concept of CIM_Services being dependent "
Top   ToC   RFC3060 - Page 77
         "on CIM_Systems as defined by the HostedService "
         "association.  \n"
         "  Cardinality is Max(1) for the Antecedent/System "
         "reference since Policies can only be hosted in at most one "
         "System context.  Some subclasses of the association will "
         "further refine this definition to make the Policies Weak "
         "to Systems.  Other subclasses of PolicyInSystem will "
         "define an optional hosting relationship.  Examples of each "
         "of these are the PolicyRuleInSystem and PolicyConditionIn"
         "PolicyRepository associations, respectively.")
   ]
class CIM_PolicyInSystem : CIM_Dependency
{
       [Override ("Antecedent"), Max (1), Description (
         "The hosting System.")
       ]
    CIM_System REF Antecedent;
       [Override ("Dependent"), Description (
         "The hosted Policy.")
       ]
    CIM_Policy REF Dependent;
};

// ==================================================================
// PolicyGroup
// ==================================================================
   [Description (
         "A container for either a set of related PolicyGroups "
         "or a set of related PolicyRules, but not both.  Policy"
         "Groups are defined and named relative to the CIM_System "
         "which provides their context.")
   ]
class CIM_PolicyGroup : CIM_Policy
{
      [Propagated("CIM_System.CreationClassName"),
         Key, MaxLen (256),
         Description ("The scoping System's CreationClassName.")
      ]
   string SystemCreationClassName;
      [Propagated("CIM_System.Name"),
         Key, MaxLen (256),
         Description ("The scoping System's Name.")
      ]
   string SystemName;
      [Key, MaxLen (256), Description (
         "CreationClassName indicates the name of the class or the "
         "subclass used in the creation of an instance.  When used "
         "with the other key properties of this class, this property "
Top   ToC   RFC3060 - Page 78
         "allows all instances of this class and its subclasses to "
         "be uniquely identified.") ]
   string CreationClassName;
      [Key, MaxLen (256), Description (
         "A user-friendly name of this PolicyGroup.")
      ]
   string PolicyGroupName;
};

// ==================================================================
//    PolicyGroupInPolicyGroup
// ==================================================================
   [Association, Aggregation, Description (
         "A relationship that aggregates one or more lower-level "
         "PolicyGroups into a higher-level Group.  A Policy"
         "Group may aggregate either PolicyRules or other Policy"
         "Groups, but not both.")
   ]
class CIM_PolicyGroupInPolicyGroup : CIM_PolicyComponent
{
        [Override ("GroupComponent"), Aggregate, Description (
         "A PolicyGroup that aggregates other Groups.")
        ]
    CIM_PolicyGroup REF GroupComponent;
        [Override ("PartComponent"), Description (
         "A PolicyGroup aggregated by another Group.")
        ]
    CIM_PolicyGroup REF PartComponent;
};

// ==================================================================
//    PolicyGroupInSystem
// ==================================================================
   [Association, Description (
         "An association that links a PolicyGroup to the System "
         "in whose scope the Group is defined.")
   ]
class CIM_PolicyGroupInSystem : CIM_PolicyInSystem
{
        [Override ("Antecedent"), Min(1), Max(1), Description (
         "The System in whose scope a PolicyGroup is defined.")
        ]
    CIM_System REF Antecedent;
        [Override ("Dependent"), Weak, Description (
         "A PolicyGroup named within the scope of a System.")
        ]
    CIM_PolicyGroup REF Dependent;
};
Top   ToC   RFC3060 - Page 79
// ==================================================================
// PolicyRule
// ==================================================================
   [Description (
        "  The central class for representing the 'If Condition then "
         "Action' semantics associated with a policy rule. "
         "A PolicyRule condition, in the most general sense, is "
         "represented as either an ORed set of ANDed conditions "
         "(Disjunctive Normal Form, or DNF) or an ANDed set of ORed "
         "conditions (Conjunctive Normal Form, or CNF). Individual "
         "conditions may either be negated (NOT C) or unnegated (C). "
         "The actions specified by a PolicyRule are to be performed "
         "if and only if the PolicyRule condition (whether it is "
         "represented in DNF or CNF) evaluates to TRUE.\n\n"
         "  "
         "The conditions and actions associated with a PolicyRule "
         "are modeled, respectively, with subclasses of Policy"
         "Condition and PolicyAction.  These condition and action "
         "objects are tied to instances of PolicyRule by the Policy"
         "ConditionInPolicyRule and PolicyActionInPolicyRule "
         "aggregations.\n\n"
         "  "
         "A PolicyRule may also be associated with one or more policy "
         "time periods, indicating the schedule according to which the "
         "policy rule is active and inactive.  In this case it is the "
         "PolicyRuleValidityPeriod aggregation that provides this "
         "linkage.\n\n"
         "  "
         "The PolicyRule class uses the property ConditionListType, to "
         "indicate whether the conditions for the rule are in DNF or "
         "CNF.  The PolicyConditionInPolicyRule aggregation contains "
         "two additional properties to complete the representation of "
         "the Rule's conditional expression.  The first of these "
         "properties is an integer to partition the referenced "
         "PolicyConditions into one or more groups, and the second is a "
         "Boolean to indicate whether a referenced Condition is "
         "negated.  An example shows how ConditionListType and these "
         "two additional properties provide a unique representation "
         "of a set of PolicyConditions in either DNF or CNF.\n\n"
         "  "
         "Suppose we have a PolicyRule that aggregates five "
         "PolicyConditions C1  through C5, with the following values "
         "in the properties of the five PolicyConditionInPolicyRule "
         "associations:\n"
         "    C1:  GroupNumber = 1, ConditionNegated = FALSE\n "
         "    C2:  GroupNumber = 1, ConditionNegated = TRUE\n  "
         "    C3:  GroupNumber = 1, ConditionNegated = FALSE\n "
         "    C4:  GroupNumber = 2, ConditionNegated = FALSE\n "
Top   ToC   RFC3060 - Page 80
         "    C5:  GroupNumber = 2, ConditionNegated = FALSE\n\n "
         "  "
         "If ConditionListType = DNF, then the overall condition for "
         "the PolicyRule is:\n"
         "        (C1 AND (NOT C2) AND C3) OR (C4 AND C5)\n\n"
         "  "
         "On the other hand, if ConditionListType = CNF, then the "
         "overall condition for the PolicyRule is:\n"
         "        (C1 OR (NOT C2) OR C3) AND (C4 OR C5)\n\n"
         "  "
         "In both cases, there is an unambiguous specification of "
         "the overall condition that is tested to determine whether "
         "to perform the PolicyActions associated with the PolicyRule.")
   ]
class CIM_PolicyRule : CIM_Policy
{
        [Propagated("CIM_System.CreationClassName"),
         Key, MaxLen (256),
         Description ("The scoping System's CreationClassName.")
        ]
    string SystemCreationClassName;
        [Propagated("CIM_System.Name"),
         Key, MaxLen (256),
         Description ("The scoping System's Name.")
        ]
    string SystemName;
        [Key, MaxLen (256), Description (
           "CreationClassName indicates the name of the class or the "
           "subclass used in the creation of an instance.  When used "
           "with the other key properties of this class, this property "
           "allows all instances of this class and its subclasses to "
           "be uniquely identified.") ]
    string CreationClassName;
        [Key, MaxLen (256), Description (
           "A user-friendly name of this PolicyRule.")
        ]
    string PolicyRuleName;
        [Description (
           "Indicates whether this PolicyRule is administratively "
           "enabled, administratively disabled, or enabled for "
           "debug.  When the property has the value 3 (\"enabledFor"
           "Debug\"), the entity evaluating the PolicyConditions is "
           "instructed to evaluate the conditions for the Rule, but not "
           "to perform the actions if the PolicyConditions evaluate to "
           "TRUE.  This serves as a debug vehicle when attempting to "
           "determine what policies would execute in a particular "
           "scenario, without taking any actions to change state "
           "during the debugging.  The default value is 1
Top   ToC   RFC3060 - Page 81
(\"enabled\")."),
         ValueMap { "1", "2", "3" },
         Values { "enabled", "disabled", "enabledForDebug" }
        ]
    uint16 Enabled;
        [Description (
           "Indicates whether the list of PolicyConditions "
           "associated with this PolicyRule is in disjunctive "
           "normal form (DNF) or conjunctive normal form (CNF)."
           "The default value is 1 (\"DNF\")."),
         ValueMap { "1", "2" },
         Values { "DNF", "CNF" }
        ]
    uint16 ConditionListType;
        [Description (
           "A free-form string that can be used to provide "
           "guidelines on how this PolicyRule should be used.")
        ]
    string RuleUsage;
        [Description (
           "A non-negative integer for prioritizing this Policy"
           "Rule relative to other Rules.  A larger value "
           "indicates a higher priority.  The default value is 0.")
        ]
    uint16 Priority;
        [Description (
           "A flag indicating that the evaluation of the Policy"
           "Conditions and execution of PolicyActions (if the "
           "Conditions evaluate to TRUE) is required.  The "
           "evaluation of a PolicyRule MUST be attempted if the "
           "Mandatory property value is TRUE.  If the Mandatory "
           "property is FALSE, then the evaluation of the Rule "
           "is 'best effort' and MAY be ignored.")
        ]
    boolean Mandatory;
        [Description (
           "This property gives a policy administrator a way "
           "of specifying how the ordering of the PolicyActions "
           "associated with this PolicyRule is to be interpreted. "
           "Three values are supported:\n"
           "  o mandatory(1): Do the actions in the indicated "
           "    order, or don't do them at all.\n"
           "  o recommended(2): Do the actions in the indicated "
           "    order if you can, but if you can't do them in this "
           "    order, do them in another order if you can.\n"
           "  o dontCare(3): Do them -- I don't care about the "
           "    order.\n"
           "The default value is 3 (\"dontCare\")."),
Top   ToC   RFC3060 - Page 82
         ValueMap { "1", "2", "3" },
         Values { "mandatory", "recommended", "dontCare" }
        ]
    uint16 SequencedActions;
        [Description (
         "This property represents the roles and role combinations "
         "associated with a PolicyRule.  Each value represents one "
         "role or role combination.  Since this is a multi-valued "
         "property, more than one role or combination can be associated "
         "with a single policy rule.  Each value is a string of the "
         "form:\n"
         "  <RoleName>[&&<RoleName>]*\n"
         "where the individual role names appear in alphabetical order "
         "(according to the collating sequence for UCS-2).")
        ]
    string PolicyRoles [];
};

// ==================================================================
//    PolicyRuleInPolicyGroup
// ==================================================================
   [Association, Aggregation, Description (
         "A relationship that aggregates one or more PolicyRules "
         "into a PolicyGroup.  A PolicyGroup may aggregate either "
         "PolicyRules or other PolicyGroups, but not both.")
   ]
class CIM_PolicyRuleInPolicyGroup : CIM_PolicyComponent
{
        [Override ("GroupComponent"), Aggregate, Description (
         "A PolicyGroup that aggregates one or more PolicyRules.")
        ]
    CIM_PolicyGroup REF GroupComponent;
        [Override ("PartComponent"), Description (
         "A PolicyRule aggregated by a PolicyGroup.")
        ]
    CIM_PolicyRule REF PartComponent;
};

// ==================================================================
//    PolicyRuleInSystem
// ==================================================================
   [Association, Description (
         "An association that links a PolicyRule to the System "
         "in whose scope the Rule is defined.")
   ]
class CIM_PolicyRuleInSystem : CIM_PolicyInSystem
{
        [Override ("Antecedent"), Min(1), Max(1), Description (
Top   ToC   RFC3060 - Page 83
         "The System in whose scope a PolicyRule is defined.")
        ]
    CIM_System REF Antecedent;
        [Override ("Dependent"), Weak, Description (
         "A PolicyRule named within the scope of a System.")
        ]
    CIM_PolicyRule REF Dependent;
};

// ==================================================================
// PolicyRepository
// ==================================================================
   [Description (
         "A class representing an administratively defined "
         "container for reusable policy-related information. "
         "This class does not introduce any additional "
         "properties beyond those in its superclass "
         "AdminDomain.  It does, however, participate in a "
         "number of unique associations."
         "\n\n"
         "An instance of this class uses the NameFormat value"
         "\"PolicyRepository\", which is defined in the AdminDomain"
         "class.")
   ]
class CIM_PolicyRepository : CIM_AdminDomain
{
};

// ==================================================================
//    PolicyRepositoryInPolicyRepository
// ==================================================================
   [Association, Aggregation, Description (
         "A relationship that aggregates one or more lower-level "
         "PolicyRepositories into a higher-level Repository.")
   ]
class CIM_PolicyRepositoryInPolicyRepository : CIM_SystemComponent
{
        [Override ("GroupComponent"), Aggregate, Description (
         "A PolicyRepository that aggregates other Repositories.")
        ]
    CIM_PolicyRepository REF GroupComponent;
        [Override ("PartComponent"), Description (
         "A PolicyRepository aggregated by another Repository.")
        ]
    CIM_PolicyRepository REF PartComponent;
};

// ==================================================================
Top   ToC   RFC3060 - Page 84
// PolicyCondition
// ==================================================================
   [Abstract, Description (
         "A class representing a rule-specific or reusable policy "
         "condition to be evaluated in conjunction with a Policy"
         "Rule.  Since all operational details of a PolicyCondition "
         "are provided in subclasses of this object, this class is "
         "abstract.")
   ]
class CIM_PolicyCondition : CIM_Policy
{
        [Key, MaxLen (256), Description (
          "  The name of the class or the subclass used in the "
          "creation of the System object in whose scope this "
          "PolicyCondition is defined.\n\n"
          "  "
          "This property helps to identify the System object in "
          "whose scope this instance of PolicyCondition exists. "
          "For a rule-specific PolicyCondition, this is the System "
          "in whose context the PolicyRule is defined.  For a "
          "reusable PolicyCondition, this is the instance of "
          "PolicyRepository (which is a subclass of System) that "
          "holds the Condition.\n\n"
          "  "
          "Note that this property, and the analogous property "
          "SystemName, do not represent propagated keys from an "
          "instance of the class System.  Instead, they are "
          "properties defined in the context of this class, which "
          "repeat the values from the instance of System to which "
          "this PolicyCondition is related, either directly via the "
          "PolicyConditionInPolicyRepository aggregation or indirectly "
          "via the PolicyConditionInPolicyRule aggregation.")
        ]
    string SystemCreationClassName;
        [Key, MaxLen (256), Description (
         "  The name of the System object in whose scope this "
         "PolicyCondition is defined.\n\n"
         "  "
         "This property completes the identification of the System "
         "object in whose scope this instance of PolicyCondition "
         "exists.  For a rule-specific PolicyCondition, this is the "
         "System in whose context the PolicyRule is defined.  For a "
         "reusable PolicyCondition, this is the instance of "
         "PolicyRepository (which is a subclass of System) that "
         "holds the Condition.")
        ]
    string SystemName;
        [Key, MaxLen (256), Description (
Top   ToC   RFC3060 - Page 85
         "For a rule-specific PolicyCondition, the "
         "CreationClassName of the PolicyRule object with which "
         "this Condition is associated.  For a reusable Policy"
         "Condition, a special value, 'NO RULE', should be used to "
         "indicate that this Condition is reusable and not "
         "associated with a single PolicyRule.")
        ]
    string PolicyRuleCreationClassName;
        [Key, MaxLen (256), Description (
         "For a rule-specific PolicyCondition, the name of "
         "the PolicyRule object with which this Condition is "
         "associated.  For a reusable PolicyCondition, a "
         "special value, 'NO RULE', should be used to indicate "
         "that this Condition is reusable and not associated "
         "with a single PolicyRule.")
        ]
    string PolicyRuleName;
        [Key, MaxLen (256), Description (
           "CreationClassName indicates the name of the class or the "
           "subclass used in the creation of an instance.  When used "
           "with the other key properties of this class, this property "
           "allows all instances of this class and its subclasses to "
           "be uniquely identified.") ]
    string CreationClassName;
        [Key, MaxLen (256), Description (
           "A user-friendly name of this PolicyCondition.")
        ]
    string PolicyConditionName;
};

// ==================================================================
//    PolicyConditionInPolicyRule
// ==================================================================
   [Association, Aggregation, Description (
        "  A PolicyRule aggregates zero or more instances of the "
        "PolicyCondition class, via the PolicyConditionInPolicyRule "
        "association.  A Rule that aggregates zero Conditions is not "
        "valid -- it may, however, be in the process of being entered "
        "into a PolicyRepository or being defined for a System.  Note "
        "that a PolicyRule should have no effect until it is valid.\n\n"
        "  "
        "The Conditions aggregated by a PolicyRule are grouped into "
        "two levels of lists: either an ORed set of ANDed sets of "
        "conditions (DNF, the default) or an ANDed set of ORed sets "
        "of conditions (CNF).  Individual PolicyConditions in these "
        "lists may be negated.  The property ConditionListType "
        "specifies which of these two grouping schemes applies to a "
        "particular PolicyRule.\n\n"
Top   ToC   RFC3060 - Page 86
        "  "
        "In either case, PolicyConditions are used to determine whether "
        "to perform the PolicyActions associated with the
PolicyRule.\n\n"
        "  "
        "One or more PolicyTimePeriodConditions may be among the "
        "conditions associated with a PolicyRule via the Policy"
        "ConditionInPolicyRule association.  In this case, the time "
        "periods are simply additional Conditions to be evaluated "
        "along with any others that are specified for the Rule. ")
   ]
class CIM_PolicyConditionInPolicyRule : CIM_PolicyComponent
{
        [Override ("GroupComponent"), Aggregate, Description (
         "This property represents the PolicyRule that "
         "contains one or more PolicyConditions.")
        ]
    CIM_PolicyRule REF GroupComponent;
        [Override ("PartComponent"), Description (
         "This property holds the name of a PolicyCondition "
         "contained by one or more PolicyRules.")
        ]
    CIM_PolicyCondition REF PartComponent;
        [Description (
         "Unsigned integer indicating the group to which the "
         "PolicyCondition identified by the ContainedCondition "
         "property belongs.  This integer segments the Conditions "
         "into the ANDed sets (when the ConditionListType is "
         "\"DNF\") or similarly the ORed sets (when the Condition"
         "ListType is \"CNF\") that are then evaluated.")
        ]
    uint16 GroupNumber;
        [Description (
         "Indication of whether the Condition identified by "
         "the ContainedCondition property is negated.  TRUE "
         "indicates that the PolicyCondition IS negated, FALSE "
         "indicates that it IS NOT negated.")
        ]
    boolean ConditionNegated;
};

// ==================================================================
//    PolicyConditionInPolicyRepository
// ==================================================================
   [Association, Description (
         "  A class representing the hosting of reusable "
         "PolicyConditions by a PolicyRepository.  A reusable Policy"
         "Condition is always related to a single PolicyRepository, "
Top   ToC   RFC3060 - Page 87
         "via this aggregation.\n\n"
         "  "
         "Note, that an instance of PolicyCondition can be either "
         "reusable or rule-specific.  When the Condition is rule-"
         "specific, it shall not be related to any "
         "PolicyRepository via the PolicyConditionInPolicyRepository "
         "aggregation.")
   ]
class CIM_PolicyConditionInPolicyRepository : CIM_PolicyInSystem
{
        [Override ("Antecedent"), Max(1), Description (
         "This property identifies a PolicyRepository "
         "hosting one or more PolicyConditions.  A reusable "
         "PolicyCondition is always related to exactly one "
         "PolicyRepository via the PolicyConditionInPolicyRepository "
         "aggregation.  The [0..1] cardinality for this property "
         "covers the two types of PolicyConditions:  0 for a "
         "rule-specific PolicyCondition, 1 for a reusable one.")
        ]
    CIM_PolicyRepository REF Antecedent;
        [Override ("Dependent"), Description (
         "This property holds the name of a PolicyCondition"
         "hosted in the PolicyRepository. ")
        ]
    CIM_PolicyCondition REF Dependent;
};

// ==================================================================
// PolicyTimePeriodCondition
// ==================================================================
   [Description (
         "  This class provides a means of representing the time "
         "periods during which a PolicyRule is valid, i.e., active. "
         "At all times that fall outside these time periods, the "
         "PolicyRule has no effect.  A Rule is treated as valid "
         "at ALL times, if it does not specify a "
         "PolicyTimePeriodCondition.\n\n"
         "  "
         "In some cases a Policy Consumer may need to perform "
         "certain setup / cleanup actions when a PolicyRule becomes "
         "active / inactive.  For example, sessions that were "
         "established while a Rule was active might need to "
         "be taken down when the Rule becomes inactive.  In other "
         "cases, however, such sessions might be left up.  In this "
         "case, the effect of deactivating the PolicyRule would "
         "just be to prevent the establishment of new sessions. \n\n"
         "  "
         "Setup / cleanup behaviors on validity period "
Top   ToC   RFC3060 - Page 88
         "transitions are not currently addressed by the Policy "
         "Model, and must be specified in 'guideline' documents or "
         "via subclasses of CIM_PolicyRule, CIM_PolicyTimePeriod"
         "Condition or other concrete subclasses of CIM_Policy.  If "
         "such behaviors need to be under the control of the policy "
         "administrator, then a mechanism to allow this control "
         "must also be specified in the subclasses.\n\n"
         "  "
         "PolicyTimePeriodCondition is defined as a subclass of "
         "PolicyCondition.  This is to allow the inclusion of "
         "time-based criteria in the AND/OR condition definitions "
         "for a PolicyRule.\n\n"
         "  "
         "Instances of this class may have up to five properties "
         "identifying time periods at different levels.  The values "
         "of all the properties present in an instance are ANDed "
         "together to determine the validity period(s) for the "
         "instance.  For example, an instance with an overall "
         "validity range of January 1, 2000 through December 31, "
         "2000; a month mask that selects March and April; a "
         "day-of-the-week mask that selects Fridays; and a time "
         "of day range of 0800 through 1600 would be represented "
         "using the following time periods:\n"
         "   Friday, March  5, 2000, from 0800 through 1600;\n "
         "   Friday, March 12, 2000, from 0800 through 1600;\n "
         "   Friday, March 19, 2000, from 0800 through 1600;\n "
         "   Friday, March 26, 2000, from 0800 through 1600;\n "
         "   Friday, April  2, 2000, from 0800 through 1600;\n "
         "   Friday, April  9, 2000, from 0800 through 1600;\n "
         "   Friday, April 16, 2000, from 0800 through 1600;\n "
         "   Friday, April 23, 2000, from 0800 through 1600;\n "
         "   Friday, April 30, 2000, from 0800 through 1600.\n\n"
         "  "
         "Properties not present in an instance of "
         "PolicyTimePeriodCondition are implicitly treated as having "
         "their value 'always enabled'.  Thus, in the example above, "
         "the day-of-the-month mask is not present, and so the "
         "validity period for the instance implicitly includes a "
         "day-of-the-month mask that selects all days of the month. "
         "If this 'missing property' rule is applied to its fullest, we "
         "see that there is a second way to indicate that a Policy"
         "Rule is always enabled: associate with it an instance of "
         "PolicyTimePeriodCondition whose only properties with "
         "specific values are its key properties.")
   ]
class CIM_PolicyTimePeriodCondition : CIM_PolicyCondition
{
        [Description (
Top   ToC   RFC3060 - Page 89
         "  This property identifies an overall range of calendar "
         "dates and times over which a PolicyRule is valid.  It is "
         "formatted as a string representing a start date and time, "
         "in which the character 'T' indicates the beginning of the "
         "time portion, followed by the solidus character '/', "
         "followed by a similar string representing an end date and "
         "time.  The first date indicates the beginning of the range, "
         "while the second date indicates the end.  Thus, the second "
         "date and time must be later than the first.  Date/times are "
         "expressed as substrings of the form yyyymmddThhmmss.  For "
         "example: \n"
         "   20000101T080000/20000131T120000 defines \n"
         "   January 1, 2000, 0800 through January 31, 2000, noon\n\n"
         "  "
         "There are also two special cases in which one of the "
         "date/time strings is replaced with a special string defined "
         "in RFC 2445.\n "
         "   o If the first date/time is replaced with the string "
         "     'THISANDPRIOR', then the property indicates that a "
         "     PolicyRule is valid [from now] until the date/time "
         "     that appears after the '/'.\n"
         "   o If the second date/time is replaced with the string "
         "     'THISANDFUTURE', then the property indicates that a "
         "     PolicyRule becomes valid on the date/time that "
         "     appears before the '/', and remains valid from that "
         "     point on. "),
         ModelCorrespondence {
        "CIM_PolicyTimePeriodCondition.MonthOfYearMask",
        "CIM_PolicyTimePeriodCondition.DayOfMonthMask",
        "CIM_PolicyTimePeriodCondition.DayOfWeekMask",
        "CIM_PolicyTimePeriodCondition.TimeOfDayMask",
        "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"}
        ]
    string TimePeriod;
        [Octetstring, Description (
         "  The purpose of this property is to refine the valid time "
         "period that is defined by the TimePeriod property, by "
         "explicitly specifying in which months the PolicyRule is "
         "valid.  These properties work together, with the "
         "TimePeriod used to specify the overall time period in "
         "which the PolicyRule is valid, and the MonthOfYearMask used "
         "to pick out the months during which the Rule is valid.\n\n"
         "  "
         "This property is formatted as an octet string, structured "
         "as follows:\n"
         "   o a 4-octet length field, indicating the length of the "
         "    entire octet string; this field is always set to "
         "    0x00000006 for this property;\n"
Top   ToC   RFC3060 - Page 90
         "   o a 2-octet field consisting of 12 bits identifying the "
         "     12 months of the year, beginning with January and "
         "     ending with December, followed by 4 bits that are "
         "     always set to '0'.  For each month, the value '1' "
         "     indicates that the policy is valid for that month, "
         "     and the value '0' indicates that it is not valid.\n\n"
         "  "
         "The value 0x000000060830, for example, indicates that a "
         "PolicyRule is valid only in the months May, November, "
         "and December.\n\n"
         "  "
         "If a value for this property is not provided, then the "
         "PolicyRule is treated as valid for all twelve months, and "
         "only restricted by its TimePeriod property value and the "
         "other Mask properties."),
        ModelCorrespondence {
        "CIM_PolicyTimePeriodCondition.TimePeriod",
        "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"}
        ]
    uint8 MonthOfYearMask[];
        [Octetstring, Description (
         "  The purpose of this property is to refine the valid time "
         "period that is defined by the TimePeriod property, by "
         "explicitly specifying in which days of the month the Policy"
         "Rule is valid.  These properties work together, "
         "with the TimePeriod used to specify the overall time period "
         "in which the PolicyRule is valid, and the DayOfMonthMask used "
         "to pick out the days of the month during which the Rule "
         "is valid.\n\n "
         "  "
         "This property is formatted as an octet string, structured "
         "as follows:\n"
         "   o a 4-octet length field, indicating the length of the "
         "     entire octet string; this field is always set to "
         "     0x0000000C for this property; \n"
         "   o an 8-octet field consisting of 31 bits identifying "
         "     the days of the month counting from the beginning, "
         "     followed by 31 more bits identifying the days of the "
         "     month counting from the end, followed by 2 bits that "
         "     are always set to '0'.  For each day, the value '1' "
         "     indicates that the policy is valid for that day, and "
         "     the value '0' indicates that it is not valid. \n\n"
         "  "
         "The value 0x0000000C8000000100000000, for example, "
         "indicates that a PolicyRule is valid on the first and "
         "last days of the month.\n\n "
         "  "
         "For months with fewer than 31 days, the digits corresponding "
Top   ToC   RFC3060 - Page 91
         "to days that the months do not have (counting in both "
         "directions) are ignored.\n\n"
         "  "
         "If a value for this property is not provided, then the "
         "PolicyRule is treated as valid for all days of the month, and "
         "only restricted by its TimePeriod property value and the "
         "other Mask properties."),
        ModelCorrespondence {
        "CIM_PolicyTimePeriodCondition.TimePeriod",
        "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"}
        ]
    uint8 DayOfMonthMask[];
        [Octetstring, Description (
         "  The purpose of this property is to refine the valid time "
         "period that is defined by the TimePeriod property, by "
         "explicitly specifying in which days of the month the Policy"
         "Rule is valid.  These properties work together, "
         "with the TimePeriod used to specify the overall time period "
         "in which the PolicyRule is valid, and the DayOfWeekMask used "
         "to pick out the days of the week during which the Rule "
         "is valid.\n\n "
         "  "
         "This property is formatted as an octet string, structured "
         "as follows:\n "
         "  o a 4-octet length field, indicating the length of the "
         "    entire octet string; this field is always set to "
         "    0x00000005 for this property;\n"
         "  o a 1-octet field consisting of 7 bits identifying the 7 "
         "    days of the week, beginning with Sunday and ending with "
         "    Saturday, followed by 1 bit that is always set to '0'. "
         "    For each day of the week, the value '1' indicates that "
         "    the policy is valid for that day, and the value '0' "
         "    indicates that it is not valid. \n\n"
         "  "
         "The value 0x000000057C, for example, indicates that a "
         "PolicyRule is valid Monday through Friday.\n\n"
         "  "
         "If a value for this property is not provided, then the "
         "PolicyRule is treated as valid for all days of the week, "
         "and only restricted by its TimePeriod property value and "
         "the other Mask properties."),
        ModelCorrespondence {
        "CIM_PolicyTimePeriodCondition.TimePeriod",
        "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"}
        ]
    uint8 DayOfWeekMask[];
        [Description (
         "  The purpose of this property is to refine the valid time "
Top   ToC   RFC3060 - Page 92
         "period that is defined by the TimePeriod property, by "
         "explicitly specifying a range of times in a day during which "
         "the PolicyRule is valid.  These properties work "
         "together, with the TimePeriod used to specify the overall "
         "time period in which the PolicyRule is valid, and the "
         "TimeOfDayMask used to pick out the range of time periods "
         "in a given day of during which the Rule is valid. \n\n"
         "  "
         "This property is formatted in the style of RFC 2445:  a "
         "time string beginning with the character 'T', followed by "
         "the solidus character '/', followed by a second time string. "
         "The first time indicates the beginning of the range, while "
         "the second time indicates the end.  Times are expressed as "
         "substrings of the form 'Thhmmss'. \n\n"
         "  "
         "The second substring always identifies a later time than "
         "the first substring.  To allow for ranges that span "
         "midnight, however, the value of the second string may be "
         "smaller than the value of the first substring.  Thus, "
         "'T080000/T210000' identifies the range from 0800 until 2100, "
         "while 'T210000/T080000' identifies the range from 2100 until "
         "0800 of the following day. \n\n"
         "  "
         "When a range spans midnight, it by definition includes "
         "parts of two successive days.  When one of these days is "
         "also selected by either the MonthOfYearMask, "
         "DayOfMonthMask, and/or DayOfWeekMask, but the other day is "
         "not, then the policy is active only during the portion of "
         "the range that falls on the selected day.  For example, if "
         "the range extends from 2100 until 0800, and the day of "
         "week mask selects Monday and Tuesday, then the policy is "
         "active during the following three intervals:\n"
         "    From midnight Sunday until 0800 Monday; \n"
         "    From 2100 Monday until 0800 Tuesday; \n"
         "    From 2100 Tuesday until 23:59:59 Tuesday. \n\n"
         "  "
         "If a value for this property is not provided, then the "
         "PolicyRule is treated as valid for all hours of the day, "
         "and only restricted by its TimePeriod property value and "
         "the other Mask properties."),
        ModelCorrespondence {
        "CIM_PolicyTimePeriodCondition.TimePeriod",
        "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"}
        ]
    string TimeOfDayMask;
        [Description (
         "  This property indicates whether the times represented "
         "in the TimePeriod property and in the various Mask "
Top   ToC   RFC3060 - Page 93
         "properties represent local times or UTC times.  There is "
         "no provision for mixing of local times and UTC times:  the "
         "value of this property applies to all of the other "
         "time-related properties."),
         ValueMap { "1", "2" },
         Values { "localTime", "utcTime" },
         ModelCorrespondence {
         "CIM_PolicyTimePeriodCondition.TimePeriod",
         "CIM_PolicyTimePeriodCondition.MonthOfYearMask",
         "CIM_PolicyTimePeriodCondition.DayOfMonthMask",
         "CIM_PolicyTimePeriodCondition.DayOfWeekMask",
         "CIM_PolicyTimePeriodCondition.TimeOfDayMask"}
        ]
    uint16 LocalOrUtcTime;
};

// ==================================================================
//    PolicyRuleValidityPeriod
// ==================================================================
   [Association, Aggregation, Description (
         "The PolicyRuleValidityPeriod aggregation represents "
         "scheduled activation and deactivation of a PolicyRule. "
         "If a PolicyRule is associated with multiple policy time "
         "periods via this association, then the Rule is active if "
         "at least one of the time periods indicates that it is "
         "active.  (In other words, the PolicyTimePeriodConditions "
         "are ORed to determine whether the Rule is active.)  A Time"
         "Period may be aggregated by multiple PolicyRules.  A Rule "
         "that does not point to a PolicyTimePeriodCondition via this "
         "association is, from the point of view of scheduling, "
         "always active.  It may, however, be inactive for other "
         "reasons.  For example, the Rule's Enabled property may "
         "be set to \"disabled\" (value=2).")
   ]
class CIM_PolicyRuleValidityPeriod : CIM_PolicyComponent
{
        [Override ("GroupComponent"), Aggregate, Description (
         "This property contains the name of a PolicyRule that "
         "contains one or more PolicyTimePeriodConditions.")
        ]
    CIM_PolicyRule REF GroupComponent;
        [Override ("PartComponent"), Description (
         "This property contains the name of a "
         "PolicyTimePeriodCondition defining the valid time periods "
         "for one or more PolicyRules.")
        ]
    CIM_PolicyTimePeriodCondition REF PartComponent;
};
Top   ToC   RFC3060 - Page 94
// ==================================================================
// VendorPolicyCondition
// ==================================================================
   [Description (
         "  A class that provides a general extension mechanism for "
         "representing PolicyConditions that have not been modeled "
         "with specific properties.  Instead, the two properties "
         "Constraint and ConstraintEncoding are used to define the "
         "content and format of the Condition, as explained below.\n\n"
         "  "
         "As its name suggests, VendorPolicyCondition is intended for "
         "vendor-specific extensions to the Policy Core Information "
         "Model.  Standardized extensions are not expected to use "
         "this class.")
   ]
class CIM_VendorPolicyCondition : CIM_PolicyCondition
{
        [Octetstring, Description (
         "This property provides a general extension mechanism for "
         "representing PolicyConditions that have not been "
         "modeled with specific properties.  The format of the "
         "octet strings in the array is left unspecified in "
         "this definition.  It is determined by the OID value "
         "stored in the property ConstraintEncoding.  Since "
         "ConstraintEncoding is single-valued, all the values of "
         "Constraint share the same format and semantics."),
         ModelCorrespondence {
            "CIM_VendorPolicyCondition.ConstraintEncoding"}
        ]
    string Constraint [];
        [Description (
         "An OID encoded as a string, identifying the format "
         "and semantics for this instance's Constraint property."),
         ModelCorrespondence {
            "CIM_VendorPolicyCondition.Constraint"}
        ]
    string ConstraintEncoding;
};

// ==================================================================
// PolicyAction
// ==================================================================
   [Abstract, Description (
         "A class representing a rule-specific or reusable policy "
         "action to be performed if the PolicyConditions for a Policy"
         "Rule evaluate to TRUE.  Since all operational details of a "
         "PolicyAction are provided in subclasses of this object, "
         "this class is abstract.")
Top   ToC   RFC3060 - Page 95
   ]
class CIM_PolicyAction : CIM_Policy
{
        [Key, MaxLen (256), Description (
         "  The name of the class or the subclass used in the "
         "creation of the System object in whose scope this "
         "PolicyAction is defined. \n\n"
         "  "
         "This property helps to identify the System object in "
         "whose scope this instance of PolicyAction exists. "
         "For a rule-specific PolicyAction, this is the System "
         "in whose context the PolicyRule is defined.  For a "
         "reusable PolicyAction, this is the instance of "
         "PolicyRepository (which is a subclass of System) that "
         "holds the Action. \n\n"
         "  "
         "Note that this property, and the analogous property "
         "SystemName, do not represent propagated keys from an "
         "instance of the class System.  Instead, they are "
         "properties defined in the context of this class, which "
         "repeat the values from the instance of System to which "
         "this PolicyAction is related, either directly via the "
         "PolicyActionInPolicyRepository aggregation or indirectly "
         "via the PolicyActionInPolicyRule aggregation.")
        ]
    string SystemCreationClassName;
        [Key, MaxLen (256), Description (
         "  The name of the System object in whose scope this "
         "PolicyAction is defined. \n\n"
         "  "
         "This property completes the identification of the System "
         "object in whose scope this instance of PolicyAction "
         "exists.  For a rule-specific PolicyAction, this is the "
         "System in whose context the PolicyRule is defined.  For "
         "a reusable PolicyAction, this is the instance of "
         "PolicyRepository (which is a subclass of System) that "
         "holds the Action.")
        ]
    string SystemName;
        [Key, MaxLen (256), Description (
         "For a rule-specific PolicyAction, the CreationClassName "
         "of the PolicyRule object with which this Action is "
         "associated.  For a reusable PolicyAction, a "
         "special value, 'NO RULE', should be used to "
         "indicate that this Action is reusable and not "
         "associated with a single PolicyRule.")
        ]
    string PolicyRuleCreationClassName;
Top   ToC   RFC3060 - Page 96
        [Key, MaxLen (256), Description (
         "For a rule-specific PolicyAction, the name of "
         "the PolicyRule object with which this Action is "
         "associated.  For a reusable PolicyAction, a "
         "special value, 'NO RULE', should be used to "
         "indicate that this Action is reusable and not "
         "associated with a single PolicyRule.")
        ]
    string PolicyRuleName;
        [Key, MaxLen (256), Description (
           "CreationClassName indicates the name of the class or the "
           "subclass used in the creation of an instance.  When used "
           "with the other key properties of this class, this property "
           "allows all instances of this class and its subclasses to "
           "be uniquely identified.") ]
    string CreationClassName;
        [Key, MaxLen (256), Description (
         "A user-friendly name of this PolicyAction.")
        ]
    string PolicyActionName;
};

// ==================================================================
//    PolicyActionInPolicyRepository
// ==================================================================
   [Association, Description (
         "  A class representing the hosting of reusable "
         "PolicyActions by a PolicyRepository.  A reusable Policy"
         "Action is always related to a single PolicyRepository, "
         "via this aggregation.\n\n"
         "  "
         "Note, that an instance of PolicyAction can be either "
         "reusable or rule-specific.  When the Action is rule-"
         "specific, it shall not be related to any "
         "PolicyRepository via the PolicyActionInPolicyRepository "
         "aggregation.")
   ]
class CIM_PolicyActionInPolicyRepository : CIM_PolicyInSystem
{
        [Override ("Antecedent"), Max(1), Description (
         "This property represents a PolicyRepository "
         "hosting one or more PolicyActions.  A reusable "
         "PolicyAction is always related to exactly one "
         "PolicyRepository via the PolicyActionInPolicyRepository "
         "aggregation.  The [0..1] cardinality for this property "
         "covers the two types of PolicyActions:  0 for a "
         "rule-specific PolicyAction, 1 for a reusable one.")
        ]
Top   ToC   RFC3060 - Page 97
    CIM_PolicyRepository REF Antecedent;
        [Override ("Dependent"), Description (
         "This property holds the name of a PolicyAction"
         "hosted in the PolicyRepository. ")
        ]
    CIM_PolicyAction REF Dependent;
};

// ==================================================================
//    PolicyActionInPolicyRule
// ==================================================================
   [Association, Aggregation, Description (
        "  A PolicyRule aggregates zero or more instances of the "
        "PolicyAction class, via the PolicyActionInPolicyRule "
        "association.  A Rule that aggregates zero Actions is not "
        "valid -- it may, however, be in the process of being entered "
        "into a PolicyRepository or being defined for a System. "
        "Alternately, the actions of the policy may be explicit in "
        "the definition of the PolicyRule.  Note that a PolicyRule "
        "should have no effect until it is valid.\n\n"
        "  "
        "The Actions associated with a PolicyRule may be given a "
        "required order, a recommended order, or no order at all.  For "
        "Actions represented as separate objects, the PolicyActionIn"
        "PolicyRule aggregation can be used to express an order. \n\n"
        "  "
        "This aggregation does not indicate whether a specified "
        "action order is required, recommended, or of no significance; "
        "the property SequencedActions in the aggregating instance of "
        "PolicyRule provides this indication.")
   ]
class CIM_PolicyActionInPolicyRule : CIM_PolicyComponent
{
        [Override ("GroupComponent"), Aggregate, Description (
         "This property represents the PolicyRule that "
         "contains one or more PolicyActions.")
        ]
    CIM_PolicyRule REF GroupComponent;
        [Override ("PartComponent"), Description (
         "This property holds the name of a PolicyAction "
         "contained by one or more PolicyRules.")
        ]
    CIM_PolicyAction REF PartComponent;
        [Description (
         "  This property provides an unsigned integer 'n' that"
         "indicates the relative position of a PolicyAction in the "
         "sequence of actions associated with a PolicyRule. "
         "When 'n' is a positive integer, it indicates a place "
Top   ToC   RFC3060 - Page 98
         "in the sequence of actions to be performed, with "
         "smaller integers indicating earlier positions in the "
         "sequence.  The special value '0' indicates 'don't care'. "
         "If two or more PolicyActions have the same non-zero "
         "sequence number, they may be performed in any order, but "
         "they must all be performed at the appropriate place in the "
         "overall action sequence. \n\n"
         "  "
         "A series of examples will make ordering of PolicyActions "
         "clearer: \n"
         "   o If all actions have the same sequence number, "
         "     regardless of whether it is '0' or non-zero, any "
         "     order is acceptable.\n "
         "   o The values: \n"
         "         1:ACTION A \n"
         "         2:ACTION B \n"
         "         1:ACTION C \n"
         "         3:ACTION D \n"
         "     indicate two acceptable orders: A,C,B,D or C,A,B,D, "
         "     since A and C can be performed in either order, but "
         "     only at the '1' position. \n"
         "   o The values: \n"
         "         0:ACTION A \n"
         "         2:ACTION B \n"
         "         3:ACTION C \n"
         "         3:ACTION D \n"
         "     require that B,C, and D occur either as B,C,D or as "
         "     B,D,C.  Action A may appear at any point relative to "
         "     B, C, and D.  Thus the complete set of acceptable "
         "     orders is:  A,B,C,D; B,A,C,D; B,C,A,D; B,C,D,A; "
         "     A,B,D,C; B,A,D,C; B,D,A,C; B,D,C,A. \n\n"
         "  "
         "Note that the non-zero sequence numbers need not start "
         "with '1', and they need not be consecutive.  All that "
         "matters is their relative magnitude.")
        ]
    uint16 ActionOrder;
};

// ==================================================================
// VendorPolicyAction
// ==================================================================
   [Description (
         "  A class that provides a general extension mechanism for "
         "representing PolicyActions that have not been modeled "
         "with specific properties.  Instead, the two properties "
         "ActionData and ActionEncoding are used to define the "
         "content and format of the Action, as explained below.\n\n"
Top   ToC   RFC3060 - Page 99
         "  "
         "As its name suggests, VendorPolicyAction is intended for "
         "vendor-specific extensions to the Policy Core Information "
         "Model.  Standardized extensions are not expected to use "
         "this class.")  ]
class CIM_VendorPolicyAction : CIM_PolicyAction
{
        [Octetstring, Description (
         "This property provides a general extension mechanism for "
         "representing PolicyActions that have not been "
         "modeled with specific properties.  The format of the "
         "octet strings in the array is left unspecified in "
         "this definition.  It is determined by the OID value "
         "stored in the property ActionEncoding.  Since "
         "ActionEncoding is single-valued, all the values of "
         "ActionData share the same format and semantics."),
         ModelCorrespondence {
            "CIM_VendorPolicyAction.ActionEncoding"}
        ]
    string ActionData [];
        [Description (
         "An OID encoded as a string, identifying the format "
         "and semantics for this instance's ActionData property."),
         ModelCorrespondence {
            "CIM_VendorPolicyAction.ActionData"}
        ]
    string ActionEncoding;
};

// ===================================================================
// end of file
// ===================================================================
Top   ToC   RFC3060 - Page 100

15. Full Copyright Statement

Copyright (C) The Internet Society (2001). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.