Network Working Group M. Pana, Ed.
Request for Comments: 4104 MetaSolv
Updates: 3703 A. Reyes
Category: Standards Track Computer Architecture, UPC
A. Barba
D. Moron
Technical University of Catalonia
M. Brunner
NEC
June 2005
Network Working Group M. Pana, Ed.
Request for Comments: 4104 MetaSolv
Updates: 3703 A. Reyes
Category: Standards Track Computer Architecture, UPC
A. Barba
D. Moron
Technical University of Catalonia
M. Brunner
NEC
June 2005
Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS)
策略核心扩展轻型目录访问协议架构(PCELS)
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
Abstract
摘要
This document defines a number of changes and extensions to the Policy Core Lightweight Directory Access Protocol (LDAP) Schema (RFC 3703) based on the model extensions defined by the Policy Core Information Model (PCIM) Extensions (RFC 3460). These changes and extensions consist of new LDAP object classes and attribute types. Some of the schema items defined in this document re-implement existing concepts in accordance with their new semantics introduced by RFC 3460. The other schema items implement new concepts, not covered by RFC 3703. This document updates RFC 3703.
本文档基于策略核心信息模型(PCIM)扩展(RFC 3460)定义的模型扩展,定义了对策略核心轻型目录访问协议(LDAP)架构(RFC 3703)的许多更改和扩展。这些更改和扩展包括新的LDAP对象类和属性类型。本文中定义的一些模式项根据RFC3460引入的新语义重新实现了现有概念。其他模式项实现RFC3703未涵盖的新概念。本文档更新了RFC 3703。
Table of Contents
目录
1. Introduction ....................................................3
1.1. Specification of Requirements ..............................3
2. Relationship to Other Policy Framework Documents ................3
3. Inheritance Hierarchy for PCELS .................................4
1. Introduction ....................................................3
1.1. Specification of Requirements ..............................3
2. Relationship to Other Policy Framework Documents ................3
3. Inheritance Hierarchy for PCELS .................................4
4. General Discussion of Mapping the Policy Core
Information Model ...............................................8
4.1. Summary of Class Mappings ..................................8
4.2. Summary of Association Mappings ...........................11
4.3. Summary of Changes since PCLS .............................13
4.4. Relationship to PCLS Classes ..............................15
4.5. Impact on Existing Implementations of the Policy
Core LDAP Schema ..........................................16
4.6. The Association of PolicyVariable and PolicyValues ........16
4.7. The Aggregation of PolicyRules and PolicyGroups in
PolicySets ................................................17
4.8. The Aggregation of Actions/Conditions in PolicyRules and
CompoundActions/CompoundConditions ........................20
5. Class Definitions ..............................................25
5.1. The Abstract Class pcelsPolicySet .........................26
5.2. The Structural Class pcelsPolicySetAssociation ............29
5.3. The Three Policy Group Classes ............................30
5.4. The Three Policy Rule Classes .............................31
5.5. The Structural Class pcelsConditionAssociation ............36
5.6. The Structural Class pcelsActionAssociation ...............37
5.7. The Auxiliary Class pcelsSimpleConditionAuxClass ..........38
5.8. The Auxiliary Class pcelsCompoundConditionAuxClass ........39
5.9. The Auxiliary Class pcelsCompoundFilterConditionAuxClass ..40
5.10. The Auxiliary Class pcelsSimpleActionAuxClass ............41
5.11. The Auxiliary Class pcelsCompoundActionAuxClass ..........42
5.12. The Abstract Class pcelsVariable .........................43
5.13. The Auxiliary Class pcelsExplicitVariableAuxClass ........44
5.14. The Auxiliary Class pcelsImplicitVariableAuxClass ........46
5.15. The Subclasses of pcelsImplicitVariableAuxClass ..........47
5.16. The Auxiliary Class pcelsValueAuxClass. ..................54
5.17. The Subclasses of pcelsValueAuxClass. ....................55
5.18. The Three Reusable Policy Container Classes ..............60
5.19. The Structural Class pcelsRoleCollection. ................62
5.20. The Abstract Class pcelsFilterEntryBase ..................64
5.21. The Structural Class pcelsIPHeadersFilter ................65
5.22. The Structural Class pcels8021Filter .....................73
5.23. The Auxiliary Class pcelsFilterListAuxClass ..............77
5.24. The Auxiliary Class pcelsVendorVariableAuxClass ..........79
5.25. The Auxiliary Class pcelsVendorValueAuxClass .............80
6. Security Considerations ........................................81
7. IANA Considerations ............................................82
7.1. Object Identifiers ........................................82
7.2. Object Identifier Descriptors .............................82
8. Acknowledgements ...............................................85
9. Normative References ...........................................85
10. Informative References ........................................86
4. General Discussion of Mapping the Policy Core
Information Model ...............................................8
4.1. Summary of Class Mappings ..................................8
4.2. Summary of Association Mappings ...........................11
4.3. Summary of Changes since PCLS .............................13
4.4. Relationship to PCLS Classes ..............................15
4.5. Impact on Existing Implementations of the Policy
Core LDAP Schema ..........................................16
4.6. The Association of PolicyVariable and PolicyValues ........16
4.7. The Aggregation of PolicyRules and PolicyGroups in
PolicySets ................................................17
4.8. The Aggregation of Actions/Conditions in PolicyRules and
CompoundActions/CompoundConditions ........................20
5. Class Definitions ..............................................25
5.1. The Abstract Class pcelsPolicySet .........................26
5.2. The Structural Class pcelsPolicySetAssociation ............29
5.3. The Three Policy Group Classes ............................30
5.4. The Three Policy Rule Classes .............................31
5.5. The Structural Class pcelsConditionAssociation ............36
5.6. The Structural Class pcelsActionAssociation ...............37
5.7. The Auxiliary Class pcelsSimpleConditionAuxClass ..........38
5.8. The Auxiliary Class pcelsCompoundConditionAuxClass ........39
5.9. The Auxiliary Class pcelsCompoundFilterConditionAuxClass ..40
5.10. The Auxiliary Class pcelsSimpleActionAuxClass ............41
5.11. The Auxiliary Class pcelsCompoundActionAuxClass ..........42
5.12. The Abstract Class pcelsVariable .........................43
5.13. The Auxiliary Class pcelsExplicitVariableAuxClass ........44
5.14. The Auxiliary Class pcelsImplicitVariableAuxClass ........46
5.15. The Subclasses of pcelsImplicitVariableAuxClass ..........47
5.16. The Auxiliary Class pcelsValueAuxClass. ..................54
5.17. The Subclasses of pcelsValueAuxClass. ....................55
5.18. The Three Reusable Policy Container Classes ..............60
5.19. The Structural Class pcelsRoleCollection. ................62
5.20. The Abstract Class pcelsFilterEntryBase ..................64
5.21. The Structural Class pcelsIPHeadersFilter ................65
5.22. The Structural Class pcels8021Filter .....................73
5.23. The Auxiliary Class pcelsFilterListAuxClass ..............77
5.24. The Auxiliary Class pcelsVendorVariableAuxClass ..........79
5.25. The Auxiliary Class pcelsVendorValueAuxClass .............80
6. Security Considerations ........................................81
7. IANA Considerations ............................................82
7.1. Object Identifiers ........................................82
7.2. Object Identifier Descriptors .............................82
8. Acknowledgements ...............................................85
9. Normative References ...........................................85
10. Informative References ........................................86
This document defines a number of changes and extensions to the
Policy Core Lightweight Directory Access Protocol (LDAP) Schema
[PCLS] based on the model extensions defined by the Policy Core
Information Model (PCIM) Extensions [PCIM_EXT]. These changes and
extensions consist of new LDAP object classes and attribute types
[LDAP]. Some of the schema items defined in this document re-
implement existing concepts in accordance with their new semantics
introduced by [PCIM_EXT]. The other schema items implement new
concepts, not covered by [PCLS]. This document updates RFC 3703
[PCLS].
This document defines a number of changes and extensions to the
Policy Core Lightweight Directory Access Protocol (LDAP) Schema
[PCLS] based on the model extensions defined by the Policy Core
Information Model (PCIM) Extensions [PCIM_EXT]. These changes and
extensions consist of new LDAP object classes and attribute types
[LDAP]. Some of the schema items defined in this document re-
implement existing concepts in accordance with their new semantics
introduced by [PCIM_EXT]. The other schema items implement new
concepts, not covered by [PCLS]. This document updates RFC 3703
[PCLS].
In addition to the concepts defined by [PCIM_EXT], this document introduces two new classes: pcelsVendorVariableAuxClass and pcelsVendorValueAuxClass. These classes provide a standard extension mechanism for vendor-specific policy variables and policy values that have not been specifically modeled.
除了[PCIM_EXT]定义的概念外,本文还介绍了两个新类:pcelsVendorVariableAuxClass和pcelsVendorValueAuxClass。这些类为特定于供应商的策略变量和未专门建模的策略值提供了标准扩展机制。
Within the context of this document, the term "PCELS" (Policy Core Extension LDAP Schema) is used to refer to the LDAP object class, attribute type definitions and the associated recommendations contained in this document.
在本文档的上下文中,术语“PCELS”(策略核心扩展LDAP架构)用于指代本文档中包含的LDAP对象类、属性类型定义和相关建议。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [KEYWORDS].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[关键词]中所述进行解释。
This document contains an LDAP schema mapping for the classes defined in the "Policy Core Information Model (PCIM) Extensions" [PCIM_EXT]. The LDAP schema defined in this document is an extension to the "Policy Core Lightweight Directory Access Protocol (LDAP) Schema" [PCLS], which defines the mapping of the "Policy Core Information Model -- Version 1 Specification" [PCIM] to an LDAP schema.
本文档包含“策略核心信息模型(PCIM)扩展”[PCIM_EXT]中定义的类的LDAP模式映射。本文档中定义的LDAP模式是“策略核心轻型目录访问协议(LDAP)模式”[PCLS]的扩展,它定义了“策略核心信息模型——版本1规范”[PCIM]到LDAP模式的映射。
These three documents ([PCIM], [PCIM_EXT] and [PCLS]) are prerequisites for reading and understanding this document.
这三份文件([PCIM]、[PCIM_EXT]和[PCLS])是阅读和理解本文件的先决条件。
Other documents may subsequently be produced with mappings of the same model to other storage or transport technologies.
随后,可以通过将同一模型映射到其他存储或传输技术来生成其他文档。
The object class and attribute type names defined in this document are prefixed 'pcels'.
本文档中定义的对象类和属性类型名称的前缀为“pcels”。
The diagram below illustrates the combined class hierarchy for the LDAP object classes defined in the following documents:
下图说明了以下文档中定义的LDAP对象类的组合类层次结构:
- The class names prefixed 'pcels' are defined in this document. - The class names prefixed 'pcim' are defined in [PCLS]. - The class names prefixed 'dlm1' are defined in [CIM_LDAP]. - The class named 'top' is defined in [LDAP_SCHEMA].
- 本文档中定义了前缀为“pcels”的类名。-前缀为“pcim”的类名在[PCLS]中定义前缀为“dlm1”的类名在[CIM_LDAP]中定义名为“top”的类在[LDAP_架构]中定义。
All the new object classes except for pcelsVendorVariableAuxClass and pcelsVendorValueAuxClass, are mapped from concepts defined or modified by [PCIM_EXT]. The pcelsVendorVariableAuxClass and pcelsVendorValueAuxClass classes are not mapped from [PCIM_EXT]. They represent concepts introduced in this document.
除了pcelsVendorVariableAuxClass和pcelsVendorValueAuxClass之外,所有新对象类都是从[PCIM_EXT]定义或修改的概念映射而来的。pcelsVendorVariableAuxClass和pcelsVendorValueAuxClass类未从[PCIM_EXT]映射。它们代表本文件中介绍的概念。
top
|
+---dlm1ManagedElement (abstract)
| |
| +---pcimPolicy (abstract)
| | |
| | +---pcelsPolicySet (abstract new)
| | | |
| | | +---pcelsGroup (abstract new)
| | | | |
| | | | +---pcelsGroupAuxClass (auxiliary new)
| | | | |
| | | | +---pcelsGroupInstance (structural new)
| | | |
| | | +---pcelsRule (abstract new)
| | | |
| | | +---pcelsRuleAuxClass (auxiliary new)
| | | |
| | | +---pcelsRuleInstance (structural new)
| | |
| | +---pcimGroup (abstract)
| | | |
| | | +---pcimGroupAuxClass (auxiliary)
| | | |
| | | +---pcimGroupInstance (structural)
| | |
| | +---pcimRule (abstract)
| | | |
| | | +---pcimRuleAuxClass (auxiliary)
top
|
+---dlm1ManagedElement (abstract)
| |
| +---pcimPolicy (abstract)
| | |
| | +---pcelsPolicySet (abstract new)
| | | |
| | | +---pcelsGroup (abstract new)
| | | | |
| | | | +---pcelsGroupAuxClass (auxiliary new)
| | | | |
| | | | +---pcelsGroupInstance (structural new)
| | | |
| | | +---pcelsRule (abstract new)
| | | |
| | | +---pcelsRuleAuxClass (auxiliary new)
| | | |
| | | +---pcelsRuleInstance (structural new)
| | |
| | +---pcimGroup (abstract)
| | | |
| | | +---pcimGroupAuxClass (auxiliary)
| | | |
| | | +---pcimGroupInstance (structural)
| | |
| | +---pcimRule (abstract)
| | | |
| | | +---pcimRuleAuxClass (auxiliary)
| | | |
| | | +---pcimRuleInstance (structural)
| | |
| | +---pcimRuleConditionAssociation (structural)
| | | |
| | | +---pcelsConditionAssociation (structural new)
| | |
| | +---pcimRuleValidityAssociation (structural)
| | |
| | +---pcimRuleActionAssociation (structural)
| | | |
| | | +---pcelsActionAssociation (structural new)
| | |
| | +---pcelsPolicySetAssociation (structural new)
| | |
| | +---pcimPolicyInstance (structural)
| | |
| | +---pcimElementAuxClass (auxiliary)
| | |
| | +---pcelsRoleCollection (structural new)
| | |
| | +---pcelsFilterEntryBase (abstract new)
| | |
| | +---pcelsIPHeadersFilter (structural new)
| | |
| | +---pcels8021Filter (structural new)
| |
| +---dlm1ManagedSystemElement (abstract)
| |
| +---dlm1LogicalElement (abstract)
| |
| +---dlm1System (abstract)
| |
| +---dlm1AdminDomain (abstract)
| |
| +---pcimRepository (abstract)
| |
| +---pcimRepositoryAuxClass (auxiliary)
| |
| +---pcimRepositoryInstance (structural)
| |
| +---pcelsReusableContainer (abstract new)
| |
| +---pcelsReusableContainerAuxClass
| | (auxiliary new)
| |
| +---pcelsReusableContainerInstance
| (structural new)
| | | |
| | | +---pcimRuleInstance (structural)
| | |
| | +---pcimRuleConditionAssociation (structural)
| | | |
| | | +---pcelsConditionAssociation (structural new)
| | |
| | +---pcimRuleValidityAssociation (structural)
| | |
| | +---pcimRuleActionAssociation (structural)
| | | |
| | | +---pcelsActionAssociation (structural new)
| | |
| | +---pcelsPolicySetAssociation (structural new)
| | |
| | +---pcimPolicyInstance (structural)
| | |
| | +---pcimElementAuxClass (auxiliary)
| | |
| | +---pcelsRoleCollection (structural new)
| | |
| | +---pcelsFilterEntryBase (abstract new)
| | |
| | +---pcelsIPHeadersFilter (structural new)
| | |
| | +---pcels8021Filter (structural new)
| |
| +---dlm1ManagedSystemElement (abstract)
| |
| +---dlm1LogicalElement (abstract)
| |
| +---dlm1System (abstract)
| |
| +---dlm1AdminDomain (abstract)
| |
| +---pcimRepository (abstract)
| |
| +---pcimRepositoryAuxClass (auxiliary)
| |
| +---pcimRepositoryInstance (structural)
| |
| +---pcelsReusableContainer (abstract new)
| |
| +---pcelsReusableContainerAuxClass
| | (auxiliary new)
| |
| +---pcelsReusableContainerInstance
| (structural new)
|
+---pcimConditionAuxClass (auxiliary)
| |
| +---pcimTPCAuxClass (auxiliary)
| |
| +---pcimConditionVendorAuxClass (auxiliary)
| |
| +---pcelsSimpleConditionAuxClass (auxiliary new)
| |
| +---pcelsCompoundConditionAuxClass (auxiliary new)
| | |
| | +---pcelsCompoundFilterConditionAuxClass (auxiliary new)
| |
| +---pcelsFilterListAuxClass (auxiliary new)
|
+---pcimActionAuxClass (auxiliary)
| |
| +---pcimActionVendorAuxClass (auxiliary)
| |
| +---pcelsSimpleActionAuxClass (auxiliary new)
| |
| +---pcelsCompoundActionAuxClass (auxiliary new)
|
+---pcelsVariable (abstract new)
| |
| +---pcelsVendorVariableAuxClass (auxiliary new)
| |
| +---pcelsExplicitVariableAuxClass (auxiliary new)
| |
| +---pcelsImplicitVariableAuxClass (auxiliary new)
| |
| +---pcelsSourceIPv4VariableAuxClass (auxiliary new)
| |
| +---pcelsSourceIPv6VariableAuxClass (auxiliary new)
| |
| +---pcelsDestinationIPv4VariableAuxClass (auxiliary new)
| |
| +---pcelsDestinationIPv6VariableAuxClass (auxiliary new)
| |
| +---pcelsSourcePortVariableAuxClass (auxiliary new)
| |
| +---pcelsDestinationPortVariableAuxClass (auxiliary new)
| |
| +---pcelsIPProtocolVariableAuxClass (auxiliary new)
| |
| +---pcelsIPVersionVariableAuxClass (auxiliary new)
| |
| +---pcelsIPToSVariableAuxClass (auxiliary new)
|
+---pcimConditionAuxClass (auxiliary)
| |
| +---pcimTPCAuxClass (auxiliary)
| |
| +---pcimConditionVendorAuxClass (auxiliary)
| |
| +---pcelsSimpleConditionAuxClass (auxiliary new)
| |
| +---pcelsCompoundConditionAuxClass (auxiliary new)
| | |
| | +---pcelsCompoundFilterConditionAuxClass (auxiliary new)
| |
| +---pcelsFilterListAuxClass (auxiliary new)
|
+---pcimActionAuxClass (auxiliary)
| |
| +---pcimActionVendorAuxClass (auxiliary)
| |
| +---pcelsSimpleActionAuxClass (auxiliary new)
| |
| +---pcelsCompoundActionAuxClass (auxiliary new)
|
+---pcelsVariable (abstract new)
| |
| +---pcelsVendorVariableAuxClass (auxiliary new)
| |
| +---pcelsExplicitVariableAuxClass (auxiliary new)
| |
| +---pcelsImplicitVariableAuxClass (auxiliary new)
| |
| +---pcelsSourceIPv4VariableAuxClass (auxiliary new)
| |
| +---pcelsSourceIPv6VariableAuxClass (auxiliary new)
| |
| +---pcelsDestinationIPv4VariableAuxClass (auxiliary new)
| |
| +---pcelsDestinationIPv6VariableAuxClass (auxiliary new)
| |
| +---pcelsSourcePortVariableAuxClass (auxiliary new)
| |
| +---pcelsDestinationPortVariableAuxClass (auxiliary new)
| |
| +---pcelsIPProtocolVariableAuxClass (auxiliary new)
| |
| +---pcelsIPVersionVariableAuxClass (auxiliary new)
| |
| +---pcelsIPToSVariableAuxClass (auxiliary new)
| |
| +---pcelsDSCPVariableAuxClass (auxiliary new)
| |
| +---pcelsFlowIdVariableAuxClass (auxiliary new)
| |
| +---pcelsSourceMACVariableAuxClass (auxiliary new)
| |
| +---pcelsDestinationMACVariableAuxClass (auxiliary new)
| |
| +---pcelsVLANVariableAuxClass (auxiliary new)
| |
| +---pcelsCoSVariableAuxClass (auxiliary new)
| |
| +---pcelsEthertypeVariableAuxClass (auxiliary new)
| |
| +---pcelsSourceSAPVariableAuxClass (auxiliary new)
| |
| +---pcelsDestinationSAPVariableAuxClass (auxiliary new)
| |
| +---pcelsSNAPOUIVariableAuxClass (auxiliary new)
| |
| +---pcelsSNAPTypeVariableAuxClass (auxiliary new)
| |
| +---pcelsFlowDirectionVariableAuxClass (auxiliary new)
|
+---pcelsValueAuxClass (auxiliary new)
| |
| +---pcelsVendorValueAuxClass (auxiliary new)
| |
| +---pcelsIPv4AddrValueAuxClass (auxiliary new)
| |
| +---pcelsIPv6AddrValueAuxClass (auxiliary new)
| |
| +---pcelsMACAddrValueAuxClass (auxiliary new)
| |
| +---pcelsStringValueAuxClass (auxiliary new)
| |
| +---pcelsBitStringValueAuxClass (auxiliary new)
| |
| +---pcelsIntegerValueAuxClass (auxiliary new)
| |
| +---pcelsBooleanValueAuxClass (auxiliary new)
| |
| +---pcelsDSCPVariableAuxClass (auxiliary new)
| |
| +---pcelsFlowIdVariableAuxClass (auxiliary new)
| |
| +---pcelsSourceMACVariableAuxClass (auxiliary new)
| |
| +---pcelsDestinationMACVariableAuxClass (auxiliary new)
| |
| +---pcelsVLANVariableAuxClass (auxiliary new)
| |
| +---pcelsCoSVariableAuxClass (auxiliary new)
| |
| +---pcelsEthertypeVariableAuxClass (auxiliary new)
| |
| +---pcelsSourceSAPVariableAuxClass (auxiliary new)
| |
| +---pcelsDestinationSAPVariableAuxClass (auxiliary new)
| |
| +---pcelsSNAPOUIVariableAuxClass (auxiliary new)
| |
| +---pcelsSNAPTypeVariableAuxClass (auxiliary new)
| |
| +---pcelsFlowDirectionVariableAuxClass (auxiliary new)
|
+---pcelsValueAuxClass (auxiliary new)
| |
| +---pcelsVendorValueAuxClass (auxiliary new)
| |
| +---pcelsIPv4AddrValueAuxClass (auxiliary new)
| |
| +---pcelsIPv6AddrValueAuxClass (auxiliary new)
| |
| +---pcelsMACAddrValueAuxClass (auxiliary new)
| |
| +---pcelsStringValueAuxClass (auxiliary new)
| |
| +---pcelsBitStringValueAuxClass (auxiliary new)
| |
| +---pcelsIntegerValueAuxClass (auxiliary new)
| |
| +---pcelsBooleanValueAuxClass (auxiliary new)
|
+---pcimSubtreesPtrAuxClass (auxiliary)
|
+---pcimGroupContainmentAuxClass (auxiliary)
|
+---pcimRuleContainmentAuxClass (auxiliary)
|
+---pcimSubtreesPtrAuxClass (auxiliary)
|
+---pcimGroupContainmentAuxClass (auxiliary)
|
+---pcimRuleContainmentAuxClass (auxiliary)
Figure 1. LDAP Class Inheritance Hierarchy for PCELS
图1。PCELS的LDAP类继承层次结构
4. General Discussion of Mapping the Policy Core Information Model Extensions to LDAP
4. 关于将策略核心信息模型扩展映射到LDAP的一般性讨论
The object classes described in this document contain certain optimizations for a directory that uses LDAP as its access protocol. An example is the use of auxiliary class attachment to LDAP entries for the realization of some of the associations defined in the information model. For instance, the aggregation of a specific SimplePolicyCondition to a reusable PolicyRule [PCIM_EXT] may be realized by attaching a pcelsSimpleConditionAuxClass to a pcelsRuleInstance entry.
本文档中描述的对象类包含使用LDAP作为其访问协议的目录的某些优化。一个例子是使用LDAP条目的辅助类附件来实现信息模型中定义的一些关联。例如,可以通过将pcelsSimpleConditionAuxClass附加到pcelsRuleInstance条目来实现特定SimplePolicyCondition到可重用策略规则[PCIM_EXT]的聚合。
Note that other data stores might need to implement the associations differently.
请注意,其他数据存储可能需要以不同的方式实现关联。
The classes and their properties defined in the information model [PCIM_EXT] map directly to LDAP object classes and attribute types.
信息模型[PCIM_EXT]中定义的类及其属性直接映射到LDAP对象类和属性类型。
The details of this mapping are discussed case by case in section 5.
第5节将逐一讨论此映射的细节。
+----------------------------------------------------------------------+
| Information Model (PCIM_EXT) | LDAP Class(es) |
+----------------------------------------------------------------------+
| PolicySet | pcelsPolicySet |
+----------------------------------------------------------------------+
| PolicyGroup | pcelsGroup |
| | pcelsGroupAuxClass |
| | pcelsGroupInstance |
+----------------------------------------------------------------------+
| PolicyRule | pcelsRule |
| | pcelsRuleAuxClass |
| | pcelsRuleInstance |
+----------------------------------------------------------------------+
| SimplePolicyCondition | pcelsSimpleConditionAuxClass |
+----------------------------------------------------------------------+
| CompoundPolicyCondition | pcelsCompoundConditionAuxClass |
+----------------------------------------------------------------------+
+----------------------------------------------------------------------+
| Information Model (PCIM_EXT) | LDAP Class(es) |
+----------------------------------------------------------------------+
| PolicySet | pcelsPolicySet |
+----------------------------------------------------------------------+
| PolicyGroup | pcelsGroup |
| | pcelsGroupAuxClass |
| | pcelsGroupInstance |
+----------------------------------------------------------------------+
| PolicyRule | pcelsRule |
| | pcelsRuleAuxClass |
| | pcelsRuleInstance |
+----------------------------------------------------------------------+
| SimplePolicyCondition | pcelsSimpleConditionAuxClass |
+----------------------------------------------------------------------+
| CompoundPolicyCondition | pcelsCompoundConditionAuxClass |
+----------------------------------------------------------------------+
| CompoundFilterCondition | pcelsCompoundFilterConditionAuxClass |
+----------------------------------------------------------------------+
| SimplePolicyAction | pcelsSimpleActionAuxClass |
+----------------------------------------------------------------------+
| CompoundPolicyAction | pcelsCompoundActionAuxClass |
+----------------------------------------------------------------------+
| PolicyVariable | pcelsVariable |
+----------------------------------------------------------------------+
| -------------- | pcelsVendorVariableAuxClass |
+-------------------------------+--------------------------------------+
| PolicyExplicitVariable | pcelsExplicitVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyImplicitVariable | pcelsImplicitVariableAuxClass |
+----------------------------------------------------------------------+
| PolicySourceIPv4Variable | pcelsSourceIPv4VariableAuxClass |
+----------------------------------------------------------------------+
| PolicySourceIPv6Variable | pcelsSourceIPv6VariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDestinationIPv4Variable | pcelsDestinationIPv4VariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDestinationIPv6Variable | pcelsDestinationIPv6VariableAuxClass |
+----------------------------------------------------------------------+
| PolicySourcePortVariable | pcelsSourcePortVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDestinationPortVariable | pcelsDestinationPortVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyIPProtocolVariable | pcelsIPProtocolVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyIPVersionVariable | pcelsIPVersionVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyIPToSVariable | pcelsIPToSVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDSCPVariable | pcelsDSCPVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyFlowIDVariable | pcelsFlowIDVariableAuxClass |
+----------------------------------------------------------------------+
| PolicySourceMACVariable | pcelsSourceMACVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDestinationMACVariable | pcelsDestinationMACVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyVLANVariable | pcelsVLANVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyCoSVariable | pcelsCoSVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyEthertypeVariable | pcelsEthertypeVariableAuxClass |
+----------------------------------------------------------------------+
| PolicySourceSAPVariable | pcelsSourceSAPVariableAuxClass |
+----------------------------------------------------------------------+
| CompoundFilterCondition | pcelsCompoundFilterConditionAuxClass |
+----------------------------------------------------------------------+
| SimplePolicyAction | pcelsSimpleActionAuxClass |
+----------------------------------------------------------------------+
| CompoundPolicyAction | pcelsCompoundActionAuxClass |
+----------------------------------------------------------------------+
| PolicyVariable | pcelsVariable |
+----------------------------------------------------------------------+
| -------------- | pcelsVendorVariableAuxClass |
+-------------------------------+--------------------------------------+
| PolicyExplicitVariable | pcelsExplicitVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyImplicitVariable | pcelsImplicitVariableAuxClass |
+----------------------------------------------------------------------+
| PolicySourceIPv4Variable | pcelsSourceIPv4VariableAuxClass |
+----------------------------------------------------------------------+
| PolicySourceIPv6Variable | pcelsSourceIPv6VariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDestinationIPv4Variable | pcelsDestinationIPv4VariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDestinationIPv6Variable | pcelsDestinationIPv6VariableAuxClass |
+----------------------------------------------------------------------+
| PolicySourcePortVariable | pcelsSourcePortVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDestinationPortVariable | pcelsDestinationPortVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyIPProtocolVariable | pcelsIPProtocolVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyIPVersionVariable | pcelsIPVersionVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyIPToSVariable | pcelsIPToSVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDSCPVariable | pcelsDSCPVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyFlowIDVariable | pcelsFlowIDVariableAuxClass |
+----------------------------------------------------------------------+
| PolicySourceMACVariable | pcelsSourceMACVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDestinationMACVariable | pcelsDestinationMACVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyVLANVariable | pcelsVLANVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyCoSVariable | pcelsCoSVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyEthertypeVariable | pcelsEthertypeVariableAuxClass |
+----------------------------------------------------------------------+
| PolicySourceSAPVariable | pcelsSourceSAPVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyDestinationSAPVariable | pcelsDestinationSAPVariableAuxClass |
+----------------------------------------------------------------------+
| PolicySNAPOUIVariable | pcelsSNAPOUIVariableAuxClass |
+----------------------------------------------------------------------+
| PolicySNAPTypeVariable | pcelsSNAPTypeVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyFlowDirectionVariable | pcelsFlowDirectionVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyValue | pcelsValueAuxClass |
+----------------------------------------------------------------------+
| ------------- | pcelsVendorValueAuxClass |
+-------------------------------+--------------------------------------+
| PolicyIPv4AddrValue | pcelsIPv4AddrValueAuxClass |
+----------------------------------------------------------------------+
| PolicyIPv6AddrValue | pcelsIPv6AddrValueAuxClass |
+----------------------------------------------------------------------+
| PolicyMACAddrValue | pcelsMACAddrValueAuxClass |
+----------------------------------------------------------------------+
| PolicyStringValue | pcelsStringValueAuxClass |
+----------------------------------------------------------------------+
| PolicyBitStringValue | pcelsBitStringValueAuxClass |
+----------------------------------------------------------------------+
| PolicyIntegerValue | pcelsIntegerValueAuxClass |
+----------------------------------------------------------------------+
| PolicyBooleanValue | pcelsBooleanValueAuxClass |
+----------------------------------------------------------------------+
| PolicyRoleCollection | pcelsRoleCollection |
+----------------------------------------------------------------------+
| ReusablePolicyContainer | pcelsReusableContainer |
| | pcelsReusableContainerAuxClass |
| | pcelsReusableContainerInstance |
+----------------------------------------------------------------------+
| FilterEntryBase | pcelsFilterEntryBase |
+----------------------------------------------------------------------+
| IPHeadersFilter | pcelsIPHeadersFilter |
+----------------------------------------------------------------------+
| 8021Filter | pcels8021Filter |
+----------------------------------------------------------------------+
| FilterList | pcelsFilterListAuxClass |
+----------------------------------------------------------------------+
| PolicyDestinationSAPVariable | pcelsDestinationSAPVariableAuxClass |
+----------------------------------------------------------------------+
| PolicySNAPOUIVariable | pcelsSNAPOUIVariableAuxClass |
+----------------------------------------------------------------------+
| PolicySNAPTypeVariable | pcelsSNAPTypeVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyFlowDirectionVariable | pcelsFlowDirectionVariableAuxClass |
+----------------------------------------------------------------------+
| PolicyValue | pcelsValueAuxClass |
+----------------------------------------------------------------------+
| ------------- | pcelsVendorValueAuxClass |
+-------------------------------+--------------------------------------+
| PolicyIPv4AddrValue | pcelsIPv4AddrValueAuxClass |
+----------------------------------------------------------------------+
| PolicyIPv6AddrValue | pcelsIPv6AddrValueAuxClass |
+----------------------------------------------------------------------+
| PolicyMACAddrValue | pcelsMACAddrValueAuxClass |
+----------------------------------------------------------------------+
| PolicyStringValue | pcelsStringValueAuxClass |
+----------------------------------------------------------------------+
| PolicyBitStringValue | pcelsBitStringValueAuxClass |
+----------------------------------------------------------------------+
| PolicyIntegerValue | pcelsIntegerValueAuxClass |
+----------------------------------------------------------------------+
| PolicyBooleanValue | pcelsBooleanValueAuxClass |
+----------------------------------------------------------------------+
| PolicyRoleCollection | pcelsRoleCollection |
+----------------------------------------------------------------------+
| ReusablePolicyContainer | pcelsReusableContainer |
| | pcelsReusableContainerAuxClass |
| | pcelsReusableContainerInstance |
+----------------------------------------------------------------------+
| FilterEntryBase | pcelsFilterEntryBase |
+----------------------------------------------------------------------+
| IPHeadersFilter | pcelsIPHeadersFilter |
+----------------------------------------------------------------------+
| 8021Filter | pcels8021Filter |
+----------------------------------------------------------------------+
| FilterList | pcelsFilterListAuxClass |
+----------------------------------------------------------------------+
Figure 2. Mapping of Information Model Extension Classes to LDAP
图2。信息模型扩展类到LDAP的映射
The pcelsVendorVariableAuxClass and pcelsVendorValueAuxClass classes are not mapped from [PCIM_EXT]. These classes are introduced in this document as a new extension mechanism for vendor-specific policy variables and values that have not been specifically modeled. Just like for any other schema elements defined in this document or in
pcelsVendorVariableAuxClass和pcelsVendorValueAuxClass类未从[PCIM_EXT]映射。这些类在本文档中作为供应商特定策略变量和未专门建模的值的新扩展机制引入。与本文档或中定义的任何其他模式元素一样
[PCLS], a particular submodel schema generally will not need to use vendor specific variable and value classes. Submodel schemas SHOULD apply the recommendations of section 5.10 of [PCIM_EXT] with regards to the supported and unsupported elements.
[PCLS],特定子模型模式通常不需要使用特定于供应商的变量和值类。子模型模式应适用[PCIM_EXT]第5.10节关于支持和不支持元素的建议。
The associations in the information model map to one or more of the following options:
信息模型中的关联映射到以下一个或多个选项:
1. Attributes that reference DNs (Distinguished Names) 2. Directory Information Tree (DIT) containment (i.e., superior-subordinate relationships) in LDAP 3. Auxiliary class attachment 4. Association object classes and attributes that reference DNs
1. 引用DNs(可分辨名称)2的属性。LDAP 3中的目录信息树(DIT)包含(即,上下级关系)。辅助班附件4。引用DNs的关联对象类和属性
The details of this mapping are discussed case by case in section 5.
第5节将逐一讨论此映射的细节。
+----------------------------------------------------------------------+
| Information Model Association | LDAP Attribute/Class |
+----------------------------------------------------------------------+
| PolicySetComponent | pcelsPolicySetComponentList in |
| | pcelsPolicySet and |
| | pcelsPolicySetDN in |
| | pcelsPolicySetAsociation |
+----------------------------------------------------------------------+
| PolicySetInSystem | DIT Containment and |
| | pcelsPolicySetDN in |
| | pcelsPolicySetAsociation |
+----------------------------------------------------------------------+
| PolicyGroupInSystem | DIT Containment and |
| | pcelsPolicySetDN in |
| | pcelsPolicySetAsociation |
+----------------------------------------------------------------------+
| PolicyRuleInSystem | DIT Containment and |
| | pcelsPolicySetDN in |
| | pcelsPolicySetAsociation |
+----------------------------------------------------------------------+
| PolicyConditionStructure | pcimConditionDN in |
| | pcelsConditionAssociation |
+----------------------------------------------------------------------+
| PolicyConditionInPolicyRule | pcelsConditionList in |
| | pcelsRule and |
| | pcimConditionDN in |
| | pcelsConditionAssociation |
+----------------------------------------------------------------------+
| PolicyConditionInPolicyCondition | pcelsConditionList in |
| | pcelsCompoundConditionAuxClass |
+----------------------------------------------------------------------+
| Information Model Association | LDAP Attribute/Class |
+----------------------------------------------------------------------+
| PolicySetComponent | pcelsPolicySetComponentList in |
| | pcelsPolicySet and |
| | pcelsPolicySetDN in |
| | pcelsPolicySetAsociation |
+----------------------------------------------------------------------+
| PolicySetInSystem | DIT Containment and |
| | pcelsPolicySetDN in |
| | pcelsPolicySetAsociation |
+----------------------------------------------------------------------+
| PolicyGroupInSystem | DIT Containment and |
| | pcelsPolicySetDN in |
| | pcelsPolicySetAsociation |
+----------------------------------------------------------------------+
| PolicyRuleInSystem | DIT Containment and |
| | pcelsPolicySetDN in |
| | pcelsPolicySetAsociation |
+----------------------------------------------------------------------+
| PolicyConditionStructure | pcimConditionDN in |
| | pcelsConditionAssociation |
+----------------------------------------------------------------------+
| PolicyConditionInPolicyRule | pcelsConditionList in |
| | pcelsRule and |
| | pcimConditionDN in |
| | pcelsConditionAssociation |
+----------------------------------------------------------------------+
| PolicyConditionInPolicyCondition | pcelsConditionList in |
| | pcelsCompoundConditionAuxClass |
| | and pcimConditionDN in |
| | pcelsConditionAssociation |
+----------------------------------------------------------------------+
| PolicyActionStructure | pcimActionDN in |
| | pcelsActionAssociation |
+----------------------------------------------------------------------+
| PolicyActionInPolicyRule | pcelsActionList in |
| | pcelsRule and |
| | pcimActionDN in |
| | pcelsActionAssociation |
+----------------------------------------------------------------------+
| PolicyActionInPolicyAction | pcelsActionList in |
| | pcelsCompoundActionAuxClass |
| | and pcimActionDN in |
| | pcelsActionAssociation |
+----------------------------------------------------------------------+
| PolicyVariableInSimplePolicy | pcelsVariableDN in |
| Condition | pcelsSimpleConditionAuxClass |
+----------------------------------------------------------------------+
| PolicyValueInSimplePolicy | pcelsValueDN in |
| Condition | pcelsSimpleConditionAuxClass |
+----------------------------------------------------------------------+
| PolicyVariableInSimplePolicy | pcelsVariableDN in |
| Action | pcelsSimpleActionAuxClass |
+----------------------------------------------------------------------+
| PolicyValueInSimplePolicyAction | pcelsValueDN in |
| | pcelsSimpleActionAuxClass |
+----------------------------------------------------------------------+
| ReusablePolicy | DIT containment |
+----------------------------------------------------------------------+
| ExpectedPolicyValuesForVariable | pcelsExpectedValueList in |
| | pcelsVariable |
+----------------------------------------------------------------------+
| ContainedDomain | DIT containment or |
| | pcelsReusableContainerList in |
| | pcelsReusableContainer |
+----------------------------------------------------------------------+
| EntriesInFilterList | pcelsFilterEntryList in |
| | pcelsFilterListAuxClass |
+----------------------------------------------------------------------+
| ElementInPolicyRoleCollection | DIT containment or |
| | pcelsElementList in |
| | pcelsRoleCollection |
+----------------------------------------------------------------------+
| PolicyRoleCollectionInSystem | DIT Containment |
+----------------------------------------------------------------------+
| | and pcimConditionDN in |
| | pcelsConditionAssociation |
+----------------------------------------------------------------------+
| PolicyActionStructure | pcimActionDN in |
| | pcelsActionAssociation |
+----------------------------------------------------------------------+
| PolicyActionInPolicyRule | pcelsActionList in |
| | pcelsRule and |
| | pcimActionDN in |
| | pcelsActionAssociation |
+----------------------------------------------------------------------+
| PolicyActionInPolicyAction | pcelsActionList in |
| | pcelsCompoundActionAuxClass |
| | and pcimActionDN in |
| | pcelsActionAssociation |
+----------------------------------------------------------------------+
| PolicyVariableInSimplePolicy | pcelsVariableDN in |
| Condition | pcelsSimpleConditionAuxClass |
+----------------------------------------------------------------------+
| PolicyValueInSimplePolicy | pcelsValueDN in |
| Condition | pcelsSimpleConditionAuxClass |
+----------------------------------------------------------------------+
| PolicyVariableInSimplePolicy | pcelsVariableDN in |
| Action | pcelsSimpleActionAuxClass |
+----------------------------------------------------------------------+
| PolicyValueInSimplePolicyAction | pcelsValueDN in |
| | pcelsSimpleActionAuxClass |
+----------------------------------------------------------------------+
| ReusablePolicy | DIT containment |
+----------------------------------------------------------------------+
| ExpectedPolicyValuesForVariable | pcelsExpectedValueList in |
| | pcelsVariable |
+----------------------------------------------------------------------+
| ContainedDomain | DIT containment or |
| | pcelsReusableContainerList in |
| | pcelsReusableContainer |
+----------------------------------------------------------------------+
| EntriesInFilterList | pcelsFilterEntryList in |
| | pcelsFilterListAuxClass |
+----------------------------------------------------------------------+
| ElementInPolicyRoleCollection | DIT containment or |
| | pcelsElementList in |
| | pcelsRoleCollection |
+----------------------------------------------------------------------+
| PolicyRoleCollectionInSystem | DIT Containment |
+----------------------------------------------------------------------+
Figure 3. Mapping of Information Model Extension Associations to LDAP
图3。信息模型扩展关联到LDAP的映射
Two [PCIM_EXT] associations are mapped to DIT containment:
两个[PCIM\U EXT]关联映射到DIT包含:
- PolicyRoleCollectionInSystem is a weak association and weak associations map well to DIT containment [CIM_LDAP] (without being limited to this mapping). In the absence of additional constraints, DIT containment is chosen here as the optimal association mapping.
- PolicyRoleCollectionInSystem是一个弱关联,弱关联很好地映射到DIT包含[CIM_LDAP](不限于此映射)。在没有其他约束的情况下,这里选择DIT包含作为最佳关联映射。
- ReusablePolicy is mapped to DIT containment for scalability reasons. It is expected that applications will associate a large number of policy instances to a ReusablePolicyContainer and DIT containment is a type of association that scales well.
- 出于可伸缩性原因,ReusablePolicy映射到DIT包含。预计应用程序会将大量策略实例关联到可重用的PolicyContainer,而DIT包含是一种可扩展的关联类型。
This section provides an overview of the changes relative to [PCLS] defined in this document:
本节概述了与本文件中定义的[PCL]相关的变更:
1. The concept of a set of policies is introduced by two new object classes: pcelsPolicySet and pcelsPolicySetAssociation. These classes enable the aggregation and relative prioritization of policies (rules and/or groups). The attribute pcelsPriority is used by pcelsPolicySetAssociation instances to indicate the priority of a policy relative to the other policies aggregated by the same set. Applications may use this attribute to apply appropriate ordering to the aggregated policies. This new policy aggregation mechanism provides an alternative to the aggregation mechanism defined by [PCLS] (that defines pcimRuleContainmentAuxClass and/or pcimGroupContainmentAuxClass for attaching components to a pcimGroup).
1. 策略集的概念由两个新的对象类引入:pcelsPolicySet和pcelsPolicySetAssociation。这些类支持策略(规则和/或组)的聚合和相对优先级划分。pcelsPriority属性由pcelsPolicySetAssociation实例用于指示策略相对于由同一集合聚合的其他策略的优先级。应用程序可以使用此属性对聚合策略应用适当的排序。这个新的策略聚合机制提供了[PCLS]定义的聚合机制(定义PCIMRuleContainementAuxClass和/或PCIMGroupContainementAuxClass以将组件附加到pcimGroup)的替代方案。
2. The attribute pcimRoles defined by [PCLS] is used here by the pcelsPolicySet object class. Thus, the role based policy selection mechanism is extended to all the subclasses of pcelsPolicySet.
2. 由[PCLS]定义的属性pcimRoles在此由pcelsPolicySet对象类使用。因此,基于角色的策略选择机制被扩展到PCELSPolicSet的所有子类。
3. A new attribute pcelsDecisionStrategy is added on the pcelsPolicySet class as a mapping from the decision mechanism.
3. 在PCELSSolicSet类上添加了一个新属性pcelsDecisionStrategy,作为决策机制的映射。
4. A new class pcelsGroup (with two subclasses), implements the modified semantics of the PolicyGroup in accordance with [PCIM_EXT]. This new class inherits from its superclass pcelsPolicySet the ability to aggregate (with relative priority) other policy rules or groups.
4. 一个新类pcelsGroup(带有两个子类)根据[PCIM_EXT]实现了PolicyGroup的修改语义。这个新类继承了它的超类PCELSPolicSet聚合(具有相对优先级)其他策略规则或组的能力。
5. A new class pcelsRule (with two subclasses), implements the modified semantics of the PolicyRule in accordance with [PCIM_EXT]. It does not include an absolute priority attribute,
5. 一个新类pcelsRule(包含两个子类)根据[PCIM_EXT]实现了PolicyRule的修改语义。它不包括绝对优先级属性,
but instances of non-abstract subclasses of pcelsRule can be prioritized relative to each other within a System (behavior inherited from its superclass: pcelsPolicySet). The pcelsRule class also inherits from pcelsPolicySet the ability to aggregate other policy rules or groups, and thus, the ability to construct nested rule structures of arbitrary complexity.
但是pcelsRule的非抽象子类的实例可以在一个系统中相对于彼此进行优先级排序(行为继承自其超类:pcelslocolicset)。pcelsRule类还从pcelsPolicySet继承了聚合其他策略规则或组的能力,从而也继承了构造任意复杂度的嵌套规则结构的能力。
6. A new attribute pcelsExecutionStrategy is added to the pcelsRule and pcelsCompoundActionAuxClass classes to allow the specification of the expected behavior in case of multiple actions aggregated by a rule or by a compound action.
6. pcelsRule和PCELSCompondactionAuxClass类中添加了一个新属性pcelsExecutionStrategy,以允许在由规则或复合操作聚合的多个操作的情况下指定预期行为。
7. Compound Conditions: The pcelsCompoundConditionAuxClass class is added in order to map the CompoundPolicyCondition class. A new class, pcelsConditionAssociation is used to aggregate policy conditions in a pcelsCompoundConditionAuxClass. The same class is also used to aggregate policy conditions in a pcelsRule.
7. 复合条件:添加pcelsCompoundConditionAuxClass类是为了映射CompoundPolicyCondition类。一个新类pcelsConditionAssociation用于聚合PCELSCompundConditionAuxClass中的策略条件。该类还用于聚合pcelsRule中的策略条件。
8. Compound Actions: The pcelsCompoundActionAuxClass class is added in order to map the CompoundPolicyAction class. A new class, pcelsActionAssociation is used to aggregate policy actions in a pcelsCompoundActionAuxClass. The same class is also used to aggregate policy actions in a pcelsRule.
8. 复合操作:添加pcelsCompoundActionAuxClass类是为了映射CompoundPolicyAction类。一个新类pcelsActionAssociation用于聚合pcelsCompoundationAuxClass中的策略操作。同一类还用于聚合pcelsRule中的策略操作。
9. Simple Conditions, Simple Actions, Variables and Values: The simple condition, simple action, variable and value classes defined by [PCIM_EXT] are directly mapped to LDAP object classes. These are: pcelsSimpleConditionAuxClass, pcelsSimpleActionAuxClass, pcelsVariable and its subclasses, and pcelsValueAuxClass and its subclasses.
9. 简单条件、简单操作、变量和值:由[PCIM_EXT]定义的简单条件、简单操作、变量和值类直接映射到LDAP对象类。它们是:pcelsSimpleConditionAuxClass、pcelsSimpleActionAuxClass、pcelsVariable及其子类和pcelsValueAuxClass及其子类。
10. A general extension mechanism is introduced for representing policy variables and values that have not been specifically modeled. The mechanism is intended for vendor-specific extensions.
10. 引入了一种通用扩展机制,用于表示尚未专门建模的策略变量和值。该机制用于特定于供应商的扩展。
11. Reusable Policy Repository: A new class (with two subclasses), pcelsReusableContainer is created as a subclass of pcimRepository. While maintaining compatibility with older [PCLS] implementations, the addition of this class acknowledges the intent of [PCIM_EXT] to avoid the potential for confusion with the Policy Framework component named Policy Repository. The new class enables many-to-many associations between reusable policy containers.
11. 可重用策略存储库:作为pcimRepository的一个子类创建了一个新类(包含两个子类),pcelsReusableContainer。在保持与较旧的[PCLS]实现的兼容性的同时,添加此类确认了[PCIM_EXT]的意图,以避免与名为Policy Repository的策略框架组件混淆。新类支持可重用策略容器之间的多对多关联。
12. The ReusablePolicy association defined in [PCIM_EXT] is realized through subordination to an instance of a non-abstract subclass of pcelsReusableContainer. Thus, reusable policy components
12. [PCIM_EXT]中定义的ReusablePolicy关联是通过从属于pcelsReusableContainer的非抽象子类的实例来实现的。因此,可重用的策略组件
(groups, rules, conditions, actions, variables and values) may be defined as stand-alone entries or stand-alone groups of related entries subordinated (DIT contained) to a pcelsReusableContainer.
(组、规则、条件、操作、变量和值)可以定义为独立条目或从属于pcelsReusableContainer(包含DIT)的独立相关条目组。
13. Device level filter classes are added to the schema.
13. 将设备级筛选器类添加到架构中。
14. The pcelsRoleCollection class is added to the schema to allow the association of policy roles to resources represented as LDAP entries.
14. pcelsRoleCollection类被添加到架构中,以允许策略角色与以LDAP条目表示的资源相关联。
Several [PCLS] classes are used in this document to derive other classes. If a PCELS application requires a functionality provided by any of derived classes, then the [PCLS] class MUST also be supported by PCELS implementations. These classes are:
本文档中使用了几个[PCLS]类来派生其他类。如果PCELS应用程序需要任何派生类提供的功能,则PCELS实现也必须支持[PCLS]类。这些课程包括:
pcimPolicy pcimRuleConditionAssociation pcimRuleActionAssociation pcimConditionAuxClass pcimActionAuxClass pcimRepository
pcimRuleConditionAssociation pcimRuleActionAssociation pcimConditionAuxClass pcimActionAuxClass pcimRepository
Other [PCLS] classes are neither derived to nor superseded by classes defined in this document. If a PCELS application requires a functionality provided by any of these classes, then the [PCLS] class SHOULD be used. These classes are:
其他[PCLS]类既不是从本文档中定义的类派生出来的,也不是由本文档中定义的类取代的。如果PCELS应用程序需要任何此类提供的功能,则应使用[PCLS]类。这些课程包括:
pcimRuleValidityAssociation pcimTPCAuxClass pcimConditionVendorAuxClass pcimActionVendorAuxClass pcimPolicyInstance pcimElementAuxClass pcimSubtreesPtrAuxClass
pcimRuleValidityAssociation pcimTPCAuxClass pcimConditionVendorAuxClass pcimActionVendorAuxClass pcimElementAuxClass PCIMSubtreetrauxClass pcimElementAuxClass
Among the classes defined in this document some implement concepts that supersede the concepts implemented by similar [PCLS] classes. PCELS implementations MAY support such [PCLS] classes. These classes are:
在本文档中定义的类中,一些实现的概念取代了类似[PCLS]类实现的概念。PCELS实现可能支持此类[PCLS]类。这些课程包括:
pcimGroup and its subclasses pcimRule and its subclasses pcimGroupContainmentAuxClass pcimRuleContainmentAuxClass the subclasses of pcimRepository
pcimGroup及其子类pcimRule及其子类PCIMGroupContainementAuxClass PCIMRuleContainementAuxClass pcimRepository的子类
In general, the intent of PCELS is to extend the functionality offered by the Policy Core LDAP Schema. For the most part, the compatibility with [PCLS] is preserved. The few cases in which compatibility cannot be achieved due to fundamental changes imposed by [PCIM_EXT], are defined here as alternatives to the original implementation.
通常,PCELS的目的是扩展策略核心LDAP模式提供的功能。在大多数情况下,与[PCLS]的兼容性保持不变。由于[PCIM_EXT]施加的根本性更改而无法实现兼容性的少数情况在这里被定义为原始实现的替代方案。
PCELS does not obsolete nor deprecate the concepts implemented by [PCLS]. The new LDAP schema items are defined in this document in a way that avoids, to the extent possible, interference with the normal operation of a reasonably well-executed implementation of [PCLS]. The intent is to permit at least a harmless coexistence of the two models in the same data repository.
PCELS不会废弃或弃用[PCLS]实现的概念。新的LDAP模式项在本文档中的定义方式尽可能避免干扰[PCLS]合理执行的实现的正常运行。其目的是允许两个模型在同一个数据存储库中至少无害地共存。
However, it should be noted that the PCELS introduces the following changes that may have an impact on some [PCLS] implementations:
但是,应注意的是,PCELS引入了以下变化,这些变化可能会对某些[PCLS]实施产生影响:
1. Some attributes originally used only by pcimRule or pcimGroup are now also used by classes unknown to [PCLS] implementations (pcelsPolicySet, pcelsRule and pcelsGroup). In particular, the attribute pcimRoles is also used by pcelsPolicySet for role based policy selection.
1. 最初仅由pcimRule或pcimGroup使用的某些属性现在也由[PCLS]实现未知的类(PCELSPolicSet、pcelsRule和pcelsGroup)使用。特别是,PCELSPolicSet还使用属性pcimRoles进行基于角色的策略选择。
2. Condition and action association classes originally used by only pcimRule are now used (through subclasses) by pcelsRule as well.
2. 最初仅由pcimRule使用的条件和操作关联类现在也由pcelsRule使用(通过子类)。
3. pcimRepository containers may include entries of types unknown to [PCLS] implementations.
3. pcimRepository容器可能包含[PCLS]实现未知类型的条目。
When the choice exists, PCELS implementations SHOULD support the new schema and MAY also support the one defined by [PCLS]. For example, if PolicyRule support is required, an implementation SHOULD be able to read or read-write (as applicable) pcelsRule entries. The same implementation MAY be able to read or read-write pcimRule.
当存在选择时,PCELS实现应支持新模式,也可能支持[PCLS]定义的模式。例如,如果需要PolicyRule支持,则实现应该能够读取或读写(如适用)pcelsRule条目。相同的实现可以读取或读写pcimRule。
4.6. The Association of PolicyVariable and PolicyValues to PolicySimpleCondition and PolicySimpleAction
4.6. PolicyVariable和PolicyValue与PolicySimpleCondition和PolicySimpleAction的关联
A PolicySimpleCondition, as well as a PolicySimpleAction, includes a single PolicyValue and a single PolicyVariable. Each of them can be attached or referenced by a DN.
PolicySimpleCondition和PolicySimpleAction包括一个PolicyValue和一个PolicyVariable。它们中的每一个都可以由DN附加或引用。
The attachment helps create compact PolicyCondition and PolicyAction definitions that can be efficiently provisioned and retrieved from the repository. On the other hand, referenced PolicyVariables and PolicyValues instances can be reused in the construction of multiple policies and permit an administrative partitioning of the data and policy definitions.
附件有助于创建紧凑的PolicyCondition和PolicyAction定义,这些定义可以有效地从存储库中进行配置和检索。另一方面,引用的PolicyVariables和PolicyValues实例可以在构建多个策略时重用,并允许对数据和策略定义进行管理分区。
In [PCIM_EXT], the two aggregations PolicyGroupInPolicyGroup and PolicyRuleInPolicyGroup, are combined into a single aggregation PolicySetComponent. This aggregation and the capability of association between a policy and the ReusablePolicyContainer offer new possibilities of reusability. Furthermore, these aggregations introduce new semantics representing the execution of one PolicyRule within the scope of another PolicyRule.
在[PCIM_EXT]中,两个聚合PolicyGroupInPolicyGroup和PolicyRuleInPolicyGroup组合成一个聚合PolicySetComponent。这种聚合和策略与ReusablePolicyContainer之间的关联能力为可重用性提供了新的可能性。此外,这些聚合引入了新的语义,表示在另一个PolicyRule的范围内执行一个PolicyRule。
Since PolicySet is defined in [PCIM_EXT], it is mapped in this document to a new class pcelsPolicySet in order to provide an abstraction for a set of policy rules or groups. The aggregation class PolicySetComponent in [PCIM_EXT] is mapped to a multi-value attribute pcelsPolicySetList in the pcelsPolicySet class and the attribute pcelsPolicySetDN in the pcelsPolicySetAssociation. These attributes refer to the nested rules and groups.
由于PolicySet在[PCIM_EXT]中定义,因此在本文档中将其映射到一个新类pcelsPolicySet,以便为一组策略规则或组提供抽象。[PCIM_EXT]中的聚合类PolicySetComponent映射到pcelsPolicySet类中的多值属性pcelsPolicySetList和pcelsPolicySetAssociation中的属性pcelsPolicySetDN。这些属性指的是嵌套的规则和组。
It is possible to store a rule/group nested in another rule/group in two ways. The first way is to define the nested rule/group as specific to the nesting rule/group. The second way is to define the nested rules/groups as reusable.
可以通过两种方式存储嵌套在另一个规则/组中的规则/组。第一种方法是将嵌套规则/组定义为特定于嵌套规则/组。第二种方法是将嵌套的规则/组定义为可重用的。
First case: Specific nested sets (rules/groups).
第一种情况:特定的嵌套集(规则/组)。
+----------+
|Rule/Group|
| |
+-----|- -|-----+
| +----------+ |
| * * |
| * * |
| **** **** |
| * * |
v * * v
+-----------+ +-----------+
| SA1+Set1 | | SA2+Set2 |
+-----------+ +-----------+
+----------+
|Rule/Group|
| |
+-----|- -|-----+
| +----------+ |
| * * |
| * * |
| **** **** |
| * * |
v * * v
+-----------+ +-----------+
| SA1+Set1 | | SA2+Set2 |
+-----------+ +-----------+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
#: Number. Set#: pcelsRuleAuxClass or pcelsGroupAuxClass auxiliary class. SA#: pcelsPolicySetAssocation structural class.
#:号码。Set#:pcelsRuleAuxClass或pcelsGroupAuxClass辅助类。SA#:pcElsPolicySetAssociation结构类。
Figure 4. Policy Set with Specific Components
图4。具有特定组件的策略集
The nesting pcelsPolicySet refers to instances of pcelsPolicySetAssociation using the attribute pcelsPolicySetList. These structural association classes are subordinated (DIT contained) to an instance of a non-abstract subclass of pcelsPolicySet and represent the association between the PolicySet and its nested rules/groups. The nested instances of auxiliary subclasses of pcelsPolicySet are attached to the association entries.
嵌套PCELSPolicSet使用属性pcelsPolicySetList引用pcelsPolicySetAssociation的实例。这些结构关联类从属于(包含DIT)pcelsPolicySet的非抽象子类的实例,表示PolicySet与其嵌套规则/组之间的关联。PCELSPolicSet辅助子类的嵌套实例附加到关联项。
Second case: Reusable nested sets (rules/groups).
第二种情况:可重用的嵌套集(规则/组)。
+----------+ +-------------+
|Rule/Group| | ContainerX |
+-|- -|--+ | |
| +----------+ | +-------------+
| * * | * *
| *** **** | * *
| * * v * *
| * +---+ * *
| * |SA2| +-------+ *
v * | -|-------->|S1+Set2| *
+---+ +---+ +-------+ *
|SA1| +-------+
| -|------------------------------>|S2+Set3|
+---+ +-------+
+----------+ +-------------+
|Rule/Group| | ContainerX |
+-|- -|--+ | |
| +----------+ | +-------------+
| * * | * *
| *** **** | * *
| * * v * *
| * +---+ * *
| * |SA2| +-------+ *
v * | -|-------->|S1+Set2| *
+---+ +---+ +-------+ *
|SA1| +-------+
| -|------------------------------>|S2+Set3|
+---+ +-------+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
Set#: pcelsRuleAuxClass or pcelsGroupAuxClass auxiliary class. SA#: PolicySetAssocation structural class. S#: structural class.
Set#:pcelsRuleAuxClass或pcelsGroupAuxClass辅助类。SA#:PolicySetAssociation结构类。S#:结构类。
Figure 5. Policy Set with Reusable Components
图5。具有可重用组件的策略集
The nesting pcelsPolicySet refers to instances of pcelsPolicySetAssociation using the attribute pcelsPolicySetList. These structural association classes are subordinated (DIT contained) to an instance of a non-abstract subclass of pcelsPolicySet and represent the association between the PolicySet and its nested rules/groups. The reusable rules/groups are instantiated here as auxiliary classes and attached to pcimPolicyInstance entries in the reusable container. Another option is to use the structural subclasses for defining reusable rules/groups. The association classes belonging to a nesting policy set are reference the reusable rules/groups using the attribute pcelsPolicySetDN.
嵌套PCELSPolicSet使用属性pcelsPolicySetList引用pcelsPolicySetAssociation的实例。这些结构关联类从属于(包含DIT)pcelsPolicySet的非抽象子类的实例,表示PolicySet与其嵌套规则/组之间的关联。可重用规则/组在此处被实例化为辅助类,并附加到可重用容器中的pcimPolicyInstance条目。另一种选择是使用结构化子类来定义可重用的规则/组。属于嵌套策略集的关联类使用属性pcelsPolicySetDN引用可重用规则/组。
A combination of both specific and reusable components is also allowed for the same policy set.
同一策略集还允许同时使用特定组件和可重用组件。
4.8. The Aggregation of Actions/Conditions in PolicyRules and CompoundActions/CompoundConditions
4.8. PolicyRules和CompoundActions/CompoundConditions中操作/条件的聚合
[PCIM_EXT] defines two new classes that allow the designer to create more complex conditions and actions. CompoundPolicyCondition and CompoundPolicyAction classes are mapped in this document to pcelsCompoundConditionAuxClass and pcelsCompoundActionAuxClass classes that are subclasses of pcimConditionAuxClass/pcimActionAuxClass. The compound conditions/actions defined in [PCIM_EXT] extend the capability of the rule to associate, group and evaluate conditions or execute actions. The conditions/actions are associated to compounds conditions/actions in the same way as they are associated to the rules.
[PCIM_EXT]定义了两个新类,允许设计器创建更复杂的条件和操作。CompoundPolicyCondition和CompoundPolicyAction类在本文档中映射到pcelsCompoundConditionAuxClass和pcelsCompoundActionAuxClass类,它们是pcimConditionAuxClass/pcimActionAuxClass的子类。[PCIM_EXT]中定义的复合条件/操作扩展了规则关联、分组和评估条件或执行操作的能力。条件/操作与复合条件/操作的关联方式与它们与规则的关联方式相同。
In this section, how to store instances of these classes in an LDAP Directory is explained. As a general rule, specific conditions/actions are subordinated (DIT contained) to the rule or compound condition/action that aggregates them and are attached to association class instances. Reusable conditions/actions are subordinated to pcelsReusableContainer instances and attached to pcimPolicyInstance instances.
在本节中,将解释如何在LDAP目录中存储这些类的实例。一般来说,特定条件/操作从属于(包含DIT)聚合它们并附加到关联类实例的规则或复合条件/操作。可重用条件/操作从属于PCELSReausableContainer实例,并附加到pcimPolicyInstance实例。
The examples below illustrate the four possible cases combining specific/reusable compound/non-compound condition/action. The rule has two compound conditions, each one has two different conditions. The schemes can be extended in order to store actions.
下面的示例说明了结合特定/可重用复合/非复合条件/操作的四种可能情况。规则有两个复合条件,每个条件有两个不同的条件。可以扩展这些方案以存储操作。
The examples below are based on and extend those illustrated in the section 4.4 of [PCLS].
以下示例基于并扩展了[PCLS]第4.4节中的示例。
First case: Specific compound condition/action with specific conditions/actions.
第一种情况:特定复合条件/行动与特定条件/行动。
+--------------+
+------| Rule |------+
| +--------------+ |
| * * |
| ********* ********* |
v * * v
+---------+ +---------+
+-| CA1+cc1 |-+ +-| CA2+cc2 |-+
| +---------+ | | +---------+ |
| * * | | * * |
| **** **** | | **** **** |
v * * v v * * v
+------+ +------+ +------+ +------+
|CA3+c1| |CA4+c2| |CA5+c3| |CA6+c4|
+------+ +------+ +------+ +------+
+--------------+
+------| Rule |------+
| +--------------+ |
| * * |
| ********* ********* |
v * * v
+---------+ +---------+
+-| CA1+cc1 |-+ +-| CA2+cc2 |-+
| +---------+ | | +---------+ |
| * * | | * * |
| **** **** | | **** **** |
v * * v v * * v
+------+ +------+ +------+ +------+
|CA3+c1| |CA4+c2| |CA5+c3| |CA6+c4|
+------+ +------+ +------+ +------+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
#: Number. CA#: pcelsConditionAssociation structural class. cc#: pcelsCompoundConditionAuxClass auxiliary class. c#: subclass of pcimConditionAuxClass.
#:号码。CA#:pcelsConditionAssociation结构类。cc#:pcelsCompoundConditionAuxClass辅助类。c#:pcimConditionAuxClass的子类。
Figure 6. Specific Compound Conditions with Specific Components
图6。具有特定成分的特定化合物条件
Because the compound conditions/actions are specific to the Rule, They are auxiliary attachments to instances of the structural classes pcelsConditionAssociation or pcelsActionAssociation. These structural classes represent the association between the rule and the compound condition/action. The rule specific conditions/actions are therefore subordinated (DIT contained) to the rule entry.
由于复合条件/操作特定于规则,因此它们是结构类pcelsConditionAssociation或PCELSConActionAssociation实例的辅助附件。这些结构类表示规则和复合条件/操作之间的关联。因此,特定于规则的条件/操作从属于(包含DIT)规则条目。
The conditions/actions are tied to the compound conditions/actions in the same way the compound conditions/actions are tied to rules. Association classes realize the association between the aggregating compound conditions/actions and the specific conditions/actions.
条件/动作与复合条件/动作的关联方式与复合条件/动作与规则的关联方式相同。关联类实现聚合复合条件/操作与特定条件/操作之间的关联。
Second case: Rule specific compound conditions/actions with reusable conditions/actions.
第二种情况:具有可重用条件/操作的特定于规则的复合条件/操作。
+-------------+ +---------------+
+------| Rule |-----+ | ContainerX |
| +-------------+ | +---------------+
| * * | * * * *
| * * | **** * * *
| ********* ******** | * * * ********
| * * v * * * *
| * +---------+ * * **** *
| * +-| CA2+cc2 |-+ * * * *
| * | +---------+ | * * * *
v * | * * | * * * *
+---------+ | **** **** | * * * *
+-| CA1+cc1 |-+ | * * v * * * *
| +---------+ | | * +------+ +-----+ * * *
| * * | v * | CA6 |->|S1+c4| * * *
| **** **** | +------+ +------+ +-----+ +-----+ * *
| * * v | CA5 |------------------>|S2+c3| * *
| * +------+ +------+ +-----+ +-----+ *
v * | CA4 |------------------------------------->|S3+c2| *
+------+ +------+ +-----+ +-----+
| CA3 |------------------------------------------------------>|S4+c1|
+------+ +-----+
+-------------+ +---------------+
+------| Rule |-----+ | ContainerX |
| +-------------+ | +---------------+
| * * | * * * *
| * * | **** * * *
| ********* ******** | * * * ********
| * * v * * * *
| * +---------+ * * **** *
| * +-| CA2+cc2 |-+ * * * *
| * | +---------+ | * * * *
v * | * * | * * * *
+---------+ | **** **** | * * * *
+-| CA1+cc1 |-+ | * * v * * * *
| +---------+ | | * +------+ +-----+ * * *
| * * | v * | CA6 |->|S1+c4| * * *
| **** **** | +------+ +------+ +-----+ +-----+ * *
| * * v | CA5 |------------------>|S2+c3| * *
| * +------+ +------+ +-----+ +-----+ *
v * | CA4 |------------------------------------->|S3+c2| *
+------+ +------+ +-----+ +-----+
| CA3 |------------------------------------------------------>|S4+c1|
+------+ +-----+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
#: Number.
CA#: pcelsConditionAssociation structural class.
cc#: pcelsCompoundConditionAuxClass auxiliary class.
c#: subclass of pcimConditionAuxClass.
S#: structural class
#: Number.
CA#: pcelsConditionAssociation structural class.
cc#: pcelsCompoundConditionAuxClass auxiliary class.
c#: subclass of pcimConditionAuxClass.
S#: structural class
Figure 7. Specific Compound Conditions with Reusable Components
图7。具有可重用组件的特定复合条件
This case is similar to the first one. The conditions/actions are reusable and are therefore not attached to the association classes, but rather to structural classes in the reusable container. The association classes tie the conditions/actions in located in a reusable container to their aggregators using DN references.
这个案例与第一个类似。条件/动作是可重用的,因此不会附加到关联类,而是附加到可重用容器中的结构类。关联类使用DN引用将位于可重用容器中的条件/操作绑定到其聚合器。
Third case: Reusable compound condition/action with specific conditions/actions.
第三种情况:具有特定条件/操作的可重用复合条件/操作。
+--------------+ +--------------+
| Rule | | RepositoryX |
+---+--------------+----+ +--------------+
| * * | * *
| ******* ******* | ******** ********
| * * v * *
| * +----------+ +---------+ *
| * | CA2 |--->| S1+cc2 | *
| * +----------+ +-+---------+-+ *
| * | * * | *
| * | **** **** | *
| * v * * v *
| * +------+ +------+ *
| * |CA5+c3| |CA6+c4| *
v * +------+ +------+ *
+----------+ +---------+
| CA1 |----------------------------------------->| S2+cc1 |
+----------+ +-+---------+-+
| * * |
| **** **** |
v * * v
+------+ +------+
|CA3+c1| |CA4+c2|
+------+ +------+
+--------------+ +--------------+
| Rule | | RepositoryX |
+---+--------------+----+ +--------------+
| * * | * *
| ******* ******* | ******** ********
| * * v * *
| * +----------+ +---------+ *
| * | CA2 |--->| S1+cc2 | *
| * +----------+ +-+---------+-+ *
| * | * * | *
| * | **** **** | *
| * v * * v *
| * +------+ +------+ *
| * |CA5+c3| |CA6+c4| *
v * +------+ +------+ *
+----------+ +---------+
| CA1 |----------------------------------------->| S2+cc1 |
+----------+ +-+---------+-+
| * * |
| **** **** |
v * * v
+------+ +------+
|CA3+c1| |CA4+c2|
+------+ +------+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
#: Number.
CA#: pcelsConditionAssociation structural class.
cc#: pcelsCompoundConditionAuxClass auxiliary class.
c#: subclass of pcimConditionAuxClass.
S#: structural class
#: Number.
CA#: pcelsConditionAssociation structural class.
cc#: pcelsCompoundConditionAuxClass auxiliary class.
c#: subclass of pcimConditionAuxClass.
S#: structural class
Figure 8. Reusable Compound Conditions with Specific Components
图8。具有特定组件的可重用复合条件
Re-usable compound conditions/actions are attached to structural classes and stored in a reusable policy container. They are related to the rule through a DN reference attribute in the association classes.
可重用的复合条件/操作附加到结构类,并存储在可重用的策略容器中。它们通过关联类中的DN引用属性与规则相关。
Specific conditions/actions are attached to association entries and subordinated (DIT contained) to the aggregating compound conditions/actions.
特定条件/操作附加到关联条目,并从属于聚合复合条件/操作(包含DIT)。
Fourth case: Reusable conditions/actions and compound conditions/actions.
第四种情况:可重用条件/操作和复合条件/操作。
+------+ +---------------+ +---------------+
+-----| Rule |-----+ | ContainerX | | ContainerY |
| +------+ | +---------------+ +---------------+
| * * | * * * * * *
| ****** ****** | *** *** *** * * *****
| * * v * * * * * *
| * +-------+ +------+ * * * *** *
| * | CA2 |->|S1+ca1| * * * * *
| * +-------+ +------+ * * * * *
| * / * * \ * * * * *
| * |** ** | * * * * *
| * |* * v * * * * *
| * |* +---+ * +-----+ * * *
| * |* |CA6|----*--->|S3+c4| * * *
| * v* +---+ * +-----+ * * *
| * +---+ * +-----+ * *
| * |CA5|-----------*--------->|S4+c3| * *
v * +---+ * +-----+ * *
+-------+ +------+ * *
| CA1 |-------------------------->|S2+cc1| * *
+-------+ +------+ * *
/ * * \ * *
| ** ** | * *
| * * v * *
| * +---+ +-----+ *
| * |CA4|---------->|S5+c2| *
v * +---+ +-----+ *
+---+ +-----+
|CA3|--------------------->|S6+c1|
+---+ +-----+
+------+ +---------------+ +---------------+
+-----| Rule |-----+ | ContainerX | | ContainerY |
| +------+ | +---------------+ +---------------+
| * * | * * * * * *
| ****** ****** | *** *** *** * * *****
| * * v * * * * * *
| * +-------+ +------+ * * * *** *
| * | CA2 |->|S1+ca1| * * * * *
| * +-------+ +------+ * * * * *
| * / * * \ * * * * *
| * |** ** | * * * * *
| * |* * v * * * * *
| * |* +---+ * +-----+ * * *
| * |* |CA6|----*--->|S3+c4| * * *
| * v* +---+ * +-----+ * * *
| * +---+ * +-----+ * *
| * |CA5|-----------*--------->|S4+c3| * *
v * +---+ * +-----+ * *
+-------+ +------+ * *
| CA1 |-------------------------->|S2+cc1| * *
+-------+ +------+ * *
/ * * \ * *
| ** ** | * *
| * * v * *
| * +---+ +-----+ *
| * |CA4|---------->|S5+c2| *
v * +---+ +-----+ *
+---+ +-----+
|CA3|--------------------->|S6+c1|
+---+ +-----+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
+------------------------------+
|LEGEND: |
| ***** DIT containment |
| + auxiliary attachment |
| ----> DN reference |
+------------------------------+
#: Number. CA#: pcelsConditionAssociation structural class. cc#: pcelsCompoundConditionAuxClass auxiliary class.
#:号码。CA#:pcelsConditionAssociation结构类。cc#:pcelsCompoundConditionAuxClass辅助类。
c#: subclass of pcimConditionAuxClass.
S#: structural class
c#: subclass of pcimConditionAuxClass.
S#: structural class
Figure 9. Reusable Compound Conditions with Reusable Components
图9。具有可重用组件的可重用复合条件
All the conditions/actions are reusable so they are stored in reusable containers. The figure above illustrates two different reusable policy containers, but the number of containers in the system is decided based on administrative reasons. The conditions, actions, etc. may be stored in the same or different containers with no impact on the policy definition semantics.
所有条件/操作都是可重用的,因此它们存储在可重用的容器中。上图显示了两个不同的可重用策略容器,但系统中容器的数量是根据管理原因决定的。条件、操作等可以存储在相同或不同的容器中,而不会影响策略定义语义。
The semantics for the policy information classes that are to be mapped directly from the information model to an LDAP representation are detailed in [PCIM_EXT]. Consequently, this document presents only a brief reference to those semantics. The focus here is on the mapping from the information model (which is independent of repository type and access protocol) to a form that can be accessed using LDAP. For various reasons including LDAP specific optimization, this mapping is not always 1:1. Some new classes and attributes (that were not part of [PCIM] or [PCIM_EXT]) needed to be created in order to implement the LDAP mapping. These new LDAP-only classes are fully defined in this document.
要直接从信息模型映射到LDAP表示的策略信息类的语义在[PCIM_EXT]中有详细说明。因此,本文档仅简要介绍这些语义。这里的重点是从信息模型(独立于存储库类型和访问协议)到可以使用LDAP访问的表单的映射。由于各种原因,包括特定于LDAP的优化,此映射并不总是1:1。为了实现LDAP映射,需要创建一些新的类和属性(不属于[PCIM]或[PCIM_EXT])。这些仅限LDAP的新类在本文档中完全定义。
The following notes apply to this section in its entirety.
以下注释适用于本节的全部内容。
Note 1: The formal language for specifying the classes, attributes, and DIT structure and content rules is that defined in [LDAP_SYNTAX]. In the following definitions, the class and attribute definitions follow [LDAP_SYNTAX] but they are line-wrapped to enhance human readability.
注1:用于指定类、属性、DIT结构和内容规则的正式语言是在[LDAP_语法]中定义的。在以下定义中,类和属性定义遵循[LDAP_语法],但它们是换行的,以增强可读性。
Note 2: Even though not explicitly noted in the following class and attribute definitions, implementations may define DIT structure and content rules where applicable and supported by the underlying LDAP infrastructure. In such cases, the DIT structure rule considerations discussed in section 5 of [PCLS] must be applied to PCELS implementations as well. The reasons and details are presented in [X.501].
注2:尽管在下面的类和属性定义中没有明确说明,但实现可能会定义DIT结构和内容规则(如果适用并受底层LDAP基础设施支持)。在这种情况下,[PCLS]第5节中讨论的DIT结构规则注意事项也必须应用于PCELS实施。原因和细节见[X.501]。
Note 3: Wherever possible, an equality, a substrings and an ordering matching rule are defined for a particular attribute. This provides additional implementation flexibility. However, in some cases, the LDAP matching semantics may not cover all the application needs. For instance, different values of pcelsIPv4AddrList may be semantically equivalent. The equality matching rule, caseIgnoreMatch, associated
注3:在可能的情况下,为特定属性定义了等式、子字符串和排序匹配规则。这提供了额外的实现灵活性。但是,在某些情况下,LDAP匹配语义可能无法涵盖所有应用程序需求。例如,pcelsIPv4AddrList的不同值在语义上可能是等价的。相等匹配规则caseIgnoreMatch关联
to this attribute type is not suitable for detecting this equivalence. Implementers should not rely solely on LDAP syntaxes and matching rules for being consistent with this specification.
对于此属性类型,不适合检测此等价性。实现者不应该仅仅依靠LDAP语法和匹配规则来与本规范保持一致。
Note 4: The following attribute definitions use only LDAP matching rules and syntax definitions from [LDAP_SYNTAX], [LDAP_SCHEMA] and [LDAP_MATCH]. The corresponding X.500 matching rules are defined in [X.520].
注4:以下属性定义仅使用[LDAP_语法]、[LDAP_模式]和[LDAP_匹配]中的LDAP匹配规则和语法定义。[X.520]中定义了相应的X.500匹配规则。
Note 5: Some of the following attribute types MUST conform to additional constraints on various data types (e.g., the only valid values for pcelsDecisionStrategy are 1 and 2). Just like the attribute semantics, the definition of the value structures, valid ranges, etc. is covered by [PCIM_EXT] for the corresponding properties while such constraints are only briefly mentioned in this document. In all cases, if a constraint is violated, the entry SHOULD be treated as invalid and the policy rules or groups that refer to it SHOULD be treated as being disabled, meaning that the execution of such policy rules or groups SHOULD be stopped.
注5:以下某些属性类型必须符合各种数据类型的附加约束(例如,pcelsDecisionStrategy的唯一有效值为1和2)。与属性语义一样,[PCIM_EXT]为相应属性提供了值结构、有效范围等的定义,而本文档仅简要介绍了此类约束。在所有情况下,如果违反了约束,则应将条目视为无效,并将引用该条目的策略规则或组视为禁用,这意味着应停止执行此类策略规则或组。
Note 6: Some of the object classes defined in this section cannot or should not be directly instantiated because they are either defined as abstract or do not implement stand-alone semantics (e.g., pcelsValueAuxClass). Regarding instances of objects that inherit from such classes, the text refers to "instances of <class_name>" when in fact the strictly correct expression would be "instances of objects that belong to non-abstract subclasses of <class_name>". The omission is intentional; it makes the text easier to read.
注6:本节中定义的某些对象类不能或不应直接实例化,因为它们要么定义为抽象类,要么不实现独立语义(例如,pcelsValueAuxClass)。关于从此类类继承的对象实例,本文提到“类的实例”,而实际上严格正确的表达式是“属于类的非抽象子类的对象实例”。遗漏是故意的;它使文本更容易阅读。
The pcelsPolicySet class represents a set of policies with a common decision strategy and a common set of policy roles. This class together with the pcelsPolicySetAssociation class defined in a subsequent section of this document provide sufficient information to allow applications to apply appropriate ordering to a set of policies. The pcelsPolicySet is mapped from the PolicySet class [PCIM_EXT]. The pcelsPolicySet class is an abstract object class and it is derived from the pcimPolicy class [PCLS].
pcelsPolicySet类表示一组具有公共决策策略和一组公共策略角色的策略。此类以及本文档后续章节中定义的pcelsPolicySetAssociation类提供了足够的信息,允许应用程序对一组策略应用适当的排序。pcelsPolicySet从PolicySet类[PCIM_EXT]映射而来。pcelsPolicySet类是一个抽象对象类,它派生自pcimPolicy类[PCLS]。
The pcelsPolicySetList attribute of a pcelsPolicySet instance references subordinated pcelsPolicySetAssociation entries. The aggregated pcelsPolicySet instances are either attached to the pcelsPolicySetAssociation entries as auxiliary object classes or referenced by the pcelsPolicySetAssociation entries using the pcelsPolicySetDN attribute.
pcelsPolicySet实例的pcelsPolicySetList属性引用从属pcelsPolicySetAssociation项。聚合的PCELSPolicSet实例作为辅助对象类附加到pcelsPolicySetAssociation条目,或由pcelsPolicySetAssociation条目使用pcelsPolicySetDN属性引用。
The pcelsPolicySet class is defined as follows:
pcelsPolicySet类的定义如下:
( 1.3.6.1.1.9.1.1 NAME 'pcelsPolicySet' DESC 'Set of policies' SUP pcimPolicy ABSTRACT MAY ( pcelsPolicySetName $ pcelsDecisionStrategy $ pcimRoles $ pcelsPolicySetList ) )
(1.3.6.1.1.9.1.1名称“PCELSSolicSet”描述“策略集”辅助PCImplicy摘要可能(PCELSSolicySetName$pcelsDecisionStrategy$pcimRoles$PCELSSolicySetList))
One of the attributes of the pcelsPolicySet class, pcimRoles is defined in the section 5.3 of [PCLS]. In the pcelsPolicySet class the pcimRole attribute preserves its syntax and semantics as defined by [PCLS] and [PCIM].
PCELSPolicSet类的属性之一pcimRoles在[PCLS]的第5.3节中定义。在PCELSPolicSet类中,pcimRole属性保留[PCLS]和[PCIM]定义的语法和语义。
The pcelsPolicySetName attribute type may be used as naming attribute for pcelsPolicySet entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value.
pcelsPolicySetName属性类型可用作pcelsPolicySet项的命名属性。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性只能有一个值。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.1 NAME 'pcelsPolicySetName' DESC 'User-friendly name of a policy set' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
(1.3.6.1.1.9.2.1名称'pcelsPolicySetName'DESC'策略集的用户友好名称'EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch OrderingMatch SUBSTR caseIgnoreMatch语法1.3.6.1.4.1.1466.115.121.1.15单值)
The pcelsDecisionStrategy attribute type indicates the evaluation method for the policies aggregated in the policy set. It is mapped from the PolicySet.PolicyDecisionStrategy property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are 1 (FirstMatching) and 2 (AllMatching). If this attribute is missing from a pcelsPolicySet instance, applications MUST assume a FirstMatching decision strategy for the policy set.
pcelsDecisionStrategy属性类型指示策略集中聚合的策略的评估方法。它从PolicySet.PolicyDecisionStrategy属性[PCIM_EXT]映射而来。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值为1(FirstMatching)和2(AllMatching)。如果pcelsPolicySet实例中缺少此属性,则应用程序必须为策略集采用FirstMatching决策策略。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.2 NAME 'pcelsDecisionStrategy' DESC 'Evaluation method for the components of a pcelsPolicySet' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.2 PCELSSolicSet组件的名称“pcelsDecisionStrategy”DESC“EQUALITY integerMatch ORDERING integerOrderingMatch语法1.3.6.1.4.1.1466.115.121.1.27单值”评估方法)
The pcelsPolicySetList attribute type is used in the realization of the PolicySetComponent association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for pcelsPolicySetList attributes are DNs of pcelsPolicySetAssociation entries. In a pcelsPolicySet, the pcelsPolicySetList attribute represents the associations between this policy set and its components.
PCELSPolicSetList属性类型用于实现PolicySetComponent关联[PCIM_EXT]。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性可以有多个值。pcelsPolicySetList属性的唯一允许值是pcelsPolicySetAssociation条目的DNs。在pcelsPolicySet中,pcelsPolicySetList属性表示此策略集及其组件之间的关联。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.3 NAME 'pcelsPolicySetList' DESC 'Unordered set of DNs of pcelsPolicySetAssociation entries' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
(1.3.6.1.1.9.2.3名称“PCELSSolicySetList”DESC“PCELSSolicySetAssociation条目的DNs无序集”相等区分名称匹配语法1.3.6.1.4.1.1466.115.121.1.12)
Note: A pcelsPolicySet instance aggregates other pcelsPolicySet instances using pcelsPolicySetAssociation entries (defined in the next section). Applications can sort the components of a pcelsPolicySet using attributes of the pcelsPolicySetAssociation entries. However, implementations should not expect the LDAP data store to provide a useful ordering of the pcelsPolicySetList values in a pcelsPolicySet instance or to return sets of matching pcelsPolicySetAssociation entries in a meaningful order. Instead, applications SHOULD implement their own means for post-retrieval ordering of policy rules/groups based on pcelsPolicySetAssociation.pcelsPriority values.
注意:PCELSPolicSet实例使用pcelsPolicySetAssociation条目(在下一节中定义)聚合其他PCELSPolicSet实例。应用程序可以使用pcelsPolicySetAssociation项的属性对pcelsPolicySet的组件进行排序。但是,实现不应期望LDAP数据存储提供pcelsPolicySetList实例中pcelsPolicySetList值的有用顺序,或以有意义的顺序返回匹配的pcelsPolicySetAssociation项集。相反,应用程序应该根据pcelsPolicySetAssociation.pcelsPriority值实现自己的策略规则/组检索后排序方法。
The pcelsPolicySetAssociation class is used to associate PolicySet instances [PCIM_EXT] to other entries. pcelsPolicySetAssociation entries are always subordinated to the aggregating entry. When subordinated to an instance of pcelsPolicySet, pcelsPolicySetAssociation realizes a PolicySetComponent association [PCIM_EXT]. When subordinated to an instance of dlm1System [CIM_LDAP], pcelsPolicySetAssociation realizes a PolicySetInSystem association [PCIM_EXT].
pcelsPolicySetAssociation类用于将PolicySet实例[PCIM_EXT]与其他条目关联。pcelsPolicySetAssociation条目始终从属于聚合条目。当pcelsPolicySetAssociation从属于pcelsPolicySet实例时,它实现了PolicySetComponent关联[PCIM_EXT]。当从属于dlm1System[CIM_LDAP]实例时,pcelsPolicySetAssociation实现PolicySetInSystem关联[PCIM_EXT]。
The pcelsPolicySetAssociation class is a structural object class and it is derived from the pcimPolicy class [PCLS].
pcelsPolicySetAssociation类是一个结构对象类,它派生自pcimPolicy类[PCLS]。
The aggregation of a reusable pcelsPolicySet instance is realized via the pcelsPolicySetDN attribute. A non-reusable pcelsPolicySet instance is attached (as auxiliary subclass of pcelsPolicySet) directly to the pcelsPolicySetAssociation entry.
可重用pcelsPolicySetDN实例的聚合是通过pcelsPolicySetDN属性实现的。将不可重用的pcelsPolicySet实例(作为pcelsPolicySet的辅助子类)直接附加到pcelsPolicySetAssociation条目。
When reading a pcelsPolicySetAssociation instance that has a pcelsPolicySet attached, the attribute pcelsPolicySetDN MUST be ignored. Applications SHOULD remove the pcelsPolicySetDN value from a pcelsPolicySetAssociation upon attachment of a pcelsPolicySet to the entry.
读取附加了pcelsPolicySetDN的pcelsPolicySetAssociation实例时,必须忽略属性pcelsPolicySetDN。在将PCELSPolicSet附加到条目时,应用程序应从PCELSPolicSetAssociation中删除pcelsPolicySetDN值。
The pcelsPolicySetAssociation class is defined as follows:
pcelsPolicySetAssociation类定义如下:
( 1.3.6.1.1.9.1.2 NAME 'pcelsPolicySetAssociation' DESC 'Associates a policy set to an aggregating entry' SUP pcimPolicy STRUCTURAL MUST ( pcelsPriority ) MAY ( pcelsPolicySetName $ pcelsPolicySetDN ) )
(1.3.6.1.1.9.1.2名称'pcelsPolicySetAssociation'DESC'将策略集关联到聚合条目'SUP pcimPolicy STRUCTURAL MUST(pcelsPriority)MAY(pcelsPolicySetName$pcelsPolicySetDN))
The pcelsPriority attribute type indicates the priority of a policy
set component. This attribute type is of syntax Integer
[LDAP_SYNTAX]. It has an equality matching rule of integerMatch
[LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch
[LDAP_MATCH]. Attributes of this type can only have single values.
The only allowed values for attributes of this type are non-negative
integers. Within the set of pcelsPolicySetAssociation entries
directly subordinated to a pcelsPolicySet or a dlm1System [CIM_LDAP],
the pcelsPriority values MUST be unique.
The pcelsPriority attribute type indicates the priority of a policy
set component. This attribute type is of syntax Integer
[LDAP_SYNTAX]. It has an equality matching rule of integerMatch
[LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch
[LDAP_MATCH]. Attributes of this type can only have single values.
The only allowed values for attributes of this type are non-negative
integers. Within the set of pcelsPolicySetAssociation entries
directly subordinated to a pcelsPolicySet or a dlm1System [CIM_LDAP],
the pcelsPriority values MUST be unique.
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.4 NAME 'pcelsPriority' DESC 'Priority of a component' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.4组件的名称'pcelsPriority'DESC'优先级'EQUALITY integerMatch ORDERING integerOrderingMatch语法1.3.6.1.4.1.1466.115.121.1.27单值)
The pcelsPolicySetDN attribute type is used in the aggregation of PolicySet instances [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can only have single values. The only allowed values for pcelsPolicySetDN attributes are DNs of pcelsPolicySet entries.
pcelsPolicySetDN属性类型用于聚合策略集实例[PCIM_EXT]。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性只能有单个值。pcelsPolicySetDN属性的唯一允许值是pcelsPolicySet项的DNs。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.5 NAME 'pcelsPolicySetDN' DESC 'DN of a pcelsPolicySet entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
(1.3.6.1.1.9.2.5 PCELSSolicySetDN名称“描述”PCELSSolicSet条目的DN“相等区分名称匹配语法1.3.6.1.4.1.1466.115.121.1.12单值)
The pcelsGroup class is the base class for representing a policy group. It is mapped from the modified PolicyGroup class [PCIM_EXT]. The pcelsGroup class is derived from the pcelsPolicySet class. To maximize flexibility, the pcelsGroup class is defined as abstract. An auxiliary subclass pcelsGroupAuxClass enables the attachment of a policy group to an existing entry, while a structural subclass pcelsGroupInstance permits the representation of a policy group as a standalone entry.
pcelsGroup类是表示策略组的基类。它是从修改的PolicyGroup类[PCIM_EXT]映射而来的。pcelsGroup类派生自pcelsPolicySet类。为了最大限度地提高灵活性,pcelsGroup类被定义为抽象类。辅助子类pcelsGroupAuxClass允许将策略组附加到现有条目,而结构子类pcelsGroupInstance允许将策略组表示为独立条目。
The pcelsGroup class is defined as follows:
pcelsGroup类的定义如下:
( 1.3.6.1.1.9.1.3 NAME 'pcelsGroup' DESC 'Base class for representing a policy group' SUP pcelsPolicySet ABSTRACT MAY ( pcimGroupName ) )
(1.3.6.1.1.9.1.3名称'pcelsGroup'DESC'基类,用于表示策略组'SUP pcelsgoliciset ABSTRACT MAY(pcimGroupName))
The pcelsGroupAuxClass class is defined as follows:
pcelsGroupAuxClass类定义如下:
( 1.3.6.1.1.9.1.4 NAME 'pcelsGroupAuxClass' DESC 'Auxiliary class for representing a policy group' SUP pcelsGroup AUXILIARY )
(1.3.6.1.1.9.1.4名称'pcelsGroupAuxClass'DESC'辅助类,用于表示策略组'SUP pcelsGroup Auxiliary')
The pcelsGroupInstance class is defined as follows:
pcelsGroupInstance类定义如下:
( 1.3.6.1.1.9.1.5 NAME 'pcelsGroupInstance' DESC 'Structural class for representing a policy group' SUP pcelsGroup STRUCTURAL )
(1.3.6.1.1.9.1.5名称“pcelsGroupInstance”DESC结构类,用于表示策略组“SUP pcelsGroup Structural”)
The pcimGroupName attribute type used by the pcelsGroup class is defined in the section 5.2 of [PCLS]. In the pcelsGroup object class, this attribute preserves its syntax and semantics as defined by [PCLS] and [PCIM].
pcelsGroup类使用的pcimGroupName属性类型在[PCLS]的第5.2节中定义。在pcelsGroup对象类中,此属性保留[PCLS]和[PCIM]定义的语法和语义。
Note: PCELS implementations SHOULD support pcelsGroup and its two subclasses and MAY also support pcimGroup and its two subclasses [PCLS]. Applications that choose to support pcelsGroup and its two subclasses MUST use the aggregation mechanism provided by pcelsPolicySetAssociation for aggregating policy groups or policy rules in policy groups represented as instances of pcelsGroup.
注:PCELS实现应支持pcelsGroup及其两个子类,也可支持pcimGroup及其两个子类[PCLS]。选择支持pcelsGroup及其两个子类的应用程序必须使用pcelsPolicySetAssociation提供的聚合机制,以聚合表示为pcelsGroup实例的策略组中的策略组或策略规则。
The pcelsRule class is the base class for representing a policy rule. It is mapped from the modified PolicyRule class [PCIM_EXT]. The pcelsRule class is derived from the pcelsPolicySet class. To maximize flexibility, the pcelsRule class is defined as abstract. An auxiliary subclass pcelsRuleAuxClass enables the attachment of a policy rule to an existing entry, while a structural subclass pcelsRuleInstance permits the representation of a policy rule as a standalone entry.
pcelsRule类是表示策略规则的基类。它是从修改后的PolicyRule类[PCIM_EXT]映射而来的。pcelsRule类派生自pcelsPolicySet类。为了最大限度地提高灵活性,pcelsRule类被定义为抽象类。辅助子类pcelsRuleAuxClass允许将策略规则附加到现有条目,而结构子类pcelsRuleInstance允许将策略规则表示为独立条目。
When reading a pcelsRule instance that has a pcimConditionAuxClass attached, from the policy rule perspective the attribute pcelsConditionList MUST be ignored. For example, if present, the attribute MUST NOT be considered an association between this policy rule and a policy condition. Such situations may occur, for example, when a pcelsCompoundConditionAuxClass is attached to a pcelsRule instance.
读取附加了pcimConditionAuxClass的pcelsRule实例时,从策略规则的角度来看,必须忽略属性pcelsConditionList。例如,如果存在该属性,则不能将其视为此策略规则和策略条件之间的关联。例如,当PCELSCompondConditionAuxClass附加到pcelsRule实例时,可能会发生这种情况。
When reading a pcelsRule instance that has a pcimActionAuxClass attached, from the policy rule perspective the attribute pcelsActionList MUST be ignored. For example, if present, the attribute MUST NOT be considered an association between this policy rule and a policy action. Such situations may occur, for example, when a pcelsCompoundActionAuxClass is attached to a pcelsRule instance.
读取附加了pcimActionAuxClass的pcelsRule实例时,从策略规则的角度来看,必须忽略属性pcelsActionList。例如,如果存在该属性,则不能将其视为此策略规则和策略操作之间的关联。例如,当PCELSCompondactionAuxClass附加到pcelsRule实例时,可能会出现这种情况。
The pcelsRule class is defined as follows:
pcelsRule类的定义如下:
( 1.3.6.1.1.9.1.6 NAME 'pcelsRule' DESC 'Base class for representing a policy rule' SUP pcelsPolicySet ABSTRACT MAY ( pcimRuleName $ pcimRuleEnabled $ pcimRuleUsage $ pcimRuleMandatory $ pcelsRuleValidityPeriodList $ pcelsConditionListType $ pcelsConditionList $ pcelsActionList $ pcelsSequencedActions $ pcelsExecutionStrategy ) )
(1.3.6.1.1.9.1.6用于表示策略规则“SUP pcelsPolicySet ABSTRACT MAY”的名称“pcelsRule”DESC基类(pcimRuleName$pcimRuleEnabled$pcimRuleUsage$pcimRuleMandatory$pcelsRuleValidityPeriodList$pcelsConditionListType$pcelsConditionList$pcelsSequencedActionList$pcelsExecutionStrategy))
The pcelsRuleAuxClass class is defined as follows:
pcelsRuleAuxClass类定义如下:
( 1.3.6.1.1.9.1.7 NAME 'pcelsRuleAuxClass' DESC 'Auxiliary class for representing a policy rule' SUP pcelsRule AUXILIARY )
(1.3.6.1.1.9.1.7名称'pcelsRuleAuxClass'DESC'辅助类,用于表示策略规则'SUP pcelsRule Auxiliary')
The pcelsRuleInstance class is defined as follows:
pcelsRuleInstance类的定义如下:
( 1.3.6.1.1.9.1.8 NAME 'pcelsRuleInstance' DESC 'Structural class for representing a policy rule' SUP pcelsRule STRUCTURAL )
(1.3.6.1.1.9.1.8用于表示策略规则“SUP pcelsRule Structural”的名称“pcelsRuleInstance”DESC结构类)
Four of the attributes used by the pcelsRule class are defined in the section 5.3 of [PCLS]. These attributes are: pcimRuleName, pcimRuleEnabled, pcimRuleUsage and pcimRuleMandatory. In the pcelsRule object class, these attributes preserve their syntax and semantics as defined by [PCLS] and [PCIM].
pcelsRule类使用的四个属性在[PCLS]的第5.3节中定义。这些属性是:pcimRuleName、pcimRuleEnabled、pcimRuleUsage和pcimRuleMandatory。在pcelsRule对象类中,这些属性保留了[PCLS]和[PCIM]定义的语法和语义。
The attributes pcimRuleValidityPeriodList, pcimRuleConditionListType, pcimRuleConditionList, pcimRuleActionList and pcimRuleSequencedActions defined in [PCLS] are not used by pcelsRule. Instead, this class uses the new attributes pcelsRuleValidityPeriodList, pcelsConditionListType, pcelsConditionList, pcelsActionList and pcelsSequencedActions. Except for pcelsRuleValidityPeriodList, the new attributes are also used for similar purpose by either pcelsCompoundConditionAuxClass or pcelsCompoundActionAuxClass.
pcelsRule不使用[PCLS]中定义的属性pcimRuleValidityPeriodList、pcimRuleConditionListType、pcimRuleConditionList、pcimRuleActionList和pcimRuleSequencedActions。相反,此类使用新属性pcelsRuleValidityPeriodList、pcelscoditionlistType、pcelscoditionlist、pcelsActionList和pcelsequencedactions。除了pcelsRuleValidityPeriodList之外,pcelsCompoundConditionAuxClass或pcelsCompoundActionAuxClass也将这些新属性用于类似目的。
The pcelsRuleValidityPeriodList attribute type is used in the realization of the PolicyRuleValidityPeriod association ([PCIM_EXT] and [PCIM]). This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for pcelsRuleValidityPeriodList attributes are DNs of pcimRuleValidityAssociation entries. In a pcelsRule, the pcelsRuleValidityPeriodList attribute represents the associations between this policy rule and its time period conditions.
PCELSRuleValidityPeriod列表属性类型用于实现PolicyRuleValidityPeriod关联([PCIM_EXT]和[PCIM])。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性可以有多个值。pcelsRuleValidityPeriodList属性的唯一允许值是pcimRuleValidityAssociation条目的DNs。在pcelsRule中,pcelsRuleValidityPeriodList属性表示此策略规则与其时间段条件之间的关联。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.62 NAME 'pcelsRuleValidityPeriodList' DESC 'Unordered set of DNs of pcimRuleValidityAssociation entries' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
(1.3.6.1.1.9.2.62名称“pcelsRuleValidityPeriodList”描述“pcimRuleValidityAssociation条目的DNs无序集”相等区分名称匹配语法1.3.6.1.4.1.1466.115.121.1.12)
The pcelsConditionListType attribute type indicates whether the set of aggregated conditions is in disjunctive or conjunctive normal form. It is mapped from the PolicyRule.ConditionListType property [PCIM] (identical to the CompoundPolicyCondition.ConditionListType property defined in [PCIM_EXT]). This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are 1 (Disjunctive) and 2 (Conjunctive). If this attribute is missing from a pcelsRule instance, applications MUST assume that the set of aggregated conditions is in disjunctive normal form.
pcelsConditionListType属性类型指示聚合条件集是析取范式还是合取范式。它从PolicyRule.ConditionListType属性[PCIM]映射(与[PCIM\U EXT]中定义的CompoundPolicyCondition.ConditionListType属性相同)。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值为1(析取)和2(合取)。如果pcelsRule实例中缺少此属性,则应用程序必须假定聚合条件集为析取范式。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.6 NAME 'pcelsConditionListType' DESC 'Indicates the type of condition aggregation' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.6名称'pcelsConditionListType'DESC'表示条件聚合的类型'EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27单值)
The pcelsConditionList attribute type is used in the realization of the PolicyConditionStructure association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for pcelsConditionList attributes are DNs of pcelsConditionAssociation entries. In a pcelsRule, the pcelsConditionList attribute represents the associations between this policy rule and its conditions.
pcelsConditionList属性类型用于实现PolicyConditionStructure关联[PCIM\U EXT]。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性可以有多个值。pcelsConditionList属性唯一允许的值是pcelsConditionAssociation项的DNs。在pcelsRule中,pcelsConditionList属性表示此策略规则及其条件之间的关联。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.7 NAME 'pcelsConditionList' DESC 'Unordered set of DNs of pcelsConditionAssociation entries' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
(1.3.6.1.1.9.2.7名称“pcelsConditionList”DESC“pcelsConditionAssociation条目的DNs无序集”相等区分名称匹配语法1.3.6.1.4.1.1466.115.121.1.12)
The pcelsActionList attribute type is used in the realization of the PolicyActionStructure association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for pcelsActionList attributes are DNs of pcelsActionAssociation entries. In a pcelsRule, the pcelsActionList attribute represents the associations between this policy rule and its actions.
pcelsActionList属性类型用于实现PolicyActionStructure关联[PCIM_EXT]。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性可以有多个值。pcelsActionList属性唯一允许的值是pcelsActionAssociation项的DNs。在pcelsRule中,pcelsActionList属性表示此策略规则及其操作之间的关联。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.8 NAME 'pcelsActionList' DESC 'Unordered set of DNs of pcelsActionAssociation entries' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
(1.3.6.1.1.9.2.8名称“pcelsActionList”DESC“pcelsActionAssociation条目的DNs无序集”相等区分名称匹配语法1.3.6.1.4.1.1466.115.121.1.12)
The pcelsSequencedActions attribute type indicates whether the ordered execution of actions in an aggregate is Mandatory, Recommended or DontCare. It is mapped from the PolicyRule.SequencedActions property [PCIM] (identical to the CompoundPolicyAction.SequencedActions property defined in [PCIM_EXT]). This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are 1 (Mandatory), 2 (Recommended) and 3 (DontCare). If this attribute is missing from a pcelsRule instance, applications MUST assume that the ordered execution of actions in this rule is not important (DontCare).
pcelsSequencedActions属性类型指示聚合中操作的有序执行是强制的、推荐的还是DontCare。它从PolicyRule.SequencedActions属性[PCIM]映射(与[PCIM_EXT]中定义的CompoundPolicyAction.SequencedActions属性相同)。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值为1(必需)、2(推荐)和3(DontCare)。如果pcelsRule实例中缺少此属性,则应用程序必须假定此规则中操作的有序执行并不重要(DontCare)。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.9 NAME 'pcelsSequencedActions' DESC 'Indicates the importance of action sequencing' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.9名称“pcelsSequencedActions”DESC表示动作排序“相等整数匹配排序整数排序匹配语法1.3.6.1.4.1.1466.115.121.1.27单值”的重要性)
The pcelsExecutionStrategy attribute type indicates whether the actions in an aggregate are to be executed until success, all (independent of their outcome) or until failure. It is mapped from the PolicyRule.ExecutionStrategy property [PCIM_EXT] (identical to the CompoundPolicyAction.ExecutionStrategy property). This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are 1 (Do until success), 2 (Do all) and 3 (Do until failure). If this attribute is missing from a pcelsRule instance, applications MUST assume that all the actions are to be executed (Do all).
pcelsExecutionStrategy属性类型指示聚合中的操作是执行到成功、全部(独立于其结果)还是失败。它从PolicyRule.ExecutionStrategy属性[PCIM_EXT](与CompoundPolicyAction.ExecutionStrategy属性相同)映射而来。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值为1(执行直到成功)、2(全部执行)和3(执行直到失败)。如果pcelsRule实例中缺少此属性,则应用程序必须假定所有操作都将被执行(全部执行)。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.10 NAME 'pcelsExecutionStrategy' DESC 'Indicates the action execution strategy' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.10名称'pcelsExecutionStrategy'DESC'表示动作执行策略'EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27单值)
Note 1: Rule validity periods for an instance of pcelsRule are realized using the attribute pcelsRuleValidityPeriodList and pcimRuleValidityAssociation [PCLS] entries subordinated to the rule.
注1:pcelsRule实例的规则有效期是使用属性pcelsRuleValidityPeriodList和从属于该规则的pcimRuleValidityAssociation[PCLS]条目实现的。
If DIT structure rules and name forms are written for a PCELS implementation (as suggested in section 5.5 of [PCLS]), they would require that an instance of the pcimRuleValidityAssociation class have as its superior an instance of the pcelsRule class or, if applicable, an instance of the pcimRule class. Any structure rules and name forms that require an instance of the pcimRuleValidityAssociation class to have as its superior only an instance of the pcimRule class, are in conflict and MUST be removed.
如果DIT结构规则和名称表单是为PCELS实现而编写的(如[PCLS]第5.5节所建议),则它们将要求pcimRuleValidityAssociation类的实例具有pcelsRule类的实例作为其上级,或pcimRule类的实例(如适用)。任何要求pcimRuleValidityAssociation类的实例仅具有pcimRule类的实例作为其上级的结构规则和名称表单都存在冲突,必须删除。
Note 2: PCELS implementations SHOULD support pcelsRule and its two subclasses and MAY also support pcimRule and its two subclasses [PCLS]. Applications that choose to support pcelsRule and its two subclasses MUST use the aggregation mechanism provided by pcelsPolicySetAssociation for aggregating policy groups or policy rules in policy rules represented as instances of pcelsRule.
注2:PCELS实现应支持pcelsRule及其两个子类,也可支持pcimRule及其两个子类[PCLS]。选择支持pcelsRule及其两个子类的应用程序必须使用pcelsPolicySetAssociation提供的聚合机制,以聚合表示为pcelsRule实例的策略规则中的策略组或策略规则。
The pcelsConditionAssociation class is used in the aggregation of PolicyCondition instances [PCIM]. pcelsConditionAssociation entries are always subordinated to the aggregating entry. When subordinated to an instance of pcelsRule, the pcelsConditionAssociation entry realizes the PolicyConditionInPolicyRule association [PCIM_EXT]. When subordinated to an instance of pcelsCompoundConditionAuxClass, the pcelsConditionAssociation entry realizes the PolicyConditionInPolicyCondition association [PCIM_EXT].
pcelsConditionAssociation类用于聚合PolicyCondition实例[PCIM]。pcelsConditionAssociation条目始终从属于聚合条目。当从属于pcelsRule实例时,pcelsConditionAssociation条目实现PolicyConditionInPolicyRule关联[PCIM\U EXT]。当从属于pcelsCompoundConditionAuxClass实例时,pcelsConditionAssociation条目实现PolicyConditionInPolicyCondition关联[PCIM\U EXT]。
The pcelsConditionAssociation class is a structural object class and it is derived from the pcimRuleConditionAssociation class [PCLS].
pcelsConditionAssociation类是一个结构对象类,它派生自pcimRuleConditionAssociation类[PCLS]。
The aggregation of a reusable instance of pcimConditionAuxClass is realized via the pcimConditionDN attribute. A non-reusable instance of pcimConditionAuxClass is attached directly to the pcelsConditionAssociation entry.
pcimConditionAuxClass的可重用实例的聚合是通过pcimConditionDN属性实现的。pcimConditionAuxClass的不可重用实例直接附加到pcelsConditionAssociation条目。
When reading a pcelsConditionAssociation entry that has a pcimConditionAuxClass instance attached, the attribute pcimConditionDN MUST be ignored. Applications SHOULD remove the pcimConditionDN value from a pcelsConditionAssociation upon attachment of a pcimConditionAuxClass to the entry.
读取附加了pcimConditionAuxClass实例的pcelsConditionAssociation条目时,必须忽略属性pcimConditionDN。将pcimConditionAuxClass附加到条目时,应用程序应从pcelsConditionAssociation中删除pcimConditionDN值。
The pcelsConditionAssociation class is defined as follows:
pcelsConditionAssociation类的定义如下:
( 1.3.6.1.1.9.1.9 NAME 'pcelsConditionAssociation' DESC 'Associates a policy conditions to an aggregating entry' SUP pcimRuleConditionAssociation STRUCTURAL )
(1.3.6.1.1.9.1.9名称“pcelsConditionAssociation”DESC将策略条件与聚合条目“SUP pcimRuleConditionAssociation STRUCTURAL”关联)
This class extends the semantics of the pcimRuleConditionAssociation object class without using any new attributes. All its attributes are inherited from the pcimRuleConditionAssociation that is defined in section 5.4 of [PCLS].
此类扩展了pcimRuleConditionAssociation对象类的语义,而不使用任何新属性。其所有属性均继承自[PCLS]第5.4节中定义的pcimRuleConditionAssociation。
The pcelsActionAssociation class is used in the aggregation of PolicyAction instances [PCIM]. pcelsActionAssociation entries are always subordinated to the aggregating entry. When subordinated to a pcelsRule instance, the pcelsActionAssociation entry realizes the PolicyActionInPolicyRule association [PCIM_EXT]. When subordinated to an instance of pcelsCompoundActionAuxClass, the pcelsActionAssociation entry realizes the PolicyActionInPolicyAction association [PCIM_EXT].
pcelsActionAssociation类用于聚合PolicyAction实例[PCIM]。pcelsActionAssociation条目始终从属于聚合条目。当从属于pcelsRule实例时,pcelsActionAssociation条目实现PolicyActionInPolicyRule关联[PCIM\U EXT]。当从属于PCELSCompondactionAuxClass实例时,pcelsActionAssociation条目实现PolicyActionInPolicyAction关联[PCIM\U EXT]。
The pcelsActionAssociation class is a structural object class and it is derived from the pcimRuleActionAssociation class [PCLS].
pcelsActionAssociation类是一个结构对象类,它派生自pcimRuleActionAssociation类[PCLS]。
The aggregation of a reusable instance of pcimActionAuxClass is realized via the pcimActionDN attribute. A non-reusable instance of pcimActionAuxClass is attached directly to the pcelsActionAssociation entry.
pcimActionAuxClass的可重用实例的聚合是通过pcimActionDN属性实现的。pciActionAuxClass的不可重用实例直接附加到pcelActionAssociation条目。
When reading a pcelsActionAssociation entry that has a pcimActionAuxClass instance attached, the attribute pcimActionDN MUST be ignored. Applications SHOULD remove the pcimActionDN value from a pcelsActionAssociation upon attachment of a pcimActionAuxClass to the entry.
读取附加了pcimActionAuxClass实例的pcelsActionAssociation条目时,必须忽略属性pcimActionDN。将pcimActionAuxClass附加到条目时,应用程序应从pcelsActionAssociation中删除pcimActionDN值。
The pcelsActionAssociation class is defined as follows:
pcelsActionAssociation类的定义如下:
( 1.3.6.1.1.9.1.10 NAME 'pcelsActionAssociation' DESC 'Associates a policy conditions to an aggregating entry' SUP pcimRuleActionAssociation STRUCTURAL )
(1.3.6.1.1.9.1.10名称“PCELActionAssociation”DESC将策略条件关联到聚合条目“SUP pcimRuleActionAssociation STRUCTURAL”)
This class extends the semantics of the pcimRuleActionAssociation object class without using any new attributes. All its attributes are inherited from the pcimRuleActionAssociation that is defined in section 5.6 of [PCLS].
此类扩展了pcimRuleActionAssociation对象类的语义,而不使用任何新属性。其所有属性均继承自[PCLS]第5.6节中定义的pcimRuleActionAssociation。
The pcelsSimpleConditionAuxClass class implements a Value matching condition for a Variable. It is mapped from the SimplePolicyCondition class [PCIM_EXT]. The pcelsSimpleConditionAuxClass class is an auxiliary object class and it is derived from the pcimConditionAuxClass class [PCLS].
pcelsSimpleConditionAuxClass类实现变量的值匹配条件。它是从SimplePolicyCondition类[PCIM_EXT]映射而来的。pcelsSimpleConditionAuxClass类是一个辅助对象类,它派生自pcimConditionAuxClass类[PCLS]。
A reusable variable/value is associated to a pcelsSimpleConditionAuxClass via the pcelsVariableDN/pcelsValueDN reference from the simple condition instance. A non-reusable variable/value is associated directly as auxiliary object class to the same entry as the pcelsSimpleConditionAuxClass instance.
可重用变量/值通过简单条件实例中的pcelsVariableDN/pcelsValueDN引用与pcelsSimpleConditionAuxClass关联。不可重用的变量/值作为辅助对象类直接关联到与pcelsSimpleConditionAuxClass实例相同的条目。
When reading a pcelsSimpleConditionAuxClass instance that has an instance of pcelsVariable attached, the attribute pcelsVariableDN MUST be ignored. Applications SHOULD remove the pcelsVariableDN value from a pcelsSimpleConditionAuxClass instance upon attachment of a pcelsVariable instance to the same entry.
读取附加了pcelsVariable实例的pcelsSimpleConditionAuxClass实例时,必须忽略属性pcelsVariableDN。将pcelsVariable实例附加到同一条目时,应用程序应从pcelsSimpleConditionAuxClass实例中删除pcelsVariableDN值。
When reading a pcelsSimpleConditionAuxClass instance that has an instance of pcelsValue attached, the attribute pcelsValueDN MUST be ignored. Applications SHOULD remove the pcelsValueDN value from a pcelsSimpleConditionAuxClass instance upon attachment of a pcelsValue instance to the same entry.
读取附加了pcelsValue实例的pcelsSimpleConditionAuxClass实例时,必须忽略属性pcelsValueDN。将pcelsValue实例附加到同一条目时,应用程序应从pcelsSimpleConditionAuxClass实例中删除pcelsValueDN值。
The pcelsSimpleConditionAuxClass class is defined as follows:
pcelsSimpleConditionAuxClass类定义如下:
( 1.3.6.1.1.9.1.11 NAME 'pcelsSimpleConditionAuxClass' DESC 'Value matching condition for a policy variable' SUP pcimConditionAuxClass AUXILIARY MAY ( pcelsVariableDN $ pcelsValueDN ) )
(1.3.6.1.1.9.1.11策略变量“SUP pcimConditionAuxClass AUXILIARY MAY”(pcelsVariableDN$pcelsValueDN)的名称“pcelsSimpleConditionAuxClass”“DESC”值匹配条件)
The pcelsVariableDN attribute type realizes the PolicyVariableInSimplePolicyCondition association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. The only allowed values for pcelsVariableDN attributes are DNs of pcelsVariable entries. In a
pcelsVariableDN属性类型实现PolicyVariableInSimplePolicyCondition关联[PCIM\U EXT]。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性只能有一个值。pcelsVariableDN属性的唯一允许值是pcelsVariable条目的DNs。在一个
pcelsSimpleConditionAuxClass, the pcelsVariableDN attribute represents the association between this simple policy condition and its policy variable.
pcelsSimpleConditionAuxClass,pcelsVariableDN属性表示此简单策略条件与其策略变量之间的关联。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.11 NAME 'pcelsVariableDN' DESC 'DN of a pcelsVariable entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
(1.3.6.1.1.9.2.11名称'pcelsVariableDN'DESC'pcelsVariable条目的DN'EQUALITY DiscrimizedNameMatch语法1.3.6.1.4.1.1466.115.121.1.12单值)
The pcelsValueDN attribute type realizes the PolicyValueInSimplePolicyCondition association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. The only allowed values for pcelsValueDN attributes are DNs of pcelsValueAuxClass entries. In a pcelsSimpleConditionAuxClass, the pcelsValueDN attribute represents the association between this simple policy condition and its policy value.
pcelsValueDN属性类型实现PolicyValueInSimplePolicyCondition关联[PCIM\U EXT]。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性只能有一个值。pcelsValueDN属性的唯一允许值是pcelsValueAuxClass条目的DNs。在pcelsSimpleConditionAuxClass中,pcelsValueDN属性表示此简单策略条件与其策略值之间的关联。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.12 NAME 'pcelsValueDN' DESC 'DN of a pcelsValueAuxClass entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
(1.3.6.1.1.9.2.12名称'pcelsValueDN'DESC'pcelsValueAuxClass条目的DN'相等区分名称匹配语法1.3.6.1.4.1.1466.115.121.1.12单值)
Note: An instance of pcelsSimpleActionAuxClass and an instance of pcelsSimpleConditionAuxClass MUST NOT be attached to the same entry. Because the two classes use the same mechanisms to associate Variables and Values, this restriction is necessary in order to avoid ambiguities.
注意:pcelsSimpleActionAuxClass实例和pcelsSimpleConditionAuxClass实例不得附加到同一条目。因为这两个类使用相同的机制来关联变量和值,所以为了避免歧义,这个限制是必要的。
The pcelsCompoundConditionAuxClass class represents a compound policy condition formed by the aggregation of other policy conditions. It is mapped from the CompoundPolicyCondition class [PCIM_EXT]. The pcelsCompoundConditionAuxClass class is an auxiliary object class and it is derived from the pcimConditionAuxClass class [PCLS].
pcelsCompoundConditionAuxClass类表示由其他策略条件聚合而成的复合策略条件。它是从CompoundPolicyCondition类[PCIM_EXT]映射而来的。pcelsCompoundConditionAuxClass类是一个辅助对象类,它派生自pcimConditionAuxClass类[PCLS]。
The pcelsCompoundConditionAuxClass class is defined as follows:
pcelsCompoundConditionAuxClass类定义如下:
( 1.3.6.1.1.9.1.12 NAME 'pcelsCompoundConditionAuxClass' DESC 'Boolean combination of simpler conditions' SUP pcimConditionAuxClass AUXILIARY MAY ( pcelsConditionListType $ pcelsConditionList ) )
(1.3.6.1.1.9.1.12名称“pcelsCompoundConditionAuxClass”描述“简单条件的布尔组合”辅助pcimConditionAuxClass(PCELSCOmpionListType$pcelsConditionList))
If the pcelsConditionListType attribute is missing from a pcelsCompoundConditionAuxClass instance, applications MUST assume that the set of aggregated conditions is in disjunctive normal form.
如果pcelsCompoundConditionAuxClass实例中缺少pcelsConditionListType属性,则应用程序必须假定聚合条件集为析取范式。
In a pcelsCompoundConditionAuxClass instance, the pcelsConditionList attribute represents the associations between this compound policy condition and the compounded conditions.
在pcelsCompoundConditionAuxClass实例中,pcelsConditionList属性表示此复合策略条件与复合条件之间的关联。
These attribute types are defined in section 5.4.
这些属性类型在第5.4节中定义。
Like pcelsRule, instances of pcelsCompoundConditionAuxClass use pcelsConditionList values and subordinated pcelsConditionAssociation entries to aggregate policy conditions.
与pcelsRule类似,pcelsCompoundConditionAuxClass的实例使用pcelsConditionList值和从属pcelsConditionAssociation项来聚合策略条件。
The pcelsCompoundFilterConditionAuxClass class represents a domain-level filter. It is mapped from the CompoundFilterCondition class [PCIM_EXT]. The pcelsCompoundFilterConditionAuxClass class is an auxiliary object class and it is derived from the pcelsCompoundConditionAuxClass class.
pcelsCompoundFilterConditionAuxClass类表示域级筛选器。它从CompoundFilterCondition类[PCIM\U EXT]映射而来。pcelsCompoundFilterConditionAuxClass类是一个辅助对象类,它派生自pcelsCompoundConditionAuxClass类。
The pcelsCompoundFilterConditionAuxClass class is defined as follows:
pcelsCompoundFilterConditionAuxClass类定义如下:
( 1.3.6.1.1.9.1.13 NAME 'pcelsCompoundFilterConditionAuxClass' DESC 'A compound condition with mirroring capabilities' SUP pcelsCompoundConditionAuxClass AUXILIARY MAY ( pcelsIsMirrored ) )
(1.3.6.1.1.9.1.13名称“pcelsCompoundFilterConditionAuxClass”描述“具有镜像功能的复合条件”支持pcelsCompoundConditionAuxClass辅助可能(pcelsIsMirrored))
The pcelsIsMirrored attribute type indicates whether the traffic that mirrors the specified filter is to be treated as matching the filter. It is mapped from the CompoundFilterCondition.IsMirrored property [PCIM_EXT]. This attribute type is of syntax Boolean [LDAP_SYNTAX]. It has an equality matching rule of booleanMatch [LDAP_MATCH].
PCELSIMSMIRRORED属性类型指示是否将镜像指定筛选器的流量视为与筛选器匹配。它从CompoundFilterCondition.IsMirrored属性[PCIM\U EXT]映射而来。此属性类型的语法为布尔[LDAP_syntax]。它的相等匹配规则为booleanMatch[LDAP_MATCH]。
Attributes of this type can only have a single value. If this attribute is missing from a pcelsCompoundFilterConditionAuxClass instance, applications MUST assume that the filter is not mirrored.
此类型的属性只能有一个值。如果pcelsCompoundFilterConditionAuxClass实例中缺少此属性,则应用程序必须假定筛选器未镜像。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.13 NAME 'pcelsIsMirrored' DESC 'Indicates whether the mirrored traffic matches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
(1.3.6.1.1.9.2.13名称“pcelsIsMirrored”DESC表示镜像流量是否匹配“相等布尔匹配语法1.3.6.1.4.1.1466.115.121.1.7单值”)
The pcelsSimpleActionAuxClass class implements the action of assigning a Value to a Variable. It is mapped from the SimplePolicyAction class [PCIM_EXT]. The pcelsSimpleActionAuxClass class is an auxiliary object class and it is derived from the pcimActionAuxClass class [PCLS].
pcelsSimpleActionAuxClass类实现为变量赋值的操作。它是从SimplePolicyAction类[PCIM_EXT]映射而来的。pcelsSimpleActionAuxClass类是一个辅助对象类,它派生自pcimActionAuxClass类[PCLS]。
A reusable variable/value is associated to a pcelsSimpleActionAuxClass via the pcelsVariableDN/pcelsValueDN reference from the simple action instance. A non-reusable variable/value is associated directly as auxiliary object class to the same entry as the pcelsSimpleActionAuxClass instance.
可重用变量/值通过简单操作实例中的pcelsVariableDN/pcelsValueDN引用与pcelsSimpleActionAuxClass关联。不可重用的变量/值作为辅助对象类直接关联到与pcelsSimpleActionAuxClass实例相同的条目。
When reading a pcelsSimpleActionAuxClass instance that has an instance of pcelsVariable attached, the attribute pcelsVariableDN MUST be ignored. Applications SHOULD remove the pcelsVariableDN value from a pcelsSimpleActionAuxClass instance upon attachment of a pcelsVariable instance to the same entry.
读取附加了pcelsVariable实例的pcelsSimpleActionAuxClass实例时,必须忽略属性pcelsVariableDN。将pcelsVariable实例附加到同一条目时,应用程序应从pcelsSimpleActionAuxClass实例中删除pcelsVariableDN值。
When reading a pcelsSimpleActionAuxClass instance that has an instance of pcelsValue attached, the attribute pcelsValueDN MUST be ignored. Applications SHOULD remove the pcelsValueDN value from a pcelsSimpleActionAuxClass instance upon attachment of a pcelsValue instance to the same entry.
读取附加了pcelsValue实例的pcelsSimpleActionAuxClass实例时,必须忽略属性pcelsValueDN。将pcelsValue实例附加到同一条目时,应用程序应从pcelsSimpleActionAuxClass实例中删除pcelsValueDN值。
The pcelsSimpleActionAuxClass class is defined as follows:
pcelsSimpleActionAuxClass类定义如下:
( 1.3.6.1.1.9.1.14 NAME 'pcelsSimpleActionAuxClass' DESC 'Value assignment action for a policy variable' SUP pcimActionAuxClass AUXILIARY MAY ( pcelsVariableDN $ pcelsValueDN ) )
(1.3.6.1.1.9.1.14策略变量“SUP pcimActionAuxClass”的名称“pcelsSimpleActionAuxClass”DESC“值分配操作可能(pcelsVariableDN$pcelsValueDN))
In a pcelsSimpleActionAuxClass, the pcelsVariableDN attribute represents the association between this simple policy action and its policy variable. It realizes the PolicyVariableInSimplePolicyAction association [PCIM_EXT].
在pcelsSimpleActionAuxClass中,pcelsVariableDN属性表示此简单策略操作与其策略变量之间的关联。它实现了PolicyVariableInSimplePolicyAction关联[PCIM\U EXT]。
In a pcelsSimpleActionAuxClass, the pcelsValueDN attribute represents the association between this simple policy action and its policy value. It realizes the PolicyValueInSimplePolicyAction association [PCIM_EXT].
在pcelsSimpleActionAuxClass中,pcelsValueDN属性表示此简单策略操作与其策略值之间的关联。它在SimplePolicyAction关联[PCIM\U EXT]中实现PolicyValue。
These attributes are defined in section 5.7.
这些属性在第5.7节中定义。
Note: An instance of pcelsSimpleActionAuxClass and an instance of pcelsSimpleConditionAuxClass MUST NOT be attached to the same entry. Because the two classes use the same mechanisms to associate Variables and Values, this restriction is necessary in order to avoid ambiguities.
注意:pcelsSimpleActionAuxClass实例和pcelsSimpleConditionAuxClass实例不得附加到同一条目。因为这两个类使用相同的机制来关联变量和值,所以为了避免歧义,这个限制是必要的。
The pcelsCompoundActionAuxClass class represents a compound policy action formed by the aggregation of other policy actions. It is mapped from the CompoundPolicyCondition class [PCIM_EXT]. The pcelsCompoundActionAuxClass class is an auxiliary object class and it is derived from the pcimActionAuxClass class [PCLS].
PcelsCompoundationAuxClass类表示由其他策略操作聚合而成的复合策略操作。它是从CompoundPolicyCondition类[PCIM_EXT]映射而来的。PCELSCompondactionAuxClass类是一个辅助对象类,它派生自pcimActionAuxClass类[PCLS]。
The pcelsCompoundActionAuxClass class is defined as follows:
PCELSCompondactionAuxClass类定义如下:
( 1.3.6.1.1.9.1.15 NAME 'pcelsCompoundActionAuxClass' DESC 'Sequence of actions with specific execution strategy' SUP pcimActionAuxClass AUXILIARY MAY ( pcelsActionList $ pcelsSequencedActions $ pcelsExecutionStrategy ) )
(1.3.6.1.1.9.1.15名称'pcelsCompoundActionAuxClass'DESC'具有特定执行策略的操作序列'SUP pcimActionAuxClass AUXILIARY MAY(pcelsActionList$pcelsequencedactions$pcelsExecutionStrategy))
In a pcelsCompoundActionAuxClass instance, the pcelsActionList attribute represents the associations between this policy rule and its actions.
在PcelsCompoundationAuxClass实例中,pcelsActionList属性表示此策略规则与其操作之间的关联。
If the pcelsSequencedActions attribute is missing from a pcelsCompoundActionAuxClass instance, applications MUST assume that the ordered execution of actions in this compound policy action is not important (DontCare).
如果pcelsSequencedActions属性在PcelsCompoundationAuxClass实例中丢失,则应用程序必须假定此复合策略操作中操作的有序执行不重要(DontCare)。
If the pcelsExecutionStrategy attribute is missing from a pcelsCompoundActionAuxClass instance, applications MUST assume that all the actions are to be executed (Do all).
如果PcelsCompoundationAuxClass实例中缺少pcelsExecutionStrategy属性,则应用程序必须假定要执行所有操作(全部执行)。
These attribute types are defined in section 5.4.
这些属性类型在第5.4节中定义。
Like pcelsRule, instances of pcelsCompoundActionAuxClass use pcelsActionList values and subordinated pcelsActionAssociation entries to aggregate policy actions.
与pcelsRule类似,PcelsCompoundationAuxClass的实例使用pcelsActionList值和从属pcelsActionAssociation项来聚合策略操作。
The pcelsVariable class is mapped from the PolicyVariable class [PCIM_EXT]. The pcelsVariable is an abstract object class and it is derived directly from the 'top' object class [LDAP_SCHEMA].
pcelsVariable类从PolicyVariable类[PCIM_EXT]映射而来。pcelsVariable是一个抽象对象类,它直接从“top”对象类[LDAP_SCHEMA]派生而来。
A pcelsVariable instance may be associated to a set of pcelsValueAuxClass instances that represent its expected values. The expected values for a variable may be indicated by:
pcelsVariable实例可能与表示其预期值的一组pcelsValueAuxClass实例相关联。变量的预期值可通过以下方式表示:
(1) pcelsExpectedValueList references to reusable instances of pcelsValueAuxClass, or (2) pcelsExpectedValueList references to subordinated non-reusable instances of pcelsValueAuxClass
(1) pcelsExpectedValueList引用pcelsValueAuxClass的可重用实例,或(2)pcelsExpectedValueList引用pcelsValueAuxClass的从属不可重用实例
The pcelsVariable class is defined as follows:
pcelsVariable类的定义如下:
( 1.3.6.1.1.9.1.16 NAME 'pcelsVariable' DESC 'Base class for representing a policy variable' SUP top ABSTRACT MAY ( pcelsVariableName $ pcelsExpectedValueList ) )
(1.3.6.1.1.9.1.16名称'pcelsVariable'DESC'基类,用于表示策略变量'SUP top ABSTRACT MAY'(pcelsVariableName$pcelsExpectedValueList))
The pcelsVariableName attribute type may be used as naming attribute for pcelsVariable entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of
pcelsVariableName属性类型可用作pcelsVariable项的命名属性。此属性类型的语法为目录字符串[LDAP_syntax]。它有一个相等匹配规则
caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value.
caseIgnoreMatch、caseIgnoreOrderingMatch的排序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性只能有一个值。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.14 NAME 'pcelsVariableName' DESC 'The user-friendly name of a variable.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
(1.3.6.1.1.9.2.14 NAME'pcelsVariableName'DESC'变量的用户友好名称。'EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch语法1.3.6.1.4.1.1466.115.121.1.15单值)
The pcelsExpectedValueList attribute type realizes the ExpectedPolicyValuesForVariable association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for pcelsExpectedValueList attributes are DNs of pcelsValueAuxClass entries. In a pcelsVariable, the pcelsExpectedValueList attribute represents the associations between this policy variable and its expected values.
pcelsExpectedValueList属性类型实现ExpectedPolicyValuesForVariable关联[PCIM\U EXT]。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性可以有多个值。pcelsExpectedValueList属性唯一允许的值是pcelsValueAuxClass项的DNs。在pcelsVariable中,pcelsExpectedValueList属性表示此策略变量与其期望值之间的关联。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.15 NAME 'pcelsExpectedValueList' DESC 'Unordered set of DNs of pcelsValueAuxClass entries representing expected values for a policy variable' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
(1.3.6.1.1.9.2.15名称'pcelsExpectedValueList'DESC'表示策略变量'EQUALITY DifferentiedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12的预期值的pcelsValueAuxClass项的无序DNs集)
The pcelsExplicitVariableAuxClass class is mapped from the PolicyExplicitVariable class [PCIM_EXT]. The pcelsExplicitVariableAuxClass is an auxiliary object class and it is derived from the pcelsVariable class.
PcelsExplicitVariableUxClass类是从PolicyExplicitVariable类[PCIM_EXT]映射而来的。PcelsExplicitVariableUxClass是一个辅助对象类,它派生自pcelsVariable类。
The pcelsExplicitVariableAuxClass class is defined as follows:
PcelsExplicitVariableUxClass类定义如下:
( 1.3.6.1.1.9.1.17 NAME 'pcelsExplicitVariableAuxClass' DESC 'Explicitly defined policy variable' SUP pcelsVariable AUXILIARY MUST ( pcelsVariableModelClass $ pcelsVariableModelProperty ) )
(1.3.6.1.1.9.1.17名称“pcelsExplicitVariableUxClass”DESC“显式定义的策略变量”SUP pcelsVariable辅助必须(pcelsVariableModelClass$pcelsVariableModelProperty))
The pcelsVariableModelClass attribute type identifies a [CIM] class whose property is evaluated or set as a variable. It is mapped from the PolicyExplicitVariable.ModelClass property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value.
pcelsVariableModelClass属性类型标识一个[CIM]类,该类的属性被计算或设置为变量。它是从PolicyExplicitVariable.ModelClass属性[PCIM\U EXT]映射而来的。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch[LDAP_语法]的相等匹配规则。此类型的属性只能有一个值。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.16 NAME 'pcelsVariableModelClass' DESC 'Identifies a CIM class' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
(1.3.6.1.1.9.2.16名称'pcelsVariableModelClass'DESC'标识CIM类'EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15单值)
The pcelsVariableModelProperty attribute type identifies the
attribute of a [CIM] class, which is evaluated or set as a variable.
It is mapped from the PolicyExplicitVariable.ModelProperty property
[PCIM_EXT]. This attribute type is of syntax Directory String
[LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch
[LDAP_SYNTAX]. Attributes of this type can only have a single value.
The pcelsVariableModelProperty attribute type identifies the
attribute of a [CIM] class, which is evaluated or set as a variable.
It is mapped from the PolicyExplicitVariable.ModelProperty property
[PCIM_EXT]. This attribute type is of syntax Directory String
[LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch
[LDAP_SYNTAX]. Attributes of this type can only have a single value.
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.17 NAME 'pcelsVariableModelProperty' DESC 'Identifies the property of a CIM class.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
(1.3.6.1.1.9.2.17名称'pcelsVariableModelProperty'DESC'标识CIM类的属性。'EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15单值)
The pcelsImplicitVariableAuxClass class is mapped from the PolicyImplicitVariable class [PCIM_EXT]. The pcelsImplicitVariableAuxClass is an auxiliary object class and it is derived from the pcelsVariable class.
pcelsImplicitVariableAuxClass类是从PolicyImplicitVariable类[PCIM_EXT]映射而来的。pcelsImplicitVariableAuxClass是一个辅助对象类,它派生自pcelsVariable类。
The pcelsImplicitVariableAuxClass class does not represent actual variables; these are introduced by its subclasses. pcelsImplicitVariableAuxClass introduces the semantics of being an implicitly defined policy variable and these semantics are inherited by all its subclasses. These semantics include those inherited from pcelsVariable that possibly represent either rule-specific or reusable policy variables.
pcelsImplicitVariableAuxClass类不表示实际变量;这些是由其子类引入的。pcelsImplicitVariableAuxClass引入了隐式定义策略变量的语义,这些语义由其所有子类继承。这些语义包括从pcelsVariable继承的语义,这些语义可能表示特定于规则或可重用的策略变量。
In order to preserve the ability to represent rule-specific or reusable variables, all the subclasses of pcelsImplicitVariableAuxClass MUST also be auxiliary classes.
为了保持表示特定于规则或可重用变量的能力,pcelsImplicitVariableAuxClass的所有子类也必须是辅助类。
The pcelsImplicitVariableAuxClass class is defined as follows:
pcelsImplicitVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.18 NAME 'pcelsImplicitVariableAuxClass' DESC 'Implicitly defined policy variable' SUP pcelsVariable AUXILIARY MAY ( pcelsExpectedValueTypes ) )
(1.3.6.1.1.9.1.18名称'pcelsImplicitVariableAuxClass'DESC'隐式定义的策略变量'SUP pcelsVariable辅助变量可能(pcelsExpectedValueTypes))
The pcelsExpectedValueTypes attribute type represents the set of
policy value types that may be used with this policy variable. It is
mapped from the PolicyImplicitVariable.ValueTypes property
[PCIM_EXT]. This attribute type is of syntax Directory String
[LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch
[LDAP_SYNTAX]. Attributes of this type can have multiple values.
The pcelsExpectedValueTypes attribute type represents the set of
policy value types that may be used with this policy variable. It is
mapped from the PolicyImplicitVariable.ValueTypes property
[PCIM_EXT]. This attribute type is of syntax Directory String
[LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch
[LDAP_SYNTAX]. Attributes of this type can have multiple values.
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.18 NAME 'pcelsExpectedValueTypes' DESC 'Identifies subclasses of pcelsValueAuxClass by name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(1.3.6.1.1.9.2.18名称'pcelsExpectedValueTypes'DESC'通过名称'EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15识别pcelsValueAuxClass的子类)
The following classes are derived from the pcelsImplicitVariableAuxClass class. They are mapped from the corresponding subclasses of the PolicyImplicitVariable class [PCIM_EXT]. All the classes defined below are auxiliary object classes.
以下类派生自pcelsImplicitVariableAuxClass类。它们从PolicyImplicitVariable类[PCIM_EXT]的相应子类映射而来。下面定义的所有类都是辅助对象类。
Each one of the classes defined in this section introduces specific restrictions for the values of the pcelsExpectedValueTypes attribute. If this attribute is missing, applications MUST assume that all allowed value types are expected for the policy variable.
本节中定义的每一个类都为pcelsExpectedValueTypes属性的值引入了特定的限制。如果缺少此属性,应用程序必须假定策略变量需要所有允许的值类型。
Some of these classes have additional restrictions on the actual values of the associated policy value instances (e.g., only integers in the range 0..65535 must be used with a SourcePort variable). The association between a pcelsImplicitVariableAuxClass instance and a pcelsValueAuxClass instance that contains values outside the valid range or set for that variable SHOULD be considered invalid. The entry that realizes such association SHOULD be treated as invalid and the policy rules or groups that refer to it SHOULD be treated as being disabled, meaning that the execution of such policy rules or groups SHOULD be stopped.
其中一些类对关联策略值实例的实际值有其他限制(例如,只有0..65535范围内的整数必须与SourcePort变量一起使用)。pcelsImplicitVariableAuxClass实例和pcelsValueAuxClass实例之间的关联(包含该变量的有效范围或设置之外的值)应视为无效。实现这种关联的条目应视为无效,引用它的策略规则或组应视为禁用,这意味着应停止执行此类策略规则或组。
The pcelsSourceIPv4VariableAuxClass class is defined as follows:
pcelsSourceIPv4VariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.19 NAME 'pcelsSourceIPv4VariableAuxClass' DESC 'Source IP v4 address' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.19名称“pcelsSourceIPv4VariableAuxClass”描述“源IP v4地址”辅助PCELSSimplicitVariableAuxClass辅助)
In a pcelsSourceIPv4VariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsIPv4AddrValueAuxClass'.
在pcelsSourceIPv4VariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIPv4AddrValueAuxClass”。
The pcelsSourceIPv6VariableAuxClass class is defined as follows:
pcelsSourceIPv6VariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.20 NAME 'pcelsSourceIPv6VariableAuxClass' DESC 'Source IP v6 address' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.20名称“pcelsSourceIPv6VariableAuxClass”描述“源IP v6地址”辅助PCELSSimplicitVariableAuxClass辅助)
In a pcelsSourceIPv6VariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsIPv6AddrValueAuxClass'.
在pcelsSourceIPv6VariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“PcelsIPV6AddressValueAuxClass”。
The pcelsDestinationIPv4VariableAuxClass class is defined as follows:
PCELSDESTIONIPV4VariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.21 NAME 'pcelsDestinationIPv4VariableAuxClass' DESC 'Destination IP v4 address' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.21名称'pcelsDestinationIv4VariableAuxClass'DESC'目标IP v4地址'SUP pcelsImplicitVariableAuxClass辅助)
In a pcelsDestinationIPv4VariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsIPv4AddrValueAuxClass'.
在pcelsDestinationIPv4VariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIPv4AddrValueAuxClass”。
The pcelsDestinationIPv6VariableAuxClass class is defined as follows:
PcelDestinationPv6VariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.22 NAME 'pcelsDestinationIPv6VariableAuxClass' DESC 'Destination IP v6 address' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.22名称'pcelsDestinationIv6VariableAuxClass'DESC'目标IP v6地址'SUP pcelsImplicitVariableAuxClass辅助)
In a pcelsDestinationIPv6VariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsIPv6AddrValueAuxClass'.
在pcelsDestinationIPv6VariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“Pcelsipv6AddressValueAuxClass”。
The pcelsSourcePortVariableAuxClass class is defined as follows:
pcelsSourcePortVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.23 NAME 'pcelsSourcePortVariableAuxClass' DESC 'Source port' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.23名称“pcelsSourcePortVariableAuxClass”说明“源端口”辅助PCELSSimplicitVariableAuxClass辅助)
In a pcelsSourcePortVariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsIntegerValueAuxClass'. Additionally, only policy values that represent integers in the range 0..65535 (inclusive) SHOULD be used with pcelsSourcePortVariableAuxClass instances.
在pcelsSourcePortVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIntegerValueAuxClass”。此外,pcelsSourcePortVariableAuxClass实例仅应使用表示范围为0..65535(含)的整数的策略值。
The pcelsDestinationPortVariableAuxClass class is defined as follows:
pcelsDestinationPortVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.24 NAME 'pcelsDestinationPortVariableAuxClass' DESC 'Destination port' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.24名称'pcelsDestinationPortVariableAuxClass'描述'Destination port'辅助pcelsImplicitVariableAuxClass)
In a pcelsDestinationPortVariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsIntegerValueAuxClass'. Additionally, only policy values that represent integers in the range 0..65535 (inclusive) SHOULD be used with pcelsDestinationPortVariableAuxClass instances.
在pcelsDestinationPortVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIntegerValueAuxClass”。此外,只有表示范围为0..65535(包括0..65535)的整数的策略值才应与pcelsDestinationPortVariableAuxClass实例一起使用。
The pcelsIPProtocolVariableAuxClass class is defined as follows:
PCELSIProtocolvariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.25 NAME 'pcelsIPProtocolVariableAuxClass' DESC 'IP protocol number' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.25名称“pcelsIPProtocolVariableAuxClass”DESC“IP协议号”SUP pcelsipplicitvariableauxclass辅助)
In a pcelsIPProtocolVariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsIntegerValueAuxClass'. Additionally, only policy values that represent integers in the range 0..255 (inclusive) SHOULD be used with pcelsIPProtocolVariableAuxClass instances.
在pcelsIPProtocolVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIntegerValueAuxClass”。此外,PCELSIProtocolvariableAuxClass实例只能使用表示0..255(包括0..255)范围内整数的策略值。
The pcelsIPVersionVariableAuxClass class is defined as follows:
pcelsIPVersionVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.26 NAME 'pcelsIPVersionVariableAuxClass' DESC 'IP version number' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.26名称'pcelsIPVersionVariableAuxClass'说明'IP版本号'SUP pcelsipImplicitVariableAuxClass辅助)
In a pcelsIPVersionVariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsIntegerValueAuxClass'. Additionally, only policy values that represent integers in the range 0..15 (inclusive) SHOULD be used with pcelsIPVersionVariableAuxClass instances.
在pcelsIPVersionVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIntegerValueAuxClass”。此外,只有表示范围为0..15(包括0..15)的整数的策略值才应与pcelsIPVersionVariableAuxClass实例一起使用。
The pcelsIPToSVariableAuxClass class is defined as follows:
pcelsIPToSVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.27 NAME 'pcelsIPToSVariableAuxClass' DESC 'IP ToS octet' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.27名称“pcelsIPToSVariableAuxClass”说明“IP ToS八位字节”辅助pcelsIPToSVariableAuxClass辅助)
In a pcelsIPToSVariableAuxClass instance, the only allowed values for the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'. Additionally, only policy values that represent integers in the range 0..255 (inclusive) or 8-bit bitStrings SHOULD be used with pcelsIPToSVariableAuxClass instances.
在pcelsIPToSVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIntegerValueAuxClass”和“pcelsBitStringValueAuxClass”。此外,只有表示范围为0..255(含0..255)或8位位位字符串的整数的策略值才应与pcelsIPToSVariableAuxClass实例一起使用。
The pcelsDSCPVariableAuxClass class is defined as follows:
pcelsDSCPVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.28 NAME 'pcelsDSCPVariableAuxClass' DESC 'DiffServ code point' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.28名称“PCELSDSCVariableAuxClass”说明“DiffServ代码点”辅助PCELSSimplicitVariableAuxClass辅助)
In a pcelsDSCPVariableAuxClass instance, the only allowed values for the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'. Additionally, only policy values that represent integers in the range 0..63 (inclusive) or 6-bit bitStrings SHOULD be used with pcelsDSCPVariableAuxClass instances.
在pcelsDSCPVariableAuxClass实例中,pcelsExpectedValueTypes属性的唯一允许值是“pcelsIntegerValueAuxClass”和“pcelsBitStringValueAuxClass”。此外,pcelsDSCPVariableAuxClass实例仅应使用表示0..63(含)范围内整数或6位位位字符串的策略值。
The pcelsFlowIdVariableAuxClass class is defined as follows:
pcelsFlowIdVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.29 NAME 'pcelsFlowIdVariableAuxClass' DESC 'Flow Identifier' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.29名称“pcelsFlowIdVariableAuxClass”描述“流标识符”辅助pcelsImplicitVariableAuxClass)
In a pcelsFlowIdVariableAuxClass instance, the only allowed values for the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'. Additionally, only policy values that represent integers in the range 0..1048575 (inclusive) or 20-bit bitStrings SHOULD be used with pcelsFlowIdVariableAuxClass instances.
在pcelsFlowIdVariableAuxClass实例中,pcelsExpectedValueTypes属性的唯一允许值是“pcelsIntegerValueAuxClass”和“pcelsBitStringValueAuxClass”。此外,只有表示范围为0..1048575(含)或20位位位字符串的整数的策略值才应与pcelsFlowIdVariableAuxClass实例一起使用。
The pcelsSourceMACVariableAuxClass class is defined as follows:
pcelsSourceMACVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.30 NAME 'pcelsSourceMACVariableAuxClass' DESC 'Source MAC address' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.30名称“pcelsSourceMACVariableAuxClass”描述“源MAC地址”辅助PCELSSimplicitVariableAuxClass辅助)
In a pcelsSourceMACVariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsMACAddrValueAuxClass'.
在pcelsSourceMACVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“PcelsMacAddressValueAuxClass”。
The pcelsDestinationMACVariableAuxClass class is defined as follows:
pcelsDestinationMACVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.31 NAME 'pcelsDestinationMACVariableAuxClass' DESC 'Destination MAC address' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.31名称'pcelsDestinationMACVariableAuxClass'DESC'目标MAC地址'SUP pcelsImplicitVariableAuxClass辅助)
In a pcelsDestinationMACVariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsMACAddrValueAuxClass'.
在PcelsDestinationMaxVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“PcelsMacAddressValueAuxClass”。
The pcelsVLANVariableAuxClass class is defined as follows:
PCELSVLAvariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.32 NAME 'pcelsVLANVariableAuxClass' DESC 'VLAN' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.32名称'pcelsVLANVariableAuxClass'说明'VLAN'辅助pcelsImplicitVariableAuxClass辅助)
In a pcelsVLANVariableAuxClass instance, the only allowed values for the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'. Additionally, only policy values that represent integers in the range 0..4095 (inclusive) or 12-bit bitStrings SHOULD be used with pcelsVLANVariableAuxClass instances.
在PCELSVLAvariableAuxClass实例中,PCELSCExpectedValueTypes属性的唯一允许值是“PCELSEIntegerValueAuxClass”和“pcelsBitStringValueAuxClass”。此外,只有表示0..4095(含)范围内的整数或12位位位字符串的策略值才能用于PCELSVLAVariableAuxClass实例。
The pcelsCoSVariableAuxClass class is defined as follows:
pcelsCoSVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.33 NAME 'pcelsCoSVariableAuxClass' DESC 'Class of service' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.33名称“pcelsCoSVariableAuxClass”描述“服务类”辅助PCELSCIMPLITIVALIABLEAUxClass辅助)
In a pcelsCoSVariableAuxClass instance, the only allowed values for the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'. Additionally, only policy values that represent integers in the range 0..7 (inclusive) or 3-bit bitStrings SHOULD be used with pcelsCoSVariableAuxClass instances.
在pcelsCoSVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIntegerValueAuxClass”和“pcelsBitStringValueAuxClass”。此外,只有表示范围为0..7(含0..7)或3位位位字符串的整数的策略值才应与pcelsCoSVariableAuxClass实例一起使用。
The pcelsEthertypeVariableAuxClass class is defined as follows:
pcelsEthertypeVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.34 NAME 'pcelsEthertypeVariableAuxClass' DESC 'Ethertype' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.34名称'pcelsEthertypeVariableAuxClass'说明'Ethertype'辅助pcelsImplicitVariableAuxClass辅助)
In a pcelsEthertypeVariableAuxClass instance, the only allowed values for the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'. Additionally, only policy values that represent integers in the range 0..65535 (inclusive) or 16-bit bitStrings SHOULD be used with pcelsEthertypeVariableAuxClass instances.
在pcelsEthertypeVariableAuxClass实例中,PCELSEExpectedValueTypes属性的唯一允许值是“PCELSEIntegerValueAuxClass”和“PCELSEBitStringValueAuxClass”。此外,只有表示范围为0..65535(含)或16位位位字符串的整数的策略值才应与pcelsEthertypeVariableAuxClass实例一起使用。
The pcelsSourceSAPVariableAuxClass class is defined as follows:
pcelsSourceSAPVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.35 NAME 'pcelsSourceSAPVariableAuxClass' DESC 'Source SAP' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.35名称“pcelsSourceSAPVariableAuxClass”描述“源SAP”辅助PCELSSimplicitVariableAuxClass辅助)
In a pcelsSourceSAPVariableAuxClass instance, the only allowed values for the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'. Additionally, only policy values that represent integers in the range 0..255 (inclusive) or 8-bit bitStrings SHOULD be used with pcelsSourceSAPVariableAuxClass instances.
在pcelsSourceSAPVariableAuxClass实例中,pcelsExpectedValueTypes属性的唯一允许值是“pcelsIntegerValueAuxClass”和“pcelsBitStringValueAuxClass”。此外,只有表示范围为0..255(含0..255)或8位位位字符串的整数的策略值才应与pcelsSourceSAPVariableAuxClass实例一起使用。
The pcelsDestinationSAPVariableAuxClass class is defined as follows:
pcelsDestinationSAPVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.36 NAME 'pcelsDestinationSAPVariableAuxClass' DESC 'Destination SAP' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.36名称“pcelsDestinationSAPVariableAuxClass”描述“Destination SAP”辅助PCELSSimplicitVariableAuxClass辅助)
In a pcelsDestinationSAPVariableAuxClass instance, the only allowed values for the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'. Additionally, only policy values that represent integers in the range 0..255 (inclusive) or 8-bit bitStrings SHOULD be used with pcelsDestinationSAPVariableAuxClass instances.
在pcelsDestinationSAPVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIntegerValueAuxClass”和“pcelsBitStringValueAuxClass”。此外,只有表示范围为0..255(含0..255)或8位位位字符串的整数的策略值才应与pcelsDestinationSAPVariableAuxClass实例一起使用。
The pcelsSNAPOUIVariableAuxClass class is defined as follows:
PCELSNAPOUIVARIABLEAUXClass类定义如下:
( 1.3.6.1.1.9.1.37 NAME 'pcelsSNAPOUIVariableAuxClass' DESC 'SNAP OUI' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.37名称'pcelsnapouivariableauxclass'描述'snapoui'辅助pcelsImplicitVariableAuxClass辅助)
In a pcelsSNAPOUIVariableAuxClass instance, the only allowed values for the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'. Additionally, only policy values that represent integers in the range 0..16777215 (inclusive) or 24-bit bitStrings SHOULD be used with pcelsSNAPOUIVariableAuxClass instances.
在pcelsSNAPOUIVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIntegerValueAuxClass”和“pcelsBitStringValueAuxClass”。此外,只有表示0..16777215(含)范围内的整数或24位位位字符串的策略值才应与PCELSNAPOUIVariableAuxClass实例一起使用。
The pcelsSNAPTypeVariableAuxClass class is defined as follows:
PCELSNAPTypeVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.38 NAME 'pcelsSNAPTypeVariableAuxClass' DESC 'SNAP type' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.38名称'pcelsnaptypevariableauxclass'说明'SNAP type'辅助pcelsImplicitVariableAuxClass)
In a pcelsSNAPTypeVariableAuxClass instance, the only allowed values for the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'. Additionally, only policy values that represent integers in the range 0..65535 (inclusive) or 16-bit bitStrings SHOULD be used with pcelsSNAPTypeVariableAuxClass instances.
在pcelsSNAPTypeVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsIntegerValueAuxClass”和“pcelsBitStringValueAuxClass”。此外,PCELSNAPTypeVariableAuxClass实例只能使用表示0..65535(含)范围内整数或16位位位字符串的策略值。
The pcelsFlowDirectionVariableAuxClass class is defined as follows:
pcelsFlowDirectionVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.39 NAME 'pcelsFlowDirectionVariableAuxClass' DESC 'Flow direction' SUP pcelsImplicitVariableAuxClass AUXILIARY )
(1.3.6.1.1.9.1.39名称“pcelsFlowDirectionVariableAuxClass”描述“流向”辅助PCELSFimplicitVariableAuxClass辅助)
In a pcelsFlowDirectionVariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsStringValueAuxClass'. Additionally, only policy values that represent the strings 'IN' and 'OUT' SHOULD be used with pcelsFlowDirectionVariableAuxClass instances.
在pcelsFlowDirectionVariableAuxClass实例中,pcelsExpectedValueTypes属性唯一允许的值是“pcelsStringValueAuxClass”。此外,只有表示字符串“IN”和“OUT”的策略值才应与pcelsFlowDirectionVariableAuxClass实例一起使用。
The pcelsValueAuxClass class is the base class for representing a policy value. It is mapped from the PolicyValue class [PCIM_EXT]. The pcelsValueAuxClass is an auxiliary object class and it is derived directly from the 'top' object class [LDAP_SCHEMA].
pcelsValueAuxClass类是表示策略值的基类。它是从PolicyValue类[PCIM_EXT]映射而来的。pcelsValueAuxClass是一个辅助对象类,它直接从“top”对象类[LDAP_SCHEMA]派生而来。
The pcelsValueAuxClass class does not represent actual values; these are introduced by its subclasses. pcelsValueAuxClass introduces the semantics of being a policy value that are inherited by all its subclasses. Among these semantics are those of representing either rule-specific or reusable policy values.
pcelsValueAuxClass类不表示实际值;这些是由其子类引入的。pcelsValueAuxClass引入了作为策略值的语义,该策略值由其所有子类继承。这些语义包括表示特定于规则或可重用策略值的语义。
In order to preserve the ability to represent rule-specific or reusable values, all the subclasses of pcelsValueAuxClass MUST also be auxiliary classes.
为了保持表示特定于规则或可重用值的能力,pcelsValueAuxClass的所有子类也必须是辅助类。
The pcelsValueAuxClass class is defined as follows:
pcelsValueAuxClass类定义如下:
( 1.3.6.1.1.9.1.40 NAME 'pcelsValueAuxClass' DESC 'Base class for representing a policy value' SUP top AUXILIARY MAY ( pcelsValueName ) )
(1.3.6.1.1.9.1.40名称'pcelsValueAuxClass'DESC'基类,用于表示策略值'SUP top AUXILIARY MAY(pcelsValueName))
The pcelsValueName attribute type may be used as naming attribute for pcelsValueAuxClass entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value.
pcelsValueName属性类型可用作pcelsValueAuxClass项的命名属性。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性只能有一个值。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.19 NAME 'pcelsValueName' DESC 'The user-friendly name of a value' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
(1.3.6.1.1.9.2.19名称'pcelsValueName'DESC'值的用户友好名称'EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR CaseIgnoreSubStrings匹配语法1.3.6.1.4.1.1466.115.121.1.15单值)
The following classes are derived from the pcelsValueAuxClass class. They are mapped from the corresponding subclasses of the PolicyValue class [PCIM_EXT]. All the classes defined below are auxiliary object classes.
以下类派生自pcelsValueAuxClass类。它们从PolicyValue类[PCIM_EXT]的相应子类映射而来。下面定义的所有类都是辅助对象类。
The pcelsIPv4AddrValueAuxClass class represents a policy value that provides an unordered set of IPv4 addresses, IPv4 address ranges or hosts. It is mapped from the PolicyIPv4AddrValue class [PCIM_EXT].
pcelsIPv4AddrValueAuxClass类表示一个策略值,该值提供一组无序的IPv4地址、IPv4地址范围或主机。它是从PolicyIPv4AddrValue类[PCIM_EXT]映射而来的。
The pcelsIPv4AddrValueAuxClass class is defined as follows:
pcelsIPv4AddrValueAuxClass类定义如下:
( 1.3.6.1.1.9.1.41 NAME 'pcelsIPv4AddrValueAuxClass' DESC 'Provides IPv4 addresses' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsIPv4AddrList ) )
(1.3.6.1.1.9.1.41名称'pcelsIPv4AddrValueAuxClass'DESC'提供IPv4地址'SUP pcelsipvalueAuxClass辅助必须(pcelsIPv4AddrList))
The pcelsIPv4AddrList attribute type represents an unordered set of IPv4 addresses, IPv4 address ranges or hosts. It is mapped from the PolicyIPv4AddrValue.IPv4AddrList property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are strings conforming to any of the formats defined for the IPv4AddrList property [PCIM_EXT].
pcelsIPv4AddrList属性类型表示一组无序的IPv4地址、IPv4地址范围或主机。它是从PolicyIPv4AddrValue.IPv4AddrList属性[PCIM\U EXT]映射而来的。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性可以有多个值。此类型属性的唯一允许值是符合为IPv4AddrList属性[PCIM_EXT]定义的任何格式的字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.20 NAME 'pcelsIPv4AddrList' DESC 'Unordered set of IPv4 addresses, IPv4 address ranges or hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(1.3.6.1.1.9.2.20名称'pcelsIPv4AddrList'DESC'IPv4地址的无序集、IPv4地址范围或主机的相等caseIgnoreMatch排序caseIgnoreOrderingMatch SUBSTR caseIgnoreSubStrings匹配语法1.3.6.1.4.1.1466.115.121.1.15)
The pcelsIPv6AddrValueAuxClass class represents a policy value that provides an unordered set of IPv6 addresses, IPv6 address ranges or hosts. It is mapped from the PolicyIPv6AddrValue class [PCIM_EXT].
pcelsIPv6AddrValueAuxClass类表示一个策略值,该值提供一组无序的IPv6地址、IPv6地址范围或主机。它是从PolicyIPv6AddrValue类[PCIM_EXT]映射而来的。
The pcelsIPv6AddrValueAuxClass class is defined as follows:
pcelsIPv6AddrValueAuxClass类定义如下:
( 1.3.6.1.1.9.1.42 NAME 'pcelsIPv6AddrValueAuxClass' DESC 'Provides IPv6 addresses' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsIPv6AddrList ) )
(1.3.6.1.1.9.1.42名称“pcelsIPv6AddrValueAuxClass”DESC“提供IPv6地址”辅助pcelsIPv6AddrList)
The pcelsIPv6AddrList attribute type represents an unordered set of IPv6 addresses, IPv6 address ranges or hosts. It is mapped from the PolicyIPv6AddrValue.IPv6AddrList property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are strings conforming to any of the formats defined for the IPv6AddrList property [PCIM_EXT].
pcelsIPv6AddrList属性类型表示一组无序的IPv6地址、IPv6地址范围或主机。它是从PolicyIPv6AddrValue.IPv6AddrList属性[PCIM_EXT]映射而来的。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性可以有多个值。此类型属性的唯一允许值是符合为IPv6AddrList属性[PCIM_EXT]定义的任何格式的字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.21 NAME 'pcelsIPv6AddrList' DESC 'Unordered set of IPv6 addresses, IPv6 address ranges or hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(1.3.6.1.1.9.2.21名称“pcelsIPv6AddrList”DESC“IPv6地址的无序集、IPv6地址范围或主机的相等caseIgnoreMatch排序caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstrings匹配语法1.3.6.1.4.1.1466.115.121.1.15)
The pcelsMACAddrValueAuxClass class represents a policy value that provides an unordered set of MAC addresses or MAC address ranges. It is mapped from the PolicyMACAddrValue class [PCIM_EXT].
pcelsMACAddrValueAuxClass类表示提供一组无序MAC地址或MAC地址范围的策略值。它是从PolicyMacAddressValue类[PCIM_EXT]映射而来的。
The pcelsMACAddrValueAuxClass class is defined as follows:
pcelsMACAddrValueAuxClass类定义如下:
( 1.3.6.1.1.9.1.43 NAME 'pcelsMACAddrValueAuxClass' DESC 'Provides MAC addresses' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsMACAddrList ) )
(1.3.6.1.1.9.1.43名称'pcelsmacaddryvalueauxclass'DESC'提供MAC地址'SUP pcelsmacvalueauxclass辅助必须(pcelsMACAddrList))
The pcelsMACAddrList attribute type represents an unordered set of MAC addresses or MAC address ranges. It is mapped from the PolicyMACAddrValue.MACAddrList property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are strings conforming to any of the formats defined for the MACAddrList property [PCIM_EXT].
pcelsMACAddrList属性类型表示一组无序的MAC地址或MAC地址范围。它是从PolicyMacAddressValue.MacAddressList属性[PCIM\U EXT]映射而来的。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性可以有多个值。此类型属性的唯一允许值是符合为MACAddrList属性[PCIM_EXT]定义的任何格式的字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.22 NAME 'pcelsMACAddrList' DESC 'Unordered set of MAC addresses or MAC address ranges' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(1.3.6.1.1.9.2.22名称'pcelsMACAddrList'DESC'无序MAC地址集或MAC地址范围'EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR CaseIgnoreSubStrings匹配语法1.3.6.1.4.1.1466.115.121.1.15)
The pcelsStringValueAuxClass class represents a policy value that provides an unordered set of strings with wildcards. It is mapped from the PolicyStringValue class [PCIM_EXT].
pcelsStringValueAuxClass类表示一个策略值,该值提供了一组带有通配符的无序字符串。它是从PolicyStringValue类[PCIM_EXT]映射而来的。
The pcelsStringValueAuxClass class is defined as follows:
pcelsStringValueAuxClass类定义如下:
( 1.3.6.1.1.9.1.44 NAME 'pcelsStringValueAuxClass' DESC 'Provides string values' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsStringList )
(1.3.6.1.1.9.1.44名称'pcelsStringValueAuxClass'DESC'提供字符串值'SUP pcelsStringValueAuxClass辅助必须(pcelsStringList)
)
)
The pcelsStringList attribute type represents an unordered set of strings with wildcards. It is mapped from the PolicyStringValue.StringList property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are strings conforming to the format defined for the StringList property [PCIM_EXT].
pcelsStringList属性类型表示带有通配符的无序字符串集。它是从PolicyStringValue.StringList属性[PCIM\U EXT]映射而来的。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性可以有多个值。此类型属性的唯一允许值是符合为StringList属性[PCIM_EXT]定义的格式的字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.23 NAME 'pcelsStringList' DESC 'Unordered set of strings with wildcards' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(1.3.6.1.1.9.2.23名称'pcelStringList'DESC'带通配符的无序字符串集'EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch OrderingMatch SUBSTR CaseIgnoreSubStrings匹配语法1.3.6.1.4.1.1466.115.121.1.15)
The pcelsBitStringValueAuxClass class represents a policy value that provides an unordered set of bit strings or bit string ranges. It is mapped from the PolicyBitStringValue class [PCIM_EXT].
pcelsBitStringValueAuxClass类表示提供无序位字符串集或位字符串范围的策略值。它是从PolicyBitStringValue类[PCIM_EXT]映射而来的。
The pcelsBitStringValueAuxClass class is defined as follows:
pcelsBitStringValueAuxClass类定义如下:
( 1.3.6.1.1.9.1.45 NAME 'pcelsBitStringValueAuxClass' DESC 'Provides bit strings' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsBitStringList ) )
(1.3.6.1.1.9.1.45名称'pcelsBitStringValueAuxClass'DESC'提供位字符串'SUP pcelsBitStringValueAuxClass辅助必须(pcelsBitStringList))
The pcelsBitStringList attribute type represents an unordered set of bit strings or bit string ranges. It is mapped from the PolicyBitStringValue.BitStringList property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are strings conforming to any of the formats defined for the BitStringList property [PCIM_EXT].
pcelsBitStringList属性类型表示一组无序的位字符串或位字符串范围。它是从PolicyBitStringValue.BitStringList属性[PCIM\U EXT]映射而来的。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性可以有多个值。此类型属性的唯一允许值是符合为BitStringList属性[PCIM_EXT]定义的任何格式的字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.24 NAME 'pcelsBitStringList' DESC 'Unordered set of bit strings or bit string ranges' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(1.3.6.1.1.9.2.24名称“pcelsBitStringList”DESC“无序位字符串集或位字符串范围”相等caseIgnoreMatch排序caseIgnoreOrderingMatch SUBSTR caseIgnoreSubStrings匹配语法1.3.6.1.4.1.1466.115.121.1.15)
The pcelsIntegerValueAuxClass class represents a policy value that provides an unordered set of integers or integer ranges. It is mapped from the PolicyIntegerValue class [PCIM_EXT].
pcelsIntegerValueAuxClass类表示提供无序整数集或整数范围的策略值。它是从PolicyIntegerValue类[PCIM_EXT]映射而来的。
The pcelsIntegerValueAuxClass class is defined as follows:
pcelsIntegerValueAuxClass类定义如下:
( 1.3.6.1.1.9.1.46 NAME 'pcelsIntegerValueAuxClass' DESC 'Provides integer values' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsIntegerList ) )
(1.3.6.1.1.9.1.46名称'pcelsIntegerValueAuxClass'DESC'提供整数值'SUP pcelsValueAuxClass辅助必须(pcelsIntegerList))
The pcelsIntegerList attribute type represents an unordered set of integers or integer ranges. It is mapped from the PolicyIntegerValue.IntegerList property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are strings conforming to the format defined for the IntegerList property [PCIM_EXT].
pcelsIntegerList属性类型表示一组无序的整数或整数范围。它是从PolicyIntegerValue.IntegerList属性[PCIM\U EXT]映射而来的。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性可以有多个值。此类型属性的唯一允许值是符合IntegerList属性[PCIM_EXT]定义的格式的字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.25 NAME 'pcelsIntegerList' DESC 'Unordered set of integers or integer ranges' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(1.3.6.1.1.9.2.25名称“PCELSEIntegerList”DESC“无序整数集或整数范围”相等caseIgnoreMatch排序caseIgnoreOrderingMatch子字符串caseIgnoreSubstringsMatch语法1.3.6.1.4.1.1466.115.121.1.15)
The pcelsBooleanValueAuxClass class represents a policy value that provides a boolean. It is mapped from the PolicyIntegerValue class [PCIM_EXT].
pcelsBooleanValueAuxClass类表示提供布尔值的策略值。它是从PolicyIntegerValue类[PCIM_EXT]映射而来的。
The pcelsBooleanValueAuxClass class is defined as follows:
pcelsBooleanValueAuxClass类定义如下:
( 1.3.6.1.1.9.1.47 NAME 'pcelsBooleanValueAuxClass' DESC 'Provides a boolean value.' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsBoolean ) )
(1.3.6.1.1.9.1.47名称'pcelsBooleanValueAuxClass'DESC'提供布尔值。'SUP pcelsBooleanValueAuxClass辅助必须(pcelsBoolean))
The pcelsBoolean attribute type represents a boolean. It is mapped from the PolicyBooleanValue.BooleanValue property [PCIM_EXT]. This attribute type is of syntax Boolean [LDAP_SYNTAX]. It has an equality matching rule of booleanMatch [LDAP_MATCH]. Attributes of this type can only have a single value.
pcelsBoolean属性类型表示布尔值。它是从PolicyBooleanValue.BooleanValue属性[PCIM_EXT]映射而来的。此属性类型的语法为布尔[LDAP_syntax]。它的相等匹配规则为booleanMatch[LDAP_MATCH]。此类型的属性只能有一个值。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.26 NAME 'pcelsBoolean' DESC 'Boolean value' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
(1.3.6.1.1.9.2.26名称'pcelsBoolean'DESC'布尔值'EQUALITY booleanMatch语法1.3.6.1.4.1.1466.115.121.1.7单值)
The pcelsReusableContainer class represents a container of reusable policy elements. It is mapped from the ReusablePolicyContainer class [PCIM_EXT]. The pcelsReusableContainer class is derived from the pcimRepository class [PCLS]. To maximize flexibility, the pcelsReusableContainer class is defined as abstract. An auxiliary subclass pcelsReusableContainerAuxClass enables the attachment of a reusable policy container to an existing entry, while a structural subclass pcelsReusableContainerInstance permits the representation of a reusable policy container as a standalone entry.
pcelsReusableContainer类表示可重用策略元素的容器。它是从ReusablePolicyContainer类[PCIM_EXT]映射而来的。pcelsReusableContainer类派生自pcimRepository类[PCLS]。为了最大限度地提高灵活性,pcelsReusableContainer类被定义为抽象类。辅助子类PcelsReusableContainerAxClass允许将可重用策略容器附加到现有条目,而结构子类pcelsReusableContainerInstance允许将可重用策略容器表示为独立条目。
The elements contained in a reusable policy container are aggregated via subordination to a pcelsReusableContainer instance (DIT containment). A reusable policy container can include the elements of another reusable policy container by aggregating the container itself. This is realized by DIT containment when the policy containers are subordinated to one another, or by reference when the
可重用策略容器中包含的元素通过从属于pcelsReusableContainer实例(DIT容器)聚合。可重用策略容器可以通过聚合容器本身来包含另一个可重用策略容器的元素。当策略容器彼此从属时,通过DIT包含实现,或者当
aggregating policy container references the aggregated one using the attribute pcelsReusableContainerList.
聚合策略容器使用属性pcelsReusableContainerList引用聚合的容器。
The pcelsReusableContainer class is defined as follows:
pcelsReusableContainer类定义如下:
( 1.3.6.1.1.9.1.48 NAME 'pcelsReusableContainer' DESC 'Container for reusable policy information' SUP pcimRepository ABSTRACT MAY ( pcelsReusableContainerName $ pcelsReusableContainerList ) )
(1.3.6.1.1.9.1.48名称“pcelsreausablecontainer”DESC“可重用策略信息容器”SUP pcimRepository ABSTRACT MAY(pcelsreausablecontainer名称$pcelsreausablecontainer列表))
The pcelsReusableContainerAuxClass class is defined as follows:
pcelsReusableContainerAuxClass类定义如下:
( 1.3.6.1.1.9.1.49 NAME 'pcelsReusableContainerAuxClass ' DESC 'Container for reusable policy information' SUP pcelsReusableContainer AUXILIARY )
(1.3.6.1.1.9.1.49名称“PCELSReausableContainerAxClass”DESC“可重用策略信息容器”SUP PCELSReausableContainer辅助)
The pcelsReusableContainerInstance class is defined as follows:
pcelsReusableContainerInstance类定义如下:
( 1.3.6.1.1.9.1.50 NAME 'pcelsReusableContainerInstance' DESC 'Container for reusable policy information' SUP pcelsReusableContainer STRUCTURAL )
(1.3.6.1.1.9.1.50名称“PCELSRusableContainerInstance”描述“可重用策略信息的容器”SUP PCELSRusableContainer STRUCTURAL)
The pcelsReusableContainerName attribute type may be used as naming attribute for pcelsReusableContainer entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value.
PCELSReausableContainerName属性类型可用作PCELSReausableContainer项的命名属性。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性只能有一个值。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.27 NAME 'pcelsReusableContainerName' DESC 'User-friendly name of a reusable policy container' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch
(1.3.6.1.1.9.2.27名称'pcelsrusablecontainer名称'DESC'可重用策略容器的用户友好名称'EQUALITY caseIgnoreMatch ORDERING caseignoreordering match SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
语法1.3.6.1.4.1.1466.115.121.1.15单值)
The pcelsReusableContainerList attribute type realizes the ContainedDomain association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for pcelsReusableContainerList attributes are DNs of pcelsReusableContainer entries. In a pcelsReusableContainer, the pcelsReusableContainerList attribute represents the associations between this reusable policy container and others for the purpose of including them as nested containers.
pcelsReusableContainerList属性类型实现ContainedDomain关联[PCIM\U EXT]。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性可以有多个值。pcelsReusableContainerList属性的唯一允许值是pcelsReusableContainer条目的DNs。在pcelsReusableContainer中,pcelsReusableContainerList属性表示此可重用策略容器与其他容器之间的关联,以便将它们作为嵌套容器包含。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.28 NAME 'pcelsReusableContainerList' DESC 'Unordered set of DNs of pcelsReusableContainer entries' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
(1.3.6.1.1.9.2.28名称'pcelsreausablecontainer'列表'DESC'pcelsreausablecontainer条目的DNs无序集'EQUALITY-distrizedNameMatch语法1.3.6.1.4.1.1466.115.121.1.12)
Note: PCELS implementations SHOULD support pcelsReusableContainer and its two subclasses and MAY also support the two subclasses of pcimRepository [PCLS].
注意:PCELS实现应该支持pcelsReusableContainer及其两个子类,还可能支持pcimRepository[PCLS]的两个子类。
The pcelsRoleCollection class represents a collection of managed elements that share a common role. It is mapped from the PolicyRoleCollection class [PCIM_EXT]. The pcelsRoleCollection class is a structural object class and it is derived from the pcimPolicy class [PCLS].
pcelsRoleCollection类表示共享公共角色的托管元素的集合。它从PolicyRoleCollection类[PCIM_EXT]映射而来。pcelsRoleCollection类是一个结构对象类,它派生自pcimPolicy类[PCLS]。
The pcelsRoleCollection class is defined as follows:
pcelsRoleCollection类的定义如下:
( 1.3.6.1.1.9.1.51 NAME 'pcelsRoleCollection' DESC 'Collection of managed elements that share a common role' SUP pcimPolicy STRUCTURAL MUST ( pcelsRole ) MAY ( pcelsRoleCollectionName $ pcelsElementList ) )
(1.3.6.1.1.9.1.51名称“PCELSCROLECollection”描述“共享公共角色的托管元素集合”辅助pcimPolicy结构必须(PCELSCROLECollectionName$PCELSELElementList))
The pcelsRole attribute type represents the role associated with a collection of managed elements. It is mapped from the PolicyRoleCollection.PolicyRole property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value.
pcelsRole属性类型表示与托管元素集合关联的角色。它是从PolicyRoleCollection.PolicyRole属性[PCIM\U EXT]映射而来的。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性只能有一个值。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.29 NAME 'pcelsRole' DESC 'String representing a role.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
(1.3.6.1.1.9.2.29名称'pcelsRole'DESC'表示角色的字符串。'EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR CaseIgnoreSubStrings匹配语法1.3.6.1.4.1.1466.115.121.1.15单值)
The pcelsRoleCollectionName attribute type may be used as naming attribute for pcelsRoleCollection entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value.
pcelsRoleCollectionName属性类型可用作pcelsRoleCollection项的命名属性。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性只能有一个值。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.30 NAME 'pcelsRoleCollectionName' DESC 'User-friendly name of a role collection' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
(1.3.6.1.1.9.2.30 NAME'pcelsRoleCollectionName'DESC'角色集合的用户友好名称'EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR CaseIgnoreSubStrings匹配语法1.3.6.1.4.1.1466.115.121.1.15单值)
The pcelsElementList attribute type realizes the ElementInPolicyRoleCollection association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. In a pcelsRoleCollection, the pcelsElementList attribute represents the associations between this role collection and its members.
PCELElementList属性类型实现ElementInPolicyRoleCollection关联[PCIM\U EXT]。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性可以有多个值。在pcelsRoleCollection中,pcelsElementList属性表示此角色集合与其成员之间的关联。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.31 NAME 'pcelsElementList' DESC 'Unordered set of managed elements' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
(1.3.6.1.1.9.2.31名称“PCELSELElementList”描述“无序托管元素集”相等区分名称匹配语法1.3.6.1.4.1.1466.115.121.1.12)
The pcelsFilterEntryBase class is the base class for defining message or packet filters. It is mapped from the FilterEntryBase class [PCIM_EXT]. The pcelsFilterEntryBase class is an abstract object class and it is derived from the pcimPolicy class [PCLS].
pcelsFilterEntryBase类是定义消息或数据包筛选器的基类。它是从FilterEntryBase类[PCIM\U EXT]映射而来的。pcelsFilterEntryBase类是一个抽象对象类,它派生自pcimPolicy类[PCLS]。
The pcelsFilterEntryBase class is defined as follows:
pcelsFilterEntryBase类的定义如下:
( 1.3.6.1.1.9.1.52 NAME 'pcelsFilterEntryBase' DESC 'Base class for message or packet filters' SUP pcimPolicy ABSTRACT MAY ( pcelsFilterName $ pcelsFilterIsNegated ) )
(1.3.6.1.1.9.1.52名称“pcelsFilterEntryBase”DESC“消息或数据包筛选器的基类”辅助PCImplicity摘要可能(pcelsFilterName$PCELSFilterInSected))
The pcelsFilterName attribute type may be used as naming attribute for pcelsFilterEntryBase entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value.
pcelsFilterName属性类型可用作pcelsFilterEntryBase项的命名属性。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性只能有一个值。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.32 NAME 'pcelsFilterName' DESC 'User-friendly name of a filter entry' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
(1.3.6.1.1.9.2.32名称“pcelsFilterName”DESC“过滤器条目的用户友好名称”相等caseIgnoreMatch排序caseIgnoreOrderingMatch子字符串caseIgnoreSubstringsMatch语法1.3.6.1.4.1.1466.115.121.1.15单值)
The pcelsFilterIsNegated attribute type indicates whether the match information specified in a pcelsFilterEntryBase is negated or not.
pcelsFilterIsNegated属性类型指示pcelsFilterEntryBase中指定的匹配信息是否为否定。
It is mapped from the FilterEntryBase.IsNegated property [PCIM_EXT]. This attribute type is of syntax Boolean [LDAP_SYNTAX]. It has an equality matching rule of booleanMatch [LDAP_MATCH]. Attributes of this type can only have a single value. If this attribute is missing from a pcelsFilterEntryBase instance, applications MUST assume that the filter is not negated.
它是从FilterEntryBase.IsNegated属性[PCIM\U EXT]映射而来的。此属性类型的语法为布尔[LDAP_syntax]。它的相等匹配规则为booleanMatch[LDAP_MATCH]。此类型的属性只能有一个值。如果pcelsFilterEntryBase实例中缺少此属性,则应用程序必须假定筛选器未被否定。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.33 NAME 'pcelsFilterIsNegated' DESC 'Indicates whether the filter is negated' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
(1.3.6.1.1.9.2.33名称'pcelsFilterIsNegated'DESC'表示过滤器是否为否定的'EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7单值)
The pcelsIPHeadersFilter class provides the most commonly required attributes for performing filtering on IP, TCP or UDP headers. It is mapped from the IpHeadersFilter class [PCIM_EXT]. It is a structural object class derived from the pcelsFilterEntryBase class.
pcelsIPHeadersFilter类提供了在IP、TCP或UDP头上执行筛选所需的最常见属性。它是从IpHeadersFilter类[PCIM_EXT]映射而来的。它是从pcelsFilterEntryBase类派生的结构对象类。
The pcelsIPHeadersFilter class is defined as follows:
pcelsIPHeadersFilter类的定义如下:
( 1.3.6.1.1.9.1.53 NAME 'pcelsIPHeadersFilter' DESC 'IP header filter' SUP pcelsFilterEntryBase STRUCTURAL MAY ( pcelsIPHdrVersion $ pcelsIPHdrSourceAddress $ pcelsIPHdrSourceAddressEndOfRange $ pcelsIPHdrSourceMask $ pcelsIPHdrDestAddress $ pcelsIPHdrDestAddressEndOfRange $ pcelsIPHdrDestMask $ pcelsIPHdrProtocolID $ pcelsIPHdrSourcePortStart $ pcelsIPHdrSourcePortEnd $ pcelsIPHdrDestPortStart $ pcelsIPHdrDestPortEnd $ pcelsIPHdrDSCPList $ pcelsIPHdrFlowLabel ) )
(1.3.6.1.1.9.1.53名称“pcelsIPHeadersFilter”说明“IP头过滤器”辅助PCELSIPFilterEntryBase(pcelsIPHdrVersion$pcelsIPHdrSourceAddress$pcelsIPHdrSourceAddressEndOfRange$pcelsIPHdrSourceMask$pcelsIPHdrDestAddress$pcelsIPHdrDestAddressEndOfRange$pcelsIPHdrSourceMask$pcelsIPHdrSourcePortStart$pcelsIPHdrSourcePortEnd$pcelsiphdrDestPort$pcelsiphdrDestPort$pcelsIPHdrDSCPList$pcelsIPHdrFlowL)亚伯)
Applications MUST assume 'all values' for optional (MAY) attributes not present in a pcelsIPHeadersFilter entry.
应用程序必须为PCELSIPHEADERSFILTERS条目中不存在的可选(可能)属性假定“所有值”。
[PCIM_EXT] defines several constraints for the IpHeadersFilter class and its properties. All these constraints (even those that, for brevity, are not reiterated in this document) apply to the pcelsIPHeadersFilter class and its attributes. A pcelsIPHeadersFilter entry that violates any of these constraints SHOULD be treated as invalid and the policy rules or groups associated to this entry SHOULD be treated as being disabled, meaning that the execution of such policy rules or groups SHOULD be stopped.
[PCIM_EXT]为iPhonedersFilter类及其属性定义了几个约束。所有这些约束(为简洁起见,本文档中未重申的约束)都适用于pcelsIPHeadersFilter类及其属性。违反这些约束的pcelsIPHeadersFilter条目应视为无效,与此条目关联的策略规则或组应视为禁用,这意味着应停止执行此类策略规则或组。
The pcelsIPHdrVersion attribute type indicates the version of the IP addresses to be filtered on. It is mapped from the IpHeadersFilter.HdrIpVersion property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are 4 and 6.
PCELSIPRDVersion属性类型指示要筛选的IP地址的版本。它是从iPhonederFilter.HdrIpVersion属性[PCIM\U EXT]映射而来的。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值为4和6。
In a pcelsIPHeadersFilter entry, the pcelsIPHdrVersion attribute type determines the size for the IP version dependent attribute values. These attributes are: pcelsIPHdrSourceAddress, pcelsIPHdrSourceAddressEndOfRange, pcelsIPHdrSourceMask, pcelsIPHdrDestAddress, pcelsIPHdrDestAddressEndOfRange and pcelsIPHdrDestMask. Their valid values are as follows: for IPv4: OctetStrings with a size of 4 for IPv6: OctetStrings with a size of 16 or 20
在pcelsIPHeadersFilter条目中,pcelsIPHdrVersion属性类型确定IP版本相关属性值的大小。这些属性是:pcelsIPHdrSourceAddress、pcelsIPHdrSourceAddressEndOfRange、pcelsIPHdrSourceMask、pcelsIPHdrDestAddress、pcelsIPHdrDestAddressEndOfRange和pcelsIPHdrDestMask。它们的有效值如下:对于IPv4:OctetString,大小为4;对于IPv6:OctetString,大小为16或20
If the pcelsIPHdrVersion attribute is missing from a pcelsFilterEntryBase instance, then the filter does not consider IP version in selecting matching packets. In this case, the IP version dependent attributes (listed above) must not be present in the filter entry.
如果从pCELSFilter EngestBasic实例中丢失了PCelsiPrdRead属性,则筛选器不考虑IP版本来选择匹配的包。在这种情况下,与IP版本相关的属性(上面列出)不得出现在筛选器条目中。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.34 NAME 'pcelsIPHdrVersion' DESC 'IP version' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.34名称'pcelsIPHdrVersion'说明'IP version'相等整数匹配排序整数排序匹配语法1.3.6.1.4.1.1466.115.121.1.27单值)
The pcelsIPHdrSourceAddress attribute type represents a source IP address. It is mapped from the IpHeadersFilter.HdrSrcAddress property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20.
PCELSIPDRSourceAddress属性类型表示源IP地址。它是从iPhonederFilter.HdrSrcAddress属性[PCIM\U EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为4、16或20的八位字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.35 NAME 'pcelsIPHdrSourceAddress' DESC 'Source IP address' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
(1.3.6.1.1.9.2.35名称'pcelsIPHdrSourceAddress'DESC'源IP地址'EQUALITY octetStringMatch排序octetStringOrderingMatch语法1.3.6.1.4.1.1466.115.121.1.40单值)
The pcelsIPHdrSourceAddressEndOfRange attribute type represents the end of a range of source IP addresses. It is mapped from the IpHeadersFilter.HdrSrcAddressEndOfRange property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20.
pcelsIPHdrSourceAddressEndOfRange属性类型表示源IP地址范围的结束。它是从iPhoneAddressFilter.hdrsrcAddressEssendoFrange属性[PCIM\U EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为4、16或20的八位字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.36 NAME 'pcelsIPHdrSourceAddressEndOfRange' DESC 'End of a range of source IP addresses' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
(1.3.6.1.1.9.2.36名称'pcelsIPHdrSourceAddressEndOfRange'DESC'源IP地址范围的结尾'EQUALITY octetStringMatch ORDERING octetStringMatch语法1.3.6.1.4.1.1466.115.121.1.40单值)
The pcelsIPHdrSourceMask attribute type represents the mask to be used in comparing the source IP address. It is mapped from the IpHeadersFilter.HdrSrcMask property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule
pcelsIPHdrSourceMask属性类型表示用于比较源IP地址的掩码。它是从iPhonederFilter.HdrSrcMask属性[PCIM_EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它有一个octetStringMatch[LDAP_SCHEMA]的相等匹配规则和一个排序匹配规则
of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20.
octetStringOrderingMatch[LDAP_MATCH]的名称。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为4、16或20的八位字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.37 NAME 'pcelsIPHdrSourceMask' DESC 'Mask to be used in comparing the source IP address' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
(1.3.6.1.1.9.2.37名称'pcelsIPHdrSourceMask'DESC'掩码用于比较源IP地址'EQUALITY octetStringMatch ORDERING octetStringMatch语法1.3.6.1.4.1.1466.115.121.1.40单值)
The pcelsIPHdrDestAddress attribute type represents a destination IP address. It is mapped from the IpHeadersFilter.HdrDestAddress property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20.
pcelsIPHdrDestAddress属性类型表示目标IP地址。它是从IpHeadersFilter.HdrDestAddress属性[PCIM\U EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为4、16或20的八位字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.38 NAME 'pcelsIPHdrDestAddress' DESC 'Destination IP address' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
(1.3.6.1.1.9.2.38名称'pcelsIPHdrDestAddress'DESC'目标IP地址'EQUALITY octetStringMatch排序octetStringOrderingMatch语法1.3.6.1.4.1.1466.115.121.1.40单值)
The pcelsIPHdrDestAddressEndOfRange attribute type represents the end of a range of destination IP addresses. It is mapped from the IpHeadersFilter.HdrDestAddressEndOfRange property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20.
PCELSIPRDDestAddressEndofrange属性类型表示目标IP地址范围的结束。它是从IpHeadersFilter.hdrdestAddRessenseDoFrange属性[PCIM\U EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为4、16或20的八位字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.39 NAME 'pcelsIPHdrDestAddressEndOfRange' DESC 'End of a range of destination IP addresses' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
(1.3.6.1.1.9.2.39名称'pcelsIPHdrDestAddressEndOfRange'DESC'目标IP地址范围的结束'EQUALITY octetStringMatch ORDERING octetStringMatch语法1.3.6.1.4.1.1466.115.121.1.40单值)
The pcelsIPHdrDestMask attribute type represents a mask to be used in comparing the destination IP address. It is mapped from the IpHeadersFilter.HdrDestMask property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20.
pcelsIPHdrDestMask属性类型表示用于比较目标IP地址的掩码。它是从IpHeadersFilter.HdrDestMask属性[PCIM\U EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为4、16或20的八位字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.40 NAME 'pcelsIPHdrDestMask' DESC 'Mask to be used in comparing the destination IP address' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
(1.3.6.1.1.9.2.40名称'pcelsIPHdrDestMask'DESC'掩码用于比较目标IP地址'EQUALITY octetStringMatch ORDERING octetStringMatch语法1.3.6.1.4.1.1466.115.121.1.40单值)
The pcelsIPHdrProtocolID attribute type indicates an IP protocol type. It is mapped from the IpHeadersFilter.HdrProtocolID property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are integers in the range 0..255 (inclusive).
pcelsIPHdrProtocolID属性类型表示IP协议类型。它是从IpHeadersFilter.HdrProtocolID属性[PCIM\U EXT]映射而来的。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是范围为0..255(包括0..255)的整数。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.41 NAME 'pcelsIPHdrProtocolID' DESC 'IP protocol type' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.41名称'pcelsIPHdrProtocolID'描述'IP协议类型'EQUALITY integerMatch ORDERING integerOrderingMatch语法1.3.6.1.4.1.1466.115.121.1.27单值)
The pcelsIPHdrSourcePortStart attribute type represents the lower end of a range of UDP or TCP source ports. It is mapped from the IpHeadersFilter.HdrSrcPortStart property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are integers in the range 0..65535 (inclusive).
pcelsIPHdrSourcePortStart属性类型表示UDP或TCP源端口范围的低端。它是从iPhonederFilter.HdrSrcPortStart属性[PCIM_EXT]映射而来的。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是0..65535(包括)范围内的整数。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.42 NAME 'pcelsIPHdrSourcePortStart' DESC 'Lower end of a range of UDP or TCP source ports' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.42名称'pcelsIPHdrSourcePortStart'DESC'UDP或TCP源端口范围的低端'EQUALITY integerMatch ORDERING integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27单值)
The pcelsIPHdrSourcePortEnd attribute type represents the upper end of a range of UDP or TCP source ports. It is mapped from the IpHeadersFilter.HdrSrcPortEnd property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are integers in the range 0..65535 (inclusive).
pcelsIPHdrSourcePortEnd属性类型表示UDP或TCP源端口范围的上限。它是从iPhonederFilter.HdrSrcPortEnd属性[PCIM_EXT]映射而来的。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是0..65535(包括)范围内的整数。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.43 NAME 'pcelsIPHdrSourcePortEnd' DESC 'Upper end of a range of UDP or TCP source ports' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.43名称'pcelsIPHdrSourcePortEnd'DESC'UDP或TCP源端口范围的上限'EQUALITY integerMatch ORDERING integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27单值)
The pcelsIPHdrDestPortStart attribute type represents the lower end of a range of UDP or TCP destination ports. It is mapped from the IpHeadersFilter.HdrDestPortStart property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are integers in the range 0..65535 (inclusive).
pcelsIPHdrDestPortStart属性类型表示UDP或TCP目标端口范围的低端。它是从IpHeadersFilter.HdrDestPortStart属性[PCIM\U EXT]映射而来的。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是0..65535(包括)范围内的整数。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.44 NAME 'pcelsIPHdrDestPortStart' DESC 'Lower end of a range of UDP or TCP destination ports' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.44名称'pcelsIPHdrDestPortStart'DESC'UDP或TCP目标端口范围的低端'EQUALITY integerMatch ORDERING integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27单值)
The pcelsIPHdrDestPortEnd attribute type represents the upper end of a range of UDP or TCP destination ports. It is mapped from the IpHeadersFilter.HdrDestPortEnd property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are integers in the range 0..65535 (inclusive).
pcelsIPHdrDestPortEnd属性类型表示UDP或TCP目标端口范围的上限。它是从IpHeadersFilter.HdrDestPortEnd属性[PCIM\U EXT]映射而来的。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是0..65535(包括)范围内的整数。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.45 NAME 'pcelsIPHdrDestPortEnd' DESC 'Upper end of a range of UDP or TCP destination ports' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.45名称'pcelsIPHdrDestPortEnd'DESC'UDP或TCP目标端口范围的上限'EQUALITY integerMatch ORDERING integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27单值)
The pcelsIPHdrDSCPList attribute type is mapped from the IpHeadersFilter.HdrDSCP property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are integers in the range 0..63 (inclusive).
PCELSIPRDDSCPList属性类型是从IpHeadersFilter.HdrDSCP属性[PCIM_EXT]映射而来的。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性可以有多个值。此类型属性的唯一允许值是范围为0..63(包括0..63)的整数。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.46 NAME 'pcelsIPHdrDSCPList' DESC 'DSCP values' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
(1.3.6.1.1.9.2.46名称'pcelsIPHdrDSCPList'说明'DSCP值'EQUALITY integerMatch ORDERING integerordering SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)
The pcelsIPHdrFlowLabel attribute type is mapped from the IpHeadersFilter.HdrFlowLabel property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings of size 3 (that is, 24 bits) that contain a Flow Label value in the rightmost 20 bits padded on the left with b'0000'.
pcelsIPHdrFlowLabel属性类型是从IpHeadersFilter.HdrFlowLabel属性[PCIM_EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为3(即24位)的八位字符串,其中最右边的20位中包含流标签值,并在左边填充b'0000'。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.47 NAME 'pcelsIPHdrFlowLabel' DESC 'IP flow label' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE
(1.3.6.1.1.9.2.47名称'pcelsIPHdrFlowLabel'DESC'IP流标签'EQUALITY octetStringMatch ORDERING octetStringOrderingMatch语法1.3.6.1.4.1.1466.115.121.1.40单值
)
)
The pcels8021Filter class provides 802.1 attributes for performing filtering on 802.1 headers. It is mapped from the 8021Filter class [PCIM_EXT]. The pcels8021Filter class is a structural object class and it is derived from the pcelsFilterEntryBase class.
pcels8021Filter类提供用于对802.1标头执行筛选的802.1属性。它是从8021过滤器类[PCIM_EXT]映射而来的。pcels8021Filter类是一个结构对象类,它派生自pcelsFilterEntryBase类。
The pcels8021Filter class is defined as follows:
PCELS8021过滤器类定义如下:
( 1.3.6.1.1.9.1.54 NAME 'pcels8021Filter' DESC '802.1 header filter' SUP pcelsFilterEntryBase STRUCTURAL MAY ( pcels8021HdrSourceMACAddress $ pcels8021HdrSourceMACMask $ pcels8021HdrDestMACAddress $ pcels8021HdrDestMACMask $ pcels8021HdrProtocolID $ pcels8021HdrPriority $ pcels8021HdrVLANID ) )
(1.3.6.1.1.9.1.54名称'pcels8021过滤器'DESC'802.1头过滤器'SUP pcelsFilterEntryBase STRUCTURAL MAY(pcels8021HdrSourceMACAddress$pcels8021HdrSourceMACMask$pcels8021HdrDestMACAddress$pcels8021HdrDestMACMask$pcels8021HdrProtocolID$pcels8021HdrPriority$pcels8021HdrVLANID))
Applications MUST assume 'all values' for optional (MAY) attributes not present in a pcels8021Filter entry.
应用程序必须为PCELS8021筛选器条目中不存在的可选(可能)属性假定“所有值”。
[PCIM_EXT] defines several constraints for the 8021Filter class and its properties. All these constraints (even those that, for brevity, are not reiterated in this document) apply to the pcels8021Filter class and its attributes. A pcels8021Filter entry that violates any of these constraints SHOULD be treated as invalid and the policy rules or groups associated to this entry SHOULD be treated as being disabled, meaning that the execution of such policy rules or groups SHOULD be stopped.
[PCIM_EXT]为8021Filter类及其属性定义了几个约束。所有这些约束(为简洁起见,本文档中未重申的约束)都适用于pcels8021Filter类及其属性。违反这些约束的PCELS8021筛选器项应视为无效,与此项关联的策略规则或组应视为禁用,这意味着应停止执行此类策略规则或组。
The pcels8021HdrSourceMACAddress attribute type represents a source MAC address. It is mapped from the 8021Filter.8021HdrSrcMACAddr property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 6.
pcels8021HdrSourceMACAddress属性类型表示源MAC地址。它是从8021Filter.8021HdrSrcMACAddr属性[PCIM_EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为6的八位字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.48 NAME 'pcels8021HdrSourceMACAddress' DESC 'Source MAC address' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
(1.3.6.1.1.9.2.48名称'pcels8021HdrSourceMACAddress'DESC'源MAC地址'EQUALITY octetStringMatch ORDERING octetStringMatch语法1.3.6.1.4.1.1466.115.121.1.40单值)
The pcels8021HdrSourceMACMask attribute type represents the a mask to be used in comparing the source MAC address. It is mapped from the 8021Filter.8021HdrSrcMACMask property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 6.
pcels8021HdrSourceMACMask属性类型表示用于比较源MAC地址的a掩码。它是从8021Filter.8021HdrSrcMACMask属性[PCIM\U EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为6的八位字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.49 NAME 'pcels8021HdrSourceMACMask' DESC 'Source MAC address mask' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
(1.3.6.1.1.9.2.49名称'pcels8021HdrSourceMACMask'DESC'源MAC地址掩码'EQUALITY octetStringMatch ORDERING octetStringMatch语法1.3.6.1.4.1.1466.115.121.1.40单值)
The pcels8021HdrDestMACAddress attribute type represents a destination MAC address. It is mapped from the 8021Filter.8021HdrDestMACAddr property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 6.
pcels8021HdrDestMACAddress属性类型表示目标MAC地址。它是从8021Filter.8021HdrDestMACAddr属性[PCIM\U EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为6的八位字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.50 NAME 'pcels8021HdrDestMACAddress' DESC 'Destination MAC address' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
(1.3.6.1.1.9.2.50名称'pcels8021HdrDestMACAddress'DESC'目标MAC地址'EQUALITY octetStringMatch排序octetStringOrderingMatch语法1.3.6.1.4.1.1466.115.121.1.40单值)
The pcels8021HdrDestMACMask attribute type represents the a mask to be used in comparing the destination MAC address. It is mapped from the 8021Filter.8021HdrDestMACMask property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 6.
pcels8021HdrDestMACMask属性类型表示用于比较目标MAC地址的a掩码。它是从8021Filter.8021HdrDestMACMask属性[PCIM\U EXT]映射而来的。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性只能有一个值。此类型属性的唯一允许值是大小为6的八位字符串。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.51 NAME 'pcels8021HdrDestMACMask' DESC 'Destination MAC address mask' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
(1.3.6.1.1.9.2.51名称'pcels8021HdrDestMACMask'DESC'目标MAC地址掩码'EQUALITY octetStringMatch排序octetStringOrderingMatch语法1.3.6.1.4.1.1466.115.121.1.40单值)
The pcels8021HdrProtocolID attribute type indicates an Ethernet
protocol type. It is mapped from the 8021Filter.8021HdrProtocolID
property [PCIM_EXT]. This attribute type is of syntax Integer
[LDAP_SYNTAX]. It has an equality matching rule of integerMatch
[LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch
[LDAP_MATCH]. Attributes of this type can have multiple values. No
order is implied. The only allowed values for attributes of this
type are integers in the range 0..65535 (inclusive).
The pcels8021HdrProtocolID attribute type indicates an Ethernet
protocol type. It is mapped from the 8021Filter.8021HdrProtocolID
property [PCIM_EXT]. This attribute type is of syntax Integer
[LDAP_SYNTAX]. It has an equality matching rule of integerMatch
[LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch
[LDAP_MATCH]. Attributes of this type can have multiple values. No
order is implied. The only allowed values for attributes of this
type are integers in the range 0..65535 (inclusive).
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.52 NAME 'pcels8021HdrProtocolID' DESC 'Ethernet protocol ID' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
(1.3.6.1.1.9.2.52名称'pcels8021HdrProtocolID'描述'Ethernet protocol ID'相等整数匹配排序整数排序语法1.3.6.1.4.1.1466.115.121.1.27)
The pcels8021HdrPriority attribute type indicates an 802.1Q priority. It is mapped from the 8021Filter.8021HdrPriorityValue property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can have multiple values. No order is implied. The only allowed values for attributes of this type are integers in the range 0..7 (inclusive).
PCELS8021HDR优先级属性类型表示802.1Q优先级。它是从8021Filter.8021HdrPriorityValue属性[PCIM_EXT]映射而来的。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性可以有多个值。没有暗示任何命令。此类型属性的唯一允许值是范围为0..7(包括0..7)的整数。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.53 NAME 'pcels8021HdrPriority' DESC '802.1Q priority' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
(1.3.6.1.1.9.2.53名称'pcels8021HdrPriority'说明'802.1Q priority'相等整数匹配排序整数排序匹配语法1.3.6.1.4.1.1466.115.121.1.27)
The pcels8021HdrVLANID attribute type indicates an 802.1Q VLAN Identifier. It is mapped from the 8021Filter.8021HdrVLANID property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are integers in the range 0..4095 (inclusive).
pcels8021HdrVLANID属性类型表示802.1Q VLAN标识符。它是从8021Filter.8021HdrVLANID属性[PCIM\U EXT]映射而来的。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。此类型的属性可以有多个值。此类型属性的唯一允许值是范围为0..4095(包括0..4095)的整数。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.54 NAME 'pcels8021HdrVLANID' DESC '802.1Q VLAN ID' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
(1.3.6.1.1.9.2.54名称'pcels8021HdrVLANID'描述'802.1Q VLAN ID'相等整数匹配排序整数排序匹配语法1.3.6.1.4.1.1466.115.121.1.27)
The pcelsFilterListAuxClass class represents a collection of device-level filters aggregated in a policy condition. It is mapped from the FilterList class [PCIM_EXT]. pcelsFilterListAuxClass instances can be used as conditions in policy rules or as components in compound conditions. The pcelsFilterListAuxClass class is an auxiliary object class and it is derived from the pcimConditionAuxClass class [PCLS].
pcelsFilterListAuxClass类表示在策略条件中聚合的设备级筛选器的集合。它是从FilterList类[PCIM_EXT]映射而来的。pcelsFilterListAuxClass实例可以用作策略规则中的条件,也可以用作复合条件中的组件。pcelsFilterListAuxClass类是一个辅助对象类,它派生自pcimConditionAuxClass类[PCLS]。
The pcelsFilterListAuxClass class is defined as follows:
pcelsFilterListAuxClass类定义如下:
( 1.3.6.1.1.9.1.55 NAME 'pcelsFilterListAuxClass' DESC 'Collection of pcelsFilterEntryBase filters' SUP pcimConditionAuxClass AUXILIARY MAY ( pcelsFilterListName $ pcelsFilterDirection $ pcelsFilterEntryList ) )
(1.3.6.1.1.9.1.55名称“pcelsFilterListAuxClass”描述“pcelsFilterEntryBase筛选器的集合”支持pcimConditionAuxClass辅助可能(pcelsFilterListName$pcelsFilterDirection$pcelsFilterEntryList))
The pcelsFilterListName attribute type may be used as naming attribute for pcelsFilterListAuxClass entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value.
pcelsFilterListName属性类型可用作PcelsFilterListUxClass项的命名属性。此属性类型的语法为目录字符串[LDAP_syntax]。它具有caseIgnoreMatch的相等匹配规则、caseIgnoreOrderingMatch的顺序匹配规则和caseIgnoreSubstringsMatch的子字符串匹配规则[LDAP_语法]。此类型的属性只能有一个值。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.55 NAME 'pcelsFilterListName' DESC 'User-friendly name of a FilterList' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
(1.3.6.1.1.9.2.55名称'pcelsFilterListName'DESC'过滤器列表的用户友好名称'EQUALITY caseIgnoreMatch ORDERING排序caseIgnoreOrderingMatch SUBSTR CaseIgnoreSubStrings匹配语法1.3.6.1.4.1.1466.115.121.1.15单值)
The pcelsFilterDirection attribute type indicates the direction of the packets or messages relative to the interface where the filter is applied. It is mapped from the FilterList.Direction property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH].
pcelsFilterDirection属性类型指示数据包或消息相对于应用筛选器的接口的方向。它是从FilterList.Direction属性[PCIM_EXT]映射而来的。此属性类型的语法为整数[LDAP_syntax]。它具有integerMatch[LDAP_语法]的相等匹配规则和integerOrderingMatch[LDAP_语法]的顺序匹配规则。
Attributes of this type can only have a single value. The only allowed values for attributes of this type are 0 (NotApplicable), 1 (Input), 2 (Output), 3 (Both) and 4 (Mirrored). If this attribute is missing from a pcelsFilterListAuxClass instance, applications MUST assume that a direction is not applicable.
此类型的属性只能有一个值。此类型属性的唯一允许值为0(不适用)、1(输入)、2(输出)、3(两者)和4(镜像)。如果pcelsFilterListAuxClass实例中缺少此属性,则应用程序必须假定某个方向不适用。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.56 NAME 'pcelsFilterDirection' DESC 'Direction to which this filter is applied' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.1.9.2.56名称'pcelsFilterDirection'描述'应用此筛选器的方向'EQUALITY integerMatch ORDERING integerordering SYNTAX 1.3.6.1.4.1.1466.115.121.1.27单值)
The pcelsFilterEntryList attribute type realizes the EntriesInFilterList association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for pcelsFilterEntryList attributes are DNs of pcelsFilterEntryBase entries. In a pcelsFilterListAuxClass, the pcelsFilterEntryList attribute represents the associations between this filter collection and its components.
pcelsFilterEntryList属性类型实现EntriesInFilterList关联[PCIM\U EXT]。此属性类型的语法为DN[LDAP_syntax]。它有一个DiscrimitedNameMatch[LDAP_语法]的相等匹配规则。此类型的属性可以有多个值。pcelsFilterEntryList属性的唯一允许值是pcelsFilterEntryBase项的DNs。在pcelsFilterListAuxClass中,pcelsFilterEntryList属性表示此筛选器集合及其组件之间的关联。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.57 NAME 'pcelsFilterEntryList' DESC 'Unordered set of DNs of pcelsFilterEntryBase entries' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
(1.3.6.1.1.9.2.57名称'pcelsFilterEntryList'描述'pcelsFilterEntryBase条目的DNs无序集'EQUALITY DifferentiedNameMatch语法1.3.6.1.4.1.1466.115.121.1.12)
The EntrySequence property of the association EntriesInFilterList is restricted to a single value ('0') [PCIM_EXT] which makes it redundant. Therefore, its mapping to an LDAP schema element is unnecessary.
关联EntriesInFilterList的EntrySequence属性被限制为单个值('0')[PCIM_EXT],这使得它是冗余的。因此,不需要将其映射到LDAP模式元素。
The pcelsVendorVariableAuxClass class provides a general extension mechanism for representing policy variables that have not been specifically modeled. Instead, its two properties are used to define the content and format of the variable, as explained below. This class is intended for vendor-specific extensions that are not amenable to using pcelsVariable; standardized extensions SHOULD NOT use this class.
pcelsVendorVariableAuxClass类提供了一种通用扩展机制,用于表示尚未专门建模的策略变量。相反,它的两个属性用于定义变量的内容和格式,如下所述。此类适用于供应商特定的扩展,这些扩展不适用于使用PCELSVVariable;标准化扩展不应使用此类。
The pcelsVendorVariableAuxClass class is an auxiliary object class and it is derived from the pcelsVariable class.
pcelsVendorVariableAuxClass类是一个辅助对象类,它派生自pcelsVariable类。
The pcelsVendorVariableAuxClass class is defined as follows:
pcelsVendorVariableAuxClass类定义如下:
( 1.3.6.1.1.9.1.56 NAME 'pcelsVendorVariableAuxClass' DESC 'Defines registered means to describe a policy variable' SUP pcelsVariable AUXILIARY MAY ( pcelsVendorVariableData $ pcelsVendorVariableEncoding ) )
(1.3.6.1.1.9.1.56名称“pcelsVendorVariableAuxClass”DESC“定义了描述策略变量的注册方式”SUP pcelsVariable AUXILIARY MAY(pcelsVendorVariableData$pcelsVendorVariableEncoding))
The pcelsVendorVariableData attribute provides a general mechanism for representing policy variables that have not been specifically modeled. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can have multiple values. In pcelsVendorVariableAuxClass instances, the format of the values for attributes of this type is identified by the OID stored in the pcelsVendorVariableEncoding attribute.
pcelsVendorVariableData属性提供了一种通用机制,用于表示尚未专门建模的策略变量。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性可以有多个值。在PcelsVendorVariableUxClass实例中,此类型属性值的格式由存储在pcelsVendorVariableEncoding属性中的OID标识。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.58 NAME 'pcelsVendorVariableData' DESC 'Mechanism for representing variables that have not been specifically modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
(1.3.6.1.1.9.2.58名称“pcelsVendorVariableData”DESC“表示未专门建模变量的机制”EQUALITY octetStringMatch ORDERING octetStringMatch语法1.3.6.1.4.1.1466.115.121.1.40)
The pcelsVendorVariableEncoding attribute identifies the format for representing policy variables that have not been specifically modeled. This attribute type is of syntax OID [LDAP_SYNTAX]. It has
pcelsVendorVariableEncoding属性标识用于表示尚未专门建模的策略变量的格式。此属性类型的语法为OID[LDAP_syntax]。它有
an equality matching rule of objectIdentifierMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. In pcelsVendorVariableAuxClass instances, the pcelsVendorVariableEncoding attribute is used to identify the format and semantics for the pcelsVendorVariableData attribute values.
objectIdentifierMatch[LDAP_语法]的相等匹配规则。此类型的属性只能有一个值。在pcelsVendorVariableAuxClass实例中,pcelsVendorVariableEncoding属性用于标识pcelsVendorVariableData属性值的格式和语义。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.59 NAME 'pcelsVendorVariableEncoding' DESC 'Identifies the format and semantics for policy variables' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE )
(1.3.6.1.1.9.2.59 NAME'pcelsvindorvariableconding'DESC'标识策略变量的相等objectIdentifierMatch语法1.3.6.1.4.1.1466.115.121.1.38单值的格式和语义)
The pcelsVendorValueAuxClass class provides a general extension mechanism for representing policy values that have not been specifically modeled. Instead, its two properties are used to define the content and format of the policy value, as explained below. This class is intended for vendor-specific extensions that are not amenable to using pcelsValueAuxClass; standardized extensions SHOULD NOT use this class.
pcelsVendorValueAuxClass类提供了一种通用扩展机制,用于表示尚未专门建模的策略值。相反,它的两个属性用于定义策略值的内容和格式,如下所述。此类用于不适合使用pcelsValueAuxClass的特定于供应商的扩展;标准化扩展不应使用此类。
The pcelsVendorValueAuxClass class is an auxiliary object class and it is derived from the pcelsValueAuxClass class.
pcelsVendorValueAuxClass类是一个辅助对象类,它派生自pcelsValueAuxClass类。
The pcelsVendorValueAuxClass class is defined as follows:
pcelsVendorValueAuxClass类定义如下:
( 1.3.6.1.1.9.1.57 NAME 'pcelsVendorValueAuxClass' DESC 'Defines registered means to describe a policy value' SUP pcelsValueAuxClass AUXILIARY MAY ( pcelsVendorValueData $ pcelsVendorValueEncoding ) )
(1.3.6.1.1.9.1.57名称'pcelsvindorvalueauxclass'DESC'定义了描述保单价值的注册方式'SUP pcelsValueAuxClass auxclass AUXILIARY MAY(pcelsvindorvaluedata$pcelsvindorvalueencoding))
The pcelsVendorValueData attribute provides a general mechanism for representing policy values that have not been specifically modeled. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can have multiple values. In
pcelsVendorValueData属性提供了一种通用机制,用于表示尚未专门建模的策略值。此属性类型的语法为OctetString[LDAP_syntax]。它具有octetStringMatch[LDAP_SCHEMA]的相等匹配规则和octetStringOrderingMatch[LDAP_MATCH]的排序匹配规则。此类型的属性可以有多个值。在里面
pcelsVendorValueAuxClass instances, the format of the values for attributes of this type is identified by the OID stored in the pcelsVendorValueEncoding attribute.
pcelsVendorValueAuxClass实例中,此类型属性的值格式由存储在pcelsVendorValueEncoding属性中的OID标识。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.60 NAME 'pcelsVendorValueData' DESC 'Mechanism for representing values that have not been specifically modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
(1.3.6.1.1.9.2.60名称“pcelsVendorValueData”DESC“表示未专门建模的值的机制”EQUALITY octetStringMatch ORDERING octetStringMatch语法1.3.6.1.4.1.1466.115.121.1.40)
The pcelsVendorValueEncoding attribute identifies the format for representing policy values that have not been specifically modeled. This attribute type is of syntax OID [LDAP_SYNTAX]. It has an equality matching rule of objectIdentifierMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. In pcelsVendorVarlueAuxClass instances, the pcelsVendorValueEncoding attribute is used to identify the format and semantics for the pcelsVendorValueData attribute values.
pcelsVendorValueEncoding属性标识用于表示未专门建模的策略值的格式。此属性类型的语法为OID[LDAP_syntax]。它具有objectIdentifierMatch[LDAP_语法]的相等匹配规则。此类型的属性只能有一个值。在pcelsVendorVarlueAuxClass实例中,pcelsVendorValueEncoding属性用于标识pcelsVendorValueData属性值的格式和语义。
This attribute type is defined as follows:
此属性类型定义如下:
( 1.3.6.1.1.9.2.61 NAME 'pcelsVendorValueEncoding' DESC 'Identifies the format and semantics for policy values' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE )
(1.3.6.1.1.9.2.61 NAME'pcelsVendorValueEncoding'DESC'标识策略值的格式和语义'EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38单值)
The Policy Core LDAP Schema [PCLS] describes the general security considerations related to the general core policy schema. The extensions defined in this document do not introduce any additional considerations related to security.
策略核心LDAP模式[PCLS]描述了与通用核心策略模式相关的一般安全注意事项。本文档中定义的扩展没有引入任何与安全性相关的附加注意事项。
Refer to RFC 3383, "Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)" [LDAP-IANA].
请参阅RFC 3383,“轻量级目录访问协议(LDAP)的Internet分配号码管理局(IANA)注意事项”[LDAP-IANA]。
The IANA has registered an LDAP Object Identifier for use in this technical specification according to the following template:
IANA已根据以下模板注册了LDAP对象标识符,以用于本技术规范:
Subject: Request for LDAP OID Registration Person & e-mail address to contact for further information: Mircea Pana (mpana@metasolv.com) Specification: RFC 4104 Author/Change Controller: IESG Comments: The assigned OID is used as a base for identifying a number of schema elements defined in this document.
主题:请求LDAP OID注册人员和电子邮件地址以联系以获取更多信息:Mircea Pana(mpana@metasolv.com)规范:RFC 4104作者/变更控制者:IESG注释:分配的OID用作标识本文档中定义的许多模式元素的基础。
IANA has assigned an OID of 1.3.6.1.1.9 with the name of pcelsSchema to this registration as recorded in the following registry:
IANA已将名称为PCELSSHEMA的OID 1.3.6.1.1.9分配给该注册,记录在以下注册表中:
http://www.iana.org/assignments/smi-numbers
http://www.iana.org/assignments/smi-numbers
The IANA has registered the LDAP Descriptors used in this technical specification as detailed in the following template:
IANA已注册了本技术规范中使用的LDAP描述符,详情见以下模板:
Subject: Request for LDAP Descriptor Registration Update Descriptor (short name): see comment Object Identifier: see comment Person & e-mail address to contact for further information: Mircea Pana (mpana@metasolv.com) Usage: see comment Specification: RFC 4104 Author/Change Controller: IESG Comments:
主题:请求LDAP描述符注册更新描述符(简称):请参阅注释对象标识符:请参阅注释联系人和电子邮件地址以获取更多信息:Mircea Pana(mpana@metasolv.com)用法:参见注释规范:RFC 4104作者/变更控制者:IESG注释:
The following descriptors have been added:
已添加以下描述符:
NAME Type OID
-------------- ---- ------------
pcelsPolicySet O 1.3.6.1.1.9.1.1
pcelsPolicySetAssociation O 1.3.6.1.1.9.1.2
pcelsGroup O 1.3.6.1.1.9.1.3
pcelsGroupAuxClass O 1.3.6.1.1.9.1.4
NAME Type OID
-------------- ---- ------------
pcelsPolicySet O 1.3.6.1.1.9.1.1
pcelsPolicySetAssociation O 1.3.6.1.1.9.1.2
pcelsGroup O 1.3.6.1.1.9.1.3
pcelsGroupAuxClass O 1.3.6.1.1.9.1.4
pcelsGroupInstance O 1.3.6.1.1.9.1.5 pcelsRule O 1.3.6.1.1.9.1.6 pcelsRuleAuxClass O 1.3.6.1.1.9.1.7 pcelsRuleInstance O 1.3.6.1.1.9.1.8 pcelsConditionAssociation O 1.3.6.1.1.9.1.9 pcelsActionAssociation O 1.3.6.1.1.9.1.10 pcelsSimpleConditionAuxClass O 1.3.6.1.1.9.1.11 pcelsCompoundConditionAuxClass O 1.3.6.1.1.9.1.12 pcelsCompoundFilterConditionAuxClass O 1.3.6.1.1.9.1.13 pcelsSimpleActionAuxClass O 1.3.6.1.1.9.1.14 pcelsCompoundActionAuxClass O 1.3.6.1.1.9.1.15 pcelsVariable O 1.3.6.1.1.9.1.16 pcelsExplicitVariableAuxClass O 1.3.6.1.1.9.1.17 pcelsImplicitVariableAuxClass O 1.3.6.1.1.9.1.18 pcelsSourceIPv4VariableAuxClass O 1.3.6.1.1.9.1.19 pcelsSourceIPv6VariableAuxClass O 1.3.6.1.1.9.1.20 pcelsDestinationIPv4VariableAuxClass O 1.3.6.1.1.9.1.21 pcelsDestinationIPv6VariableAuxClass O 1.3.6.1.1.9.1.22 pcelsSourcePortVariableAuxClass O 1.3.6.1.1.9.1.23 pcelsDestinationPortVariableAuxClass O 1.3.6.1.1.9.1.24 pcelsIPProtocolVariableAuxClass O 1.3.6.1.1.9.1.25 pcelsIPVersionVariableAuxClass O 1.3.6.1.1.9.1.26 pcelsIPToSVariableAuxClass O 1.3.6.1.1.9.1.27 pcelsDSCPVariableAuxClass O 1.3.6.1.1.9.1.28 pcelsFlowIdVariableAuxClass O 1.3.6.1.1.9.1.29 pcelsSourceMACVariableAuxClass O 1.3.6.1.1.9.1.30 pcelsDestinationMACVariableAuxClass O 1.3.6.1.1.9.1.31 pcelsVLANVariableAuxClass O 1.3.6.1.1.9.1.32 pcelsCoSVariableAuxClass O 1.3.6.1.1.9.1.33 pcelsEthertypeVariableAuxClass O 1.3.6.1.1.9.1.34 pcelsSourceSAPVariableAuxClass O 1.3.6.1.1.9.1.35 pcelsDestinationSAPVariableAuxClass O 1.3.6.1.1.9.1.36 pcelsSNAPOUIVariableAuxClass O 1.3.6.1.1.9.1.37 pcelsSNAPTypeVariableAuxClass O 1.3.6.1.1.9.1.38 pcelsFlowDirectionVariableAuxClass O 1.3.6.1.1.9.1.39 pcelsValueAuxClass O 1.3.6.1.1.9.1.40 pcelsIPv4AddrValueAuxClass O 1.3.6.1.1.9.1.41 pcelsIPv6AddrValueAuxClass O 1.3.6.1.1.9.1.42 pcelsMACAddrValueAuxClass O 1.3.6.1.1.9.1.43 pcelsStringValueAuxClass O 1.3.6.1.1.9.1.44 pcelsBitStringValueAuxClass O 1.3.6.1.1.9.1.45 pcelsIntegerValueAuxClass O 1.3.6.1.1.9.1.46 pcelsBooleanValueAuxClass O 1.3.6.1.1.9.1.47 pcelsReusableContainer O 1.3.6.1.1.9.1.48 pcelsReusableContainerAuxClass O 1.3.6.1.1.9.1.49 pcelsReusableContainerInstance O 1.3.6.1.1.9.1.50 pcelsRoleCollection O 1.3.6.1.1.9.1.51 pcelsFilterEntryBase O 1.3.6.1.1.9.1.52
pcelsGroupInstance O 1.3.6.1.1.9.1.5 PCELSCORule O 1.3.6.1.9.1.6 PCELSCORuleAuxClass O 1.3.6.1.1.9.1.7 PCELSCORuleInstance O 1.3.6.1.1.9.1.8 PCELSCOConditionAssociation O 1.3.6.1.1.9.9 PCELSCOctionAssociation O 1.3.6.1.1.1.9.1.10 PCELSCOSimpleConditionAuxClass O 1.6.1.1.9PCELSCompondeFilterConditionAuxClass O1.3.6.1.1.9.1.13 pcelsSimpleActionAuxClass O1.3.6.1.1.9.14 PCELSCompondeActionAuxClass O1.3.6.1.1.1.9.15 PCELS变量O1.3.6.1.1.9.1.16 PCELSCimplicitVariableAuxClass O1.3.6.1.1.1.9.1.1.17 PCELSCimplicitVariableAuxClass O1.1.6.1.1.1.19pcelsSourceIPv6VariableAuxClass O 1.3.6.1.1.9.1.20 PCELSDestinationPV4VariableAuxClass O 1.3.6.1.9.1.21 PCELSDestinationPV6VariableAuxClass O 1.3.6.1.1.9.1.22 pcelsSourcePortVariableAuxClass O 1.3.6.1.1.9.1.23 pcelsDestinationPortVariableAuxClass O 1.3.6.1.1.1.9.1.24pcelsIPVersionVariableAuxClass O 1.3.6.1.1.9.1.26 PCELSIPOTOSVariableAuxClass O 1.3.6.1.1.9.1.27 PCELSDSCVariableAuxClass O 1.3.6.1.1.9.1.28 PCELSFloidVariableAuxClass O 1.3.6.1.1.1.9.29 pcelsSourceMACVariableAuxClass O 1.3.6.1.1.1.9.1.30 PCELSDesdestinationMacVariableAuxClass O 1.3.6.1.1.1.1.9.31 PCELSSourceLsVariableAuxClass 1.32pcelsCoSVariableAuxClass O 1.3.6.1.1.9.1.33 PCELSCOSEARTYPE VariableAuxClass O 1.3.6.1.1.9.1.34 PCELSCOSSourceSAVariableAuxClass O 1.3.6.1.9.1.35 PCELSCOSNAPPariableAuxClass O 1.3.6.1.1.1.9.36 PCELSSNAPPariableAuxClass O 1.1.3.6.1.1.1.1.9.1.37 PCELSSNAPPRIABILASNAPPariableAuxClass O 1.1.3pcelsIPv4AddrValueAuxClass O 1.3.6.1.9.1.40 pcelsIPv4AddrValueAuxClass O 1.3.6.1.9.1.41 pcelsIPv6AddrValueAuxClass O 1.3.6.1.1.9.1.42 pcelsMACAddrValueAuxClass O 1.3.6.1.1.9.1.43 pcelsStringValueAuxClass O 1.3.6.1.1.1.9.1.44 pcelsBitStringValueAuxClass O 1.6.1.1.1.9.451.3.6.1.1.9.1.47 pcelsReusableContainer O1.3.6.1.9.1.48 pcelsReusableContainer O1.3.6.1.1.9.1.49 pcelsReusableContainer O1.3.6.1.1.9.1.50 pcelsRoleCollection O1.3.6.1.1.9.1.51 pCelsFilterTerryBase O1.3.6.1.1.1.9.52
pcelsIPHeadersFilter O 1.3.6.1.1.9.1.53 pcels8021Filter O 1.3.6.1.1.9.1.54 pcelsFilterListAuxClass O 1.3.6.1.1.9.1.55 pcelsVendorVariableAuxClass O 1.3.6.1.1.9.1.56 pcelsVendorValueAuxClass O 1.3.6.1.1.9.1.57 pcelsPolicySetName A 1.3.6.1.1.9.2.1 pcelsDecisionStrategy A 1.3.6.1.1.9.2.2 pcelsPolicySetList A 1.3.6.1.1.9.2.3 pcelsPriority A 1.3.6.1.1.9.2.4 pcelsPolicySetDN A 1.3.6.1.1.9.2.5 pcelsConditionListType A 1.3.6.1.1.9.2.6 pcelsConditionList A 1.3.6.1.1.9.2.7 pcelsActionList A 1.3.6.1.1.9.2.8 pcelsSequencedActions A 1.3.6.1.1.9.2.9 pcelsExecutionStrategy A 1.3.6.1.1.9.2.10 pcelsVariableDN A 1.3.6.1.1.9.2.11 pcelsValueDN A 1.3.6.1.1.9.2.12 pcelsIsMirrored A 1.3.6.1.1.9.2.13 pcelsVariableName A 1.3.6.1.1.9.2.14 pcelsExpectedValueList A 1.3.6.1.1.9.2.15 pcelsVariableModelClass A 1.3.6.1.1.9.2.16 pcelsVariableModelProperty A 1.3.6.1.1.9.2.17 pcelsExpectedValueTypes A 1.3.6.1.1.9.2.18 pcelsValueName A 1.3.6.1.1.9.2.19 pcelsIPv4AddrList A 1.3.6.1.1.9.2.20 pcelsIPv6AddrList A 1.3.6.1.1.9.2.21 pcelsMACAddrList A 1.3.6.1.1.9.2.22 pcelsStringList A 1.3.6.1.1.9.2.23 pcelsBitStringList A 1.3.6.1.1.9.2.24 pcelsIntegerList A 1.3.6.1.1.9.2.25 pcelsBoolean A 1.3.6.1.1.9.2.26 pcelsReusableContainerName A 1.3.6.1.1.9.2.27 pcelsReusableContainerList A 1.3.6.1.1.9.2.28 pcelsRole A 1.3.6.1.1.9.2.29 pcelsRoleCollectionName A 1.3.6.1.1.9.2.30 pcelsElementList A 1.3.6.1.1.9.2.31 pcelsFilterName A 1.3.6.1.1.9.2.32 pcelsFilterIsNegated A 1.3.6.1.1.9.2.33 pcelsIPHdrVersion A 1.3.6.1.1.9.2.34 pcelsIPHdrSourceAddress A 1.3.6.1.1.9.2.35 pcelsIPHdrSourceAddressEndOfRange A 1.3.6.1.1.9.2.36 pcelsIPHdrSourceMask A 1.3.6.1.1.9.2.37 pcelsIPHdrDestAddress A 1.3.6.1.1.9.2.38 pcelsIPHdrDestAddressEndOfRange A 1.3.6.1.1.9.2.39 pcelsIPHdrDestMask A 1.3.6.1.1.9.2.40 pcelsIPHdrProtocolID A 1.3.6.1.1.9.2.41 pcelsIPHdrSourcePortStart A 1.3.6.1.1.9.2.42 pcelsIPHdrSourcePortEnd A 1.3.6.1.1.9.2.43
PCELSIPHEADERSO1.3.6.1.1.9.1.53 PCELS8021过滤器O1.3.6.1.1.9.1.54 pcelsFilterListAuxClass O1.3.6.1.1.9.1.55 pcelsVendorVariableAuxClass O1.3.6.1.1.9.1.56 pcelsVendorValueAuxClass O1.3.6.1.1.1.1.1.9.1.1.57 PCELSpolicySolicySetName A 1.3.6.1.1.1.1.9.2.1 pcelsDecisionStrategy策略A 1.3.6.2.1.1.1.2.1.9 PCELSA优先权1.3.3.3.6.6.1.1.1.1.1.1.1.9.2.2.5 pcels条件列表类型1.3.6.1.1.1.1.1.1.1.1.1.1.9.9.2.2.2.6.2.6.6.2.6.6.6.6.6.6.6.6.6.6.6 pcels条件列表。pcels条件列表(1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.9.9 1.6.1.1.9.2.13pcelsVariableName A 1.3.6.1.1.9.2.14 pcelsExpectedValueList A 1.3.6.1.1.9.2.15 pcelsVariableModelClass A 1.3.6.1.9.2.16 pcelsVariableModelProperty A 1.3.6.1.1.9.2.17 PcelsExpectedValueType A 1.3.6.1.1.1.9.2.18 pcelsValueName A 1.3.6.1.1.1.1.1.1.9.2.19 PcelsIpIpIpAddrList A 1.3.6.1.1.2.9.1.1.1.1.2 PcelsExpectedValuelSdValueName VdValueName A 1.21.6.1.9.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.27可再利用的容器包括1.3.3.3.6.6.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.9.9.9.9.9.9.9.9.9.9.9.9.9.2.2.2.2.2.2.2.2.2.2.2.2.27可再利用可再利用的可再利用的可再利用的可再利用的可再利用的可再利用的可再利用的可再利用的可再利用的容器。27。可再利用的可再利用的可再利用的可再利用的可再利用的可再利用的可再1.3.6.1.1.9.2.31 pcelsFilterName A 1.3.6.1.9.2.32 pcelsFilterName A 1.3.6.1.1.9.2.33 pCelsiphdr版本A 1.3.6.1.1.9.2.34 pCelsiphdr源地址A 1.3.6.1.1.9.2.35 pCelsiphdr源地址Endovrange A 1.3.6.1.1.1.1.1.9.2.36 pCelsiphdr源地址A 1.3.6.1.1.1.1.9.2.38 pCelsiphdr源地址1.3.6.1.1.9.2.39 pcelsIPHdrDestMask A 1.3.6.1.9.2.40 pcelsIPHdrProtocolID A 1.3.6.1.1.9.2.41 pCelsiphdrSourcePort启动A 1.3.6.1.1.9.2.42 pCelsiphdrSourcePort和A 1.3.6.1.1.9.2.43
pcelsIPHdrDestPortStart A 1.3.6.1.1.9.2.44 pcelsIPHdrDestPortEnd A 1.3.6.1.1.9.2.45 pcelsIPHdrDSCPList A 1.3.6.1.1.9.2.46 pcelsIPHdrFlowLabel A 1.3.6.1.1.9.2.47 pcels8021HdrSourceMACAddress A 1.3.6.1.1.9.2.48 pcels8021HdrSourceMACMask A 1.3.6.1.1.9.2.49 pcels8021HdrDestMACAddress A 1.3.6.1.1.9.2.50 pcels8021HdrDestMACMask A 1.3.6.1.1.9.2.51 pcels8021HdrProtocolID A 1.3.6.1.1.9.2.52 pcels8021HdrPriority A 1.3.6.1.1.9.2.53 pcels8021HdrVLANID A 1.3.6.1.1.9.2.54 pcelsFilterListName A 1.3.6.1.1.9.2.55 pcelsFilterDirection A 1.3.6.1.1.9.2.56 pcelsFilterEntryList A 1.3.6.1.1.9.2.57 pcelsVendorVariableData A 1.3.6.1.1.9.2.58 pcelsVendorVariableEncoding A 1.3.6.1.1.9.2.59 pcelsVendorValueData A 1.3.6.1.1.9.2.60 pcelsVendorValueEncoding A 1.3.6.1.1.9.2.61 pcelsRuleValidityPeriodList A 1.3.6.1.1.9.2.62
1.3.6.6.1.1.9.9.2.2.2.44(4.4)pciph(1.6.6.1.1.1.9.2.2.45(4)pciphes(4.4)pcipiph(1.3.6.6.6.6.6.6.1.1.2.2.45(4)pciphes(1.4)iphes(4.4(4)pciphes(1.1.1.2.4)iphes(1.4(1.4)pciph(1.1.4)pciph(1.1.2.4)pciphes(1.4(1.1.4)s(1.1.1.1.2.1.4(1.4)iphes(1.1.1.1.1.1.1.1.2.1.4(1.45)pciphes(1.4)pciphe9.2.511.3.6.1.1.9.2.2.2.2.5 PCELS80802 1 1 1 1.3.6.6.1.1.1.9.9.2.3.3.1.9.2.2.53 PCELS802 2.3.1.2.3.2.2.2.53 PCELS802.2.3 PCELS802.2.2.3 PCELS802.2.2.3 PCELS802.2.2.3.2.2.3 PCELS802.3.2.2.2.3.2.2.2.3.2.2.3.2.2.3.3 PCELS802.3.2.2.2.3.2.2.2.2.2.2.3.2.2.2.3.2.2.2.2.3 PCELLLLLLLLLLS808080212.2.2.2.价值数据A 1.3.6.1.1.9.2.60 pcelsVendorValueEncoding A 1.3.6.1.1.9.2.61 pcelsRuleValidityPeriodList A 1.3.6.1.1.9.2.62
where Type A is Attribute, Type O is ObjectClass
其中类型A是属性,类型O是对象类
These assignments are recorded in the following registry:
这些分配记录在以下注册表中:
http://www.iana.org/assignments/ldap-parameters
http://www.iana.org/assignments/ldap-parameters
We would like to thank Kurt Zeilenga, Bert Wijnen, Ryan Moats, John Strassner, David McTavish, Larry Bartz and all the other members of the Policy Framework WG for reviewing this document and making many helpful suggestions and corrections.
我们要感谢Kurt Zeilenga、Bert Wijnen、Ryan Moats、John Strassner、David McTavish、Larry Bartz和政策框架工作组的所有其他成员对本文件进行了审查,并提出了许多有益的建议和更正。
We would also like to thank Joel Halpern (co-chair of the Policy Framework WG) for his support, for bringing this document to the attention of the Policy Framework WG and for moderating the resulting interactions.
我们还要感谢Joel Halpern(政策框架工作组共同主席)的支持,感谢他将本文件提请政策框架工作组注意,并感谢他缓和了由此产生的互动。
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[CIM] Distributed Management Task Force, Inc., "Common
Information Model (CIM) Specification", Version 2.2,
June 14, 1999,
http://www.dmtf.org/standards/documents/CIM/DSP0004.pdf
[CIM] Distributed Management Task Force, Inc., "Common
Information Model (CIM) Specification", Version 2.2,
June 14, 1999,
http://www.dmtf.org/standards/documents/CIM/DSP0004.pdf
[CIM_LDAP] Distributed Management Task Force, Inc., "DMTF LDAP
Schema for the CIM v2.5 Core Information Model", April
15, 2002,
http://www.dmtf.org/standards/documents/DEN/DSP0123.pdf
[CIM_LDAP] Distributed Management Task Force, Inc., "DMTF LDAP
Schema for the CIM v2.5 Core Information Model", April
15, 2002,
http://www.dmtf.org/standards/documents/DEN/DSP0123.pdf
[PCIM] Moore, B., Ellesson, E., Strassner, J., and A. Westerinen, "Policy Core Information Model -- Version 1 Specification", RFC 3060, February 2001.
[PCIM]Moore,B.,Ellesson,E.,Strassner,J.,和A.Westerinen,“政策核心信息模型——版本1规范”,RFC 3060,2001年2月。
[PCIM_EXT] Moore, B., "Policy Core Information Model (PCIM) Extensions", RFC 3460, January 2003.
[PCIM_EXT]Moore,B.,“政策核心信息模型(PCIM)扩展”,RFC 3460,2003年1月。
[PCLS] Strassner, J., Moore, B., Moats, R., and E. Ellesson, "Policy Core Lightweight Directory Access Protocol (LDAP) Schema", RFC 3703, February 2004.
[PCLS]Strassner,J.,Moore,B.,Moats,R.,和E.Ellsson,“策略核心轻量级目录访问协议(LDAP)模式”,RFC 3703,2004年2月。
[LDAP] Hodges, J. and R. Morgan, "Lightweight Directory Access Protocol (v3): Technical Specification", RFC 3377, September 2002.
[LDAP]Hodges,J.和R.Morgan,“轻量级目录访问协议(v3):技术规范”,RFC3372002年9月。
[LDAP_SYNTAX] Wahl, M., Coulbeck, A., Howes, T., and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997.
[LDAP_语法]Wahl,M.,Coulbeck,A.,Howes,T.,和S.Kille,“轻量级目录访问协议(v3):属性语法定义”,RFC2252,1997年12月。
[LDAP_SCHEMA] Wahl, M., "A Summary of the X.500(96) User Schema for use with LDAPv3", RFC 2256, December 1997.
[LDAP_模式]Wahl,M.,“与LDAPv3一起使用的X.500(96)用户模式摘要”,RFC 2256,1997年12月。
[LDAP_MATCH] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP): Additional Matching Rules", RFC 3698, February 2004.
[LDAP_MATCH]Zeilenga,K.,“轻量级目录访问协议(LDAP):附加匹配规则”,RFC 3698,2004年2月。
[X.501] The Directory: Models. ITU-T Recommendation X.501, 2001.
[X.501]目录:模型。ITU-T建议X.501,2001年。
[X.520] The Directory: Selected Attribute Types. ITU-T Recommendation X.520, 2001.
[X.520]目录:选定的属性类型。ITU-T建议X.520,2001年。
[LDAP-IANA] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
[LDAP-IANA]Zeilenga,K.,“轻量级目录访问协议(LDAP)的互联网分配号码管理局(IANA)注意事项”,BCP 64,RFC 3383,2002年9月。
Authors' Addresses
作者地址
Mircea Pana MetaSolv Software Inc. 360 Legget Drive Ottawa, Ontario, Canada K2K 3N1
加拿大安大略省渥太华市利格特大道360号Mircea Pana MetaSolv软件公司K2K 3N1
EMail: mpana@metasolv.com
EMail: mpana@metasolv.com
Angelica Reyes Department of Computer Architecture Technical University of Catalonia Campus Castelldefels Spain
西班牙卡斯特尔德费尔斯加泰罗尼亚校区计算机建筑技术系雷耶斯
EMail: mreyes@ac.upc.edu
EMail: mreyes@ac.upc.edu
Antoni Barba Technical University of Catalonia Jordi-Girona 1-3 08034 Barcelona Spain
加泰罗尼亚安东尼巴巴技术大学霍尔迪赫罗纳1-3巴塞罗那西班牙08034
EMail: telabm@mat.upc.es
EMail: telabm@mat.upc.es
David Moron Technical University of Catalonia Jordi-Girona 1-3 08034 Barcelona Spain
加泰罗尼亚戴维莫伦技术大学霍尔迪赫罗纳1-3巴塞罗那西班牙08034
EMail: dmor4477@hotmail.com
EMail: dmor4477@hotmail.com
Marcus Brunner NEC Europe Ltd. Kurfuersten-Anlage 36 D-69115 Heidelberg Germany
Marcus Brunner NEC欧洲有限公司Kurfuersten Anlage 36 D-69115德国海德堡
EMail: brunner@netlab.nec.de
EMail: brunner@netlab.nec.de
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。