Tech-invite3GPPspaceIETFspace
959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 4104

Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS)

Pages: 88
Proposed Standard
Updates:  3703
Part 3 of 4 – Pages 30 to 60
First   Prev   Next

Top   ToC   RFC4104 - Page 30   prevText

5.3. The Three Policy Group Classes

The pcelsGroup class is the base class for representing a policy group. It is mapped from the modified PolicyGroup class [PCIM_EXT]. The pcelsGroup class is derived from the pcelsPolicySet class. To maximize flexibility, the pcelsGroup class is defined as abstract. An auxiliary subclass pcelsGroupAuxClass enables the attachment of a policy group to an existing entry, while a structural subclass pcelsGroupInstance permits the representation of a policy group as a standalone entry. The pcelsGroup class is defined as follows: ( 1.3.6.1.1.9.1.3 NAME 'pcelsGroup' DESC 'Base class for representing a policy group' SUP pcelsPolicySet ABSTRACT MAY ( pcimGroupName ) )
Top   ToC   RFC4104 - Page 31
   The pcelsGroupAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.4
     NAME 'pcelsGroupAuxClass'
     DESC 'Auxiliary class for representing a policy group'
     SUP pcelsGroup
     AUXILIARY
   )

   The pcelsGroupInstance class is defined as follows:

   ( 1.3.6.1.1.9.1.5
     NAME 'pcelsGroupInstance'
     DESC 'Structural class for representing a policy group'
     SUP pcelsGroup
     STRUCTURAL
   )

   The pcimGroupName attribute type used by the pcelsGroup class is
   defined in the section 5.2 of [PCLS].  In the pcelsGroup object
   class, this attribute preserves its syntax and semantics as defined
   by [PCLS] and [PCIM].

   Note: PCELS implementations SHOULD support pcelsGroup and its two
   subclasses and MAY also support pcimGroup and its two subclasses
   [PCLS].  Applications that choose to support pcelsGroup and its two
   subclasses MUST use the aggregation mechanism provided by
   pcelsPolicySetAssociation for aggregating policy groups or policy
   rules in policy groups represented as instances of pcelsGroup.

5.4. The Three Policy Rule Classes

The pcelsRule class is the base class for representing a policy rule. It is mapped from the modified PolicyRule class [PCIM_EXT]. The pcelsRule class is derived from the pcelsPolicySet class. To maximize flexibility, the pcelsRule class is defined as abstract. An auxiliary subclass pcelsRuleAuxClass enables the attachment of a policy rule to an existing entry, while a structural subclass pcelsRuleInstance permits the representation of a policy rule as a standalone entry. When reading a pcelsRule instance that has a pcimConditionAuxClass attached, from the policy rule perspective the attribute pcelsConditionList MUST be ignored. For example, if present, the attribute MUST NOT be considered an association between this policy rule and a policy condition. Such situations may occur, for example, when a pcelsCompoundConditionAuxClass is attached to a pcelsRule instance.
Top   ToC   RFC4104 - Page 32
   When reading a pcelsRule instance that has a pcimActionAuxClass
   attached, from the policy rule perspective the attribute
   pcelsActionList MUST be ignored.  For example, if present, the
   attribute MUST NOT be considered an association between this policy
   rule and a policy action.  Such situations may occur, for example,
   when a pcelsCompoundActionAuxClass is attached to a pcelsRule
   instance.

   The pcelsRule class is defined as follows:

   ( 1.3.6.1.1.9.1.6
     NAME 'pcelsRule'
     DESC 'Base class for representing a policy rule'
     SUP pcelsPolicySet
     ABSTRACT
     MAY ( pcimRuleName
         $ pcimRuleEnabled
         $ pcimRuleUsage
         $ pcimRuleMandatory
         $ pcelsRuleValidityPeriodList
         $ pcelsConditionListType
         $ pcelsConditionList
         $ pcelsActionList
         $ pcelsSequencedActions
         $ pcelsExecutionStrategy )
   )

   The pcelsRuleAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.7
     NAME 'pcelsRuleAuxClass'
     DESC 'Auxiliary class for representing a policy rule'
     SUP pcelsRule
     AUXILIARY
   )

   The pcelsRuleInstance class is defined as follows:

   ( 1.3.6.1.1.9.1.8
     NAME 'pcelsRuleInstance'
     DESC 'Structural class for representing a policy rule'
     SUP pcelsRule
     STRUCTURAL
   )
Top   ToC   RFC4104 - Page 33
   Four of the attributes used by the pcelsRule class are defined in the
   section 5.3 of [PCLS].  These attributes are: pcimRuleName,
   pcimRuleEnabled, pcimRuleUsage and pcimRuleMandatory.  In the
   pcelsRule object class, these attributes preserve their syntax and
   semantics as defined by [PCLS] and [PCIM].

   The attributes pcimRuleValidityPeriodList, pcimRuleConditionListType,
   pcimRuleConditionList, pcimRuleActionList and
   pcimRuleSequencedActions defined in [PCLS] are not used by pcelsRule.
   Instead, this class uses the new attributes
   pcelsRuleValidityPeriodList, pcelsConditionListType,
   pcelsConditionList, pcelsActionList and pcelsSequencedActions.
   Except for pcelsRuleValidityPeriodList, the new attributes are also
   used for similar purpose by either pcelsCompoundConditionAuxClass or
   pcelsCompoundActionAuxClass.

   The pcelsRuleValidityPeriodList attribute type is used in the
   realization of the PolicyRuleValidityPeriod association ([PCIM_EXT]
   and [PCIM]).  This attribute type is of syntax DN [LDAP_SYNTAX].  It
   has an equality matching rule of distinguishedNameMatch
   [LDAP_SYNTAX].  Attributes of this type can have multiple values.
   The only allowed values for pcelsRuleValidityPeriodList attributes
   are DNs of pcimRuleValidityAssociation entries.  In a pcelsRule, the
   pcelsRuleValidityPeriodList attribute represents the associations
   between this policy rule and its time period conditions.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.62
     NAME 'pcelsRuleValidityPeriodList'
     DESC 'Unordered set of DNs of pcimRuleValidityAssociation entries'
     EQUALITY distinguishedNameMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
   )

   The pcelsConditionListType attribute type indicates whether the set
   of aggregated conditions is in disjunctive or conjunctive normal
   form.  It is mapped from the PolicyRule.ConditionListType property
   [PCIM] (identical to the CompoundPolicyCondition.ConditionListType
   property defined in [PCIM_EXT]).  This attribute type is of syntax
   Integer [LDAP_SYNTAX].  It has an equality matching rule of
   integerMatch [LDAP_SYNTAX] and an ordering matching rule of
   integerOrderingMatch [LDAP_MATCH].  Attributes of this type can only
   have a single value.  The only allowed values for attributes of this
   type are 1 (Disjunctive) and 2 (Conjunctive).  If this attribute is
   missing from a pcelsRule instance, applications MUST assume that the
   set of aggregated conditions is in disjunctive normal form.
Top   ToC   RFC4104 - Page 34
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.6
     NAME 'pcelsConditionListType'
     DESC 'Indicates the type of condition aggregation'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE
   )

   The pcelsConditionList attribute type is used in the realization of
   the PolicyConditionStructure association [PCIM_EXT].  This attribute
   type is of syntax DN [LDAP_SYNTAX].  It has an equality matching rule
   of distinguishedNameMatch [LDAP_SYNTAX].  Attributes of this type can
   have multiple values.  The only allowed values for pcelsConditionList
   attributes are DNs of pcelsConditionAssociation entries.  In a
   pcelsRule, the pcelsConditionList attribute represents the
   associations between this policy rule and its conditions.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.7
     NAME 'pcelsConditionList'
     DESC 'Unordered set of DNs of pcelsConditionAssociation entries'
     EQUALITY distinguishedNameMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
   )

   The pcelsActionList attribute type is used in the realization of the
   PolicyActionStructure association [PCIM_EXT].  This attribute type is
   of syntax DN [LDAP_SYNTAX].  It has an equality matching rule of
   distinguishedNameMatch [LDAP_SYNTAX].  Attributes of this type can
   have multiple values.  The only allowed values for pcelsActionList
   attributes are DNs of pcelsActionAssociation entries.  In a
   pcelsRule, the pcelsActionList attribute represents the associations
   between this policy rule and its actions.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.8
     NAME 'pcelsActionList'
     DESC 'Unordered set of DNs of pcelsActionAssociation entries'
     EQUALITY distinguishedNameMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
   )
Top   ToC   RFC4104 - Page 35
   The pcelsSequencedActions attribute type indicates whether the
   ordered execution of actions in an aggregate is Mandatory,
   Recommended or DontCare.  It is mapped from the
   PolicyRule.SequencedActions property [PCIM] (identical to the
   CompoundPolicyAction.SequencedActions property defined in
   [PCIM_EXT]).  This attribute type is of syntax Integer [LDAP_SYNTAX].
   It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an
   ordering matching rule of integerOrderingMatch [LDAP_MATCH].
   Attributes of this type can only have a single value.  The only
   allowed values for attributes of this type are 1 (Mandatory), 2
   (Recommended) and 3 (DontCare).  If this attribute is missing from a
   pcelsRule instance, applications MUST assume that the ordered
   execution of actions in this rule is not important (DontCare).

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.9
     NAME 'pcelsSequencedActions'
     DESC 'Indicates the importance of action sequencing'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE
   )

   The pcelsExecutionStrategy attribute type indicates whether the
   actions in an aggregate are to be executed until success, all
   (independent of their outcome) or until failure.  It is mapped from
   the PolicyRule.ExecutionStrategy property [PCIM_EXT] (identical to
   the CompoundPolicyAction.ExecutionStrategy property).  This attribute
   type is of syntax Integer [LDAP_SYNTAX].  It has an equality matching
   rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of
   integerOrderingMatch [LDAP_MATCH].  Attributes of this type can only
   have a single value.  The only allowed values for attributes of this
   type are 1 (Do until success), 2 (Do all) and 3 (Do until failure).
   If this attribute is missing from a pcelsRule instance, applications
   MUST assume that all the actions are to be executed (Do all).

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.10
     NAME 'pcelsExecutionStrategy'
     DESC 'Indicates the action execution strategy'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE
   )
Top   ToC   RFC4104 - Page 36
   Note 1: Rule validity periods for an instance of pcelsRule are
   realized using the attribute pcelsRuleValidityPeriodList and
   pcimRuleValidityAssociation [PCLS] entries subordinated to the rule.

   If DIT structure rules and name forms are written for a PCELS
   implementation (as suggested in section 5.5 of [PCLS]), they would
   require that an instance of the pcimRuleValidityAssociation class
   have as its superior an instance of the pcelsRule class or, if
   applicable, an instance of the pcimRule class.  Any structure rules
   and name forms that require an instance of the
   pcimRuleValidityAssociation class to have as its superior only an
   instance of the pcimRule class, are in conflict and MUST be removed.

   Note 2: PCELS implementations SHOULD support pcelsRule and its two
   subclasses and MAY also support pcimRule and its two subclasses
   [PCLS].  Applications that choose to support pcelsRule and its two
   subclasses MUST use the aggregation mechanism provided by
   pcelsPolicySetAssociation for aggregating policy groups or policy
   rules in policy rules represented as instances of pcelsRule.

5.5. The Structural Class pcelsConditionAssociation

The pcelsConditionAssociation class is used in the aggregation of PolicyCondition instances [PCIM]. pcelsConditionAssociation entries are always subordinated to the aggregating entry. When subordinated to an instance of pcelsRule, the pcelsConditionAssociation entry realizes the PolicyConditionInPolicyRule association [PCIM_EXT]. When subordinated to an instance of pcelsCompoundConditionAuxClass, the pcelsConditionAssociation entry realizes the PolicyConditionInPolicyCondition association [PCIM_EXT]. The pcelsConditionAssociation class is a structural object class and it is derived from the pcimRuleConditionAssociation class [PCLS]. The aggregation of a reusable instance of pcimConditionAuxClass is realized via the pcimConditionDN attribute. A non-reusable instance of pcimConditionAuxClass is attached directly to the pcelsConditionAssociation entry. When reading a pcelsConditionAssociation entry that has a pcimConditionAuxClass instance attached, the attribute pcimConditionDN MUST be ignored. Applications SHOULD remove the pcimConditionDN value from a pcelsConditionAssociation upon attachment of a pcimConditionAuxClass to the entry.
Top   ToC   RFC4104 - Page 37
   The pcelsConditionAssociation class is defined as follows:

   ( 1.3.6.1.1.9.1.9
     NAME 'pcelsConditionAssociation'
     DESC 'Associates a policy conditions to an aggregating entry'
     SUP pcimRuleConditionAssociation
     STRUCTURAL
   )

   This class extends the semantics of the pcimRuleConditionAssociation
   object class without using any new attributes.  All its attributes
   are inherited from the pcimRuleConditionAssociation that is defined
   in section 5.4 of [PCLS].

5.6. The Structural Class pcelsActionAssociation

The pcelsActionAssociation class is used in the aggregation of PolicyAction instances [PCIM]. pcelsActionAssociation entries are always subordinated to the aggregating entry. When subordinated to a pcelsRule instance, the pcelsActionAssociation entry realizes the PolicyActionInPolicyRule association [PCIM_EXT]. When subordinated to an instance of pcelsCompoundActionAuxClass, the pcelsActionAssociation entry realizes the PolicyActionInPolicyAction association [PCIM_EXT]. The pcelsActionAssociation class is a structural object class and it is derived from the pcimRuleActionAssociation class [PCLS]. The aggregation of a reusable instance of pcimActionAuxClass is realized via the pcimActionDN attribute. A non-reusable instance of pcimActionAuxClass is attached directly to the pcelsActionAssociation entry. When reading a pcelsActionAssociation entry that has a pcimActionAuxClass instance attached, the attribute pcimActionDN MUST be ignored. Applications SHOULD remove the pcimActionDN value from a pcelsActionAssociation upon attachment of a pcimActionAuxClass to the entry. The pcelsActionAssociation class is defined as follows: ( 1.3.6.1.1.9.1.10 NAME 'pcelsActionAssociation' DESC 'Associates a policy conditions to an aggregating entry' SUP pcimRuleActionAssociation STRUCTURAL )
Top   ToC   RFC4104 - Page 38
   This class extends the semantics of the pcimRuleActionAssociation
   object class without using any new attributes.  All its attributes
   are inherited from the pcimRuleActionAssociation that is defined in
   section 5.6 of [PCLS].

5.7. The Auxiliary Class pcelsSimpleConditionAuxClass

The pcelsSimpleConditionAuxClass class implements a Value matching condition for a Variable. It is mapped from the SimplePolicyCondition class [PCIM_EXT]. The pcelsSimpleConditionAuxClass class is an auxiliary object class and it is derived from the pcimConditionAuxClass class [PCLS]. A reusable variable/value is associated to a pcelsSimpleConditionAuxClass via the pcelsVariableDN/pcelsValueDN reference from the simple condition instance. A non-reusable variable/value is associated directly as auxiliary object class to the same entry as the pcelsSimpleConditionAuxClass instance. When reading a pcelsSimpleConditionAuxClass instance that has an instance of pcelsVariable attached, the attribute pcelsVariableDN MUST be ignored. Applications SHOULD remove the pcelsVariableDN value from a pcelsSimpleConditionAuxClass instance upon attachment of a pcelsVariable instance to the same entry. When reading a pcelsSimpleConditionAuxClass instance that has an instance of pcelsValue attached, the attribute pcelsValueDN MUST be ignored. Applications SHOULD remove the pcelsValueDN value from a pcelsSimpleConditionAuxClass instance upon attachment of a pcelsValue instance to the same entry. The pcelsSimpleConditionAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.11 NAME 'pcelsSimpleConditionAuxClass' DESC 'Value matching condition for a policy variable' SUP pcimConditionAuxClass AUXILIARY MAY ( pcelsVariableDN $ pcelsValueDN ) ) The pcelsVariableDN attribute type realizes the PolicyVariableInSimplePolicyCondition association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. The only allowed values for pcelsVariableDN attributes are DNs of pcelsVariable entries. In a
Top   ToC   RFC4104 - Page 39
   pcelsSimpleConditionAuxClass, the pcelsVariableDN attribute
   represents the association between this simple policy condition and
   its policy variable.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.11
     NAME 'pcelsVariableDN'
     DESC 'DN of a pcelsVariable entry'
     EQUALITY distinguishedNameMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
     SINGLE-VALUE
   )

   The pcelsValueDN attribute type realizes the
   PolicyValueInSimplePolicyCondition association [PCIM_EXT].  This
   attribute type is of syntax DN [LDAP_SYNTAX].  It has an equality
   matching rule of distinguishedNameMatch [LDAP_SYNTAX].  Attributes of
   this type can only have a single value.  The only allowed values for
   pcelsValueDN attributes are DNs of pcelsValueAuxClass entries.  In a
   pcelsSimpleConditionAuxClass, the pcelsValueDN attribute represents
   the association between this simple policy condition and its policy
   value.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.12
     NAME 'pcelsValueDN'
     DESC 'DN of a pcelsValueAuxClass entry'
     EQUALITY distinguishedNameMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
     SINGLE-VALUE
   )

   Note: An instance of pcelsSimpleActionAuxClass and an instance of
   pcelsSimpleConditionAuxClass MUST NOT be attached to the same entry.
   Because the two classes use the same mechanisms to associate
   Variables and Values, this restriction is necessary in order to avoid
   ambiguities.

5.8. The Auxiliary Class pcelsCompoundConditionAuxClass

The pcelsCompoundConditionAuxClass class represents a compound policy condition formed by the aggregation of other policy conditions. It is mapped from the CompoundPolicyCondition class [PCIM_EXT]. The pcelsCompoundConditionAuxClass class is an auxiliary object class and it is derived from the pcimConditionAuxClass class [PCLS].
Top   ToC   RFC4104 - Page 40
   The pcelsCompoundConditionAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.12
     NAME 'pcelsCompoundConditionAuxClass'
     DESC 'Boolean combination of simpler conditions'
     SUP pcimConditionAuxClass
     AUXILIARY
     MAY ( pcelsConditionListType
         $ pcelsConditionList )
   )

      If the pcelsConditionListType attribute is missing from a
   pcelsCompoundConditionAuxClass instance, applications MUST assume
   that the set of aggregated conditions is in disjunctive normal form.

   In a pcelsCompoundConditionAuxClass instance, the pcelsConditionList
   attribute represents the associations between this compound policy
   condition and the compounded conditions.

   These attribute types are defined in section 5.4.

   Like pcelsRule, instances of pcelsCompoundConditionAuxClass use
   pcelsConditionList values and subordinated pcelsConditionAssociation
   entries to aggregate policy conditions.

5.9. The Auxiliary Class pcelsCompoundFilterConditionAuxClass

The pcelsCompoundFilterConditionAuxClass class represents a domain- level filter. It is mapped from the CompoundFilterCondition class [PCIM_EXT]. The pcelsCompoundFilterConditionAuxClass class is an auxiliary object class and it is derived from the pcelsCompoundConditionAuxClass class. The pcelsCompoundFilterConditionAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.13 NAME 'pcelsCompoundFilterConditionAuxClass' DESC 'A compound condition with mirroring capabilities' SUP pcelsCompoundConditionAuxClass AUXILIARY MAY ( pcelsIsMirrored ) ) The pcelsIsMirrored attribute type indicates whether the traffic that mirrors the specified filter is to be treated as matching the filter. It is mapped from the CompoundFilterCondition.IsMirrored property [PCIM_EXT]. This attribute type is of syntax Boolean [LDAP_SYNTAX]. It has an equality matching rule of booleanMatch [LDAP_MATCH].
Top   ToC   RFC4104 - Page 41
   Attributes of this type can only have a single value.  If this
   attribute is missing from a pcelsCompoundFilterConditionAuxClass
   instance, applications MUST assume that the filter is not mirrored.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.13
     NAME 'pcelsIsMirrored'
     DESC 'Indicates whether the mirrored traffic matches'
     EQUALITY booleanMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
     SINGLE-VALUE
   )

5.10. The Auxiliary Class pcelsSimpleActionAuxClass

The pcelsSimpleActionAuxClass class implements the action of assigning a Value to a Variable. It is mapped from the SimplePolicyAction class [PCIM_EXT]. The pcelsSimpleActionAuxClass class is an auxiliary object class and it is derived from the pcimActionAuxClass class [PCLS]. A reusable variable/value is associated to a pcelsSimpleActionAuxClass via the pcelsVariableDN/pcelsValueDN reference from the simple action instance. A non-reusable variable/value is associated directly as auxiliary object class to the same entry as the pcelsSimpleActionAuxClass instance. When reading a pcelsSimpleActionAuxClass instance that has an instance of pcelsVariable attached, the attribute pcelsVariableDN MUST be ignored. Applications SHOULD remove the pcelsVariableDN value from a pcelsSimpleActionAuxClass instance upon attachment of a pcelsVariable instance to the same entry. When reading a pcelsSimpleActionAuxClass instance that has an instance of pcelsValue attached, the attribute pcelsValueDN MUST be ignored. Applications SHOULD remove the pcelsValueDN value from a pcelsSimpleActionAuxClass instance upon attachment of a pcelsValue instance to the same entry.
Top   ToC   RFC4104 - Page 42
   The pcelsSimpleActionAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.14
     NAME 'pcelsSimpleActionAuxClass'
     DESC 'Value assignment action for a policy variable'
     SUP pcimActionAuxClass
     AUXILIARY
     MAY ( pcelsVariableDN
         $ pcelsValueDN )
   )

   In a pcelsSimpleActionAuxClass, the pcelsVariableDN attribute
   represents the association between this simple policy action and its
   policy variable.  It realizes the PolicyVariableInSimplePolicyAction
   association [PCIM_EXT].

   In a pcelsSimpleActionAuxClass, the pcelsValueDN attribute represents
   the association between this simple policy action and its policy
   value.  It realizes the PolicyValueInSimplePolicyAction association
   [PCIM_EXT].

   These attributes are defined in section 5.7.

   Note: An instance of pcelsSimpleActionAuxClass and an instance of
   pcelsSimpleConditionAuxClass MUST NOT be attached to the same entry.
   Because the two classes use the same mechanisms to associate
   Variables and Values, this restriction is necessary in order to avoid
   ambiguities.

5.11. The Auxiliary Class pcelsCompoundActionAuxClass

The pcelsCompoundActionAuxClass class represents a compound policy action formed by the aggregation of other policy actions. It is mapped from the CompoundPolicyCondition class [PCIM_EXT]. The pcelsCompoundActionAuxClass class is an auxiliary object class and it is derived from the pcimActionAuxClass class [PCLS]. The pcelsCompoundActionAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.15 NAME 'pcelsCompoundActionAuxClass' DESC 'Sequence of actions with specific execution strategy' SUP pcimActionAuxClass AUXILIARY MAY ( pcelsActionList $ pcelsSequencedActions $ pcelsExecutionStrategy ) )
Top   ToC   RFC4104 - Page 43
   In a pcelsCompoundActionAuxClass instance, the pcelsActionList
   attribute represents the associations between this policy rule and
   its actions.

   If the pcelsSequencedActions attribute is missing from a
   pcelsCompoundActionAuxClass instance, applications MUST assume that
   the ordered execution of actions in this compound policy action is
   not important (DontCare).

   If the pcelsExecutionStrategy attribute is missing from a
   pcelsCompoundActionAuxClass instance, applications MUST assume that
   all the actions are to be executed (Do all).

   These attribute types are defined in section 5.4.

   Like pcelsRule, instances of pcelsCompoundActionAuxClass use
   pcelsActionList values and subordinated pcelsActionAssociation
   entries to aggregate policy actions.

5.12. The Abstract Class pcelsVariable

The pcelsVariable class is mapped from the PolicyVariable class [PCIM_EXT]. The pcelsVariable is an abstract object class and it is derived directly from the 'top' object class [LDAP_SCHEMA]. A pcelsVariable instance may be associated to a set of pcelsValueAuxClass instances that represent its expected values. The expected values for a variable may be indicated by: (1) pcelsExpectedValueList references to reusable instances of pcelsValueAuxClass, or (2) pcelsExpectedValueList references to subordinated non- reusable instances of pcelsValueAuxClass The pcelsVariable class is defined as follows: ( 1.3.6.1.1.9.1.16 NAME 'pcelsVariable' DESC 'Base class for representing a policy variable' SUP top ABSTRACT MAY ( pcelsVariableName $ pcelsExpectedValueList ) ) The pcelsVariableName attribute type may be used as naming attribute for pcelsVariable entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of
Top   ToC   RFC4104 - Page 44
   caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch
   and a substrings matching rule of caseIgnoreSubstringsMatch
   [LDAP_SYNTAX].  Attributes of this type can only have a single value.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.14
     NAME 'pcelsVariableName'
     DESC 'The user-friendly name of a variable.'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE
   )

   The pcelsExpectedValueList attribute type realizes the
   ExpectedPolicyValuesForVariable association [PCIM_EXT].  This
   attribute type is of syntax DN [LDAP_SYNTAX].  It has an equality
   matching rule of distinguishedNameMatch [LDAP_SYNTAX].  Attributes of
   this type can have multiple values.  The only allowed values for
   pcelsExpectedValueList attributes are DNs of pcelsValueAuxClass
   entries.  In a pcelsVariable, the pcelsExpectedValueList attribute
   represents the associations between this policy variable and its
   expected values.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.15
     NAME 'pcelsExpectedValueList'
     DESC 'Unordered set of DNs of pcelsValueAuxClass entries
           representing expected values for a policy variable'
     EQUALITY distinguishedNameMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
   )

5.13. The Auxiliary Class pcelsExplicitVariableAuxClass

The pcelsExplicitVariableAuxClass class is mapped from the PolicyExplicitVariable class [PCIM_EXT]. The pcelsExplicitVariableAuxClass is an auxiliary object class and it is derived from the pcelsVariable class.
Top   ToC   RFC4104 - Page 45
   The pcelsExplicitVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.17
     NAME 'pcelsExplicitVariableAuxClass'
     DESC 'Explicitly defined policy variable'
     SUP pcelsVariable
     AUXILIARY
     MUST ( pcelsVariableModelClass
          $ pcelsVariableModelProperty )
   )

   The pcelsVariableModelClass attribute type identifies a [CIM] class
   whose property is evaluated or set as a variable.  It is mapped from
   the PolicyExplicitVariable.ModelClass property [PCIM_EXT].  This
   attribute type is of syntax Directory String [LDAP_SYNTAX].  It has
   an equality matching rule of caseIgnoreMatch [LDAP_SYNTAX].
   Attributes of this type can only have a single value.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.16
     NAME 'pcelsVariableModelClass'
     DESC 'Identifies a CIM class'
     EQUALITY caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE
   )

   The pcelsVariableModelProperty attribute type identifies the
   attribute of a [CIM] class, which is evaluated or set as a variable.
   It is mapped from the PolicyExplicitVariable.ModelProperty property
   [PCIM_EXT].  This attribute type is of syntax Directory String
   [LDAP_SYNTAX].  It has an equality matching rule of caseIgnoreMatch
   [LDAP_SYNTAX].  Attributes of this type can only have a single value.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.17
     NAME 'pcelsVariableModelProperty'
     DESC 'Identifies the property of a CIM class.'
     EQUALITY caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE
   )
Top   ToC   RFC4104 - Page 46

5.14. The Auxiliary Class pcelsImplicitVariableAuxClass

The pcelsImplicitVariableAuxClass class is mapped from the PolicyImplicitVariable class [PCIM_EXT]. The pcelsImplicitVariableAuxClass is an auxiliary object class and it is derived from the pcelsVariable class. The pcelsImplicitVariableAuxClass class does not represent actual variables; these are introduced by its subclasses. pcelsImplicitVariableAuxClass introduces the semantics of being an implicitly defined policy variable and these semantics are inherited by all its subclasses. These semantics include those inherited from pcelsVariable that possibly represent either rule-specific or reusable policy variables. In order to preserve the ability to represent rule-specific or reusable variables, all the subclasses of pcelsImplicitVariableAuxClass MUST also be auxiliary classes. The pcelsImplicitVariableAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.18 NAME 'pcelsImplicitVariableAuxClass' DESC 'Implicitly defined policy variable' SUP pcelsVariable AUXILIARY MAY ( pcelsExpectedValueTypes ) ) The pcelsExpectedValueTypes attribute type represents the set of policy value types that may be used with this policy variable. It is mapped from the PolicyImplicitVariable.ValueTypes property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.18 NAME 'pcelsExpectedValueTypes' DESC 'Identifies subclasses of pcelsValueAuxClass by name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Top   ToC   RFC4104 - Page 47

5.15. The Subclasses of pcelsImplicitVariableAuxClass

The following classes are derived from the pcelsImplicitVariableAuxClass class. They are mapped from the corresponding subclasses of the PolicyImplicitVariable class [PCIM_EXT]. All the classes defined below are auxiliary object classes. Each one of the classes defined in this section introduces specific restrictions for the values of the pcelsExpectedValueTypes attribute. If this attribute is missing, applications MUST assume that all allowed value types are expected for the policy variable. Some of these classes have additional restrictions on the actual values of the associated policy value instances (e.g., only integers in the range 0..65535 must be used with a SourcePort variable). The association between a pcelsImplicitVariableAuxClass instance and a pcelsValueAuxClass instance that contains values outside the valid range or set for that variable SHOULD be considered invalid. The entry that realizes such association SHOULD be treated as invalid and the policy rules or groups that refer to it SHOULD be treated as being disabled, meaning that the execution of such policy rules or groups SHOULD be stopped. The pcelsSourceIPv4VariableAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.19 NAME 'pcelsSourceIPv4VariableAuxClass' DESC 'Source IP v4 address' SUP pcelsImplicitVariableAuxClass AUXILIARY ) In a pcelsSourceIPv4VariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsIPv4AddrValueAuxClass'. The pcelsSourceIPv6VariableAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.20 NAME 'pcelsSourceIPv6VariableAuxClass' DESC 'Source IP v6 address' SUP pcelsImplicitVariableAuxClass AUXILIARY )
Top   ToC   RFC4104 - Page 48
   In a pcelsSourceIPv6VariableAuxClass instance, the only allowed value
   for the pcelsExpectedValueTypes attribute is
   'pcelsIPv6AddrValueAuxClass'.

   The pcelsDestinationIPv4VariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.21
     NAME 'pcelsDestinationIPv4VariableAuxClass'
     DESC 'Destination IP v4 address'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsDestinationIPv4VariableAuxClass instance, the only allowed
   value for the pcelsExpectedValueTypes attribute is
   'pcelsIPv4AddrValueAuxClass'.

   The pcelsDestinationIPv6VariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.22
     NAME 'pcelsDestinationIPv6VariableAuxClass'
     DESC 'Destination IP v6 address'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsDestinationIPv6VariableAuxClass instance, the only allowed
   value for the pcelsExpectedValueTypes attribute is
   'pcelsIPv6AddrValueAuxClass'.

   The pcelsSourcePortVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.23
     NAME 'pcelsSourcePortVariableAuxClass'
     DESC 'Source port'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsSourcePortVariableAuxClass instance, the only allowed value
   for the pcelsExpectedValueTypes attribute is
   'pcelsIntegerValueAuxClass'.  Additionally, only policy values that
   represent integers in the range 0..65535 (inclusive) SHOULD be used
   with pcelsSourcePortVariableAuxClass instances.
Top   ToC   RFC4104 - Page 49
   The pcelsDestinationPortVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.24
     NAME 'pcelsDestinationPortVariableAuxClass'
     DESC 'Destination port'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsDestinationPortVariableAuxClass instance, the only allowed
   value for the pcelsExpectedValueTypes attribute is
   'pcelsIntegerValueAuxClass'.  Additionally, only policy values that
   represent integers in the range 0..65535 (inclusive) SHOULD be used
   with pcelsDestinationPortVariableAuxClass instances.

   The pcelsIPProtocolVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.25
     NAME 'pcelsIPProtocolVariableAuxClass'
     DESC 'IP protocol number'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsIPProtocolVariableAuxClass instance, the only allowed value
   for the pcelsExpectedValueTypes attribute is
   'pcelsIntegerValueAuxClass'.  Additionally, only policy values that
   represent integers in the range 0..255 (inclusive) SHOULD be used
   with pcelsIPProtocolVariableAuxClass instances.

   The pcelsIPVersionVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.26
     NAME 'pcelsIPVersionVariableAuxClass'
     DESC 'IP version number'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsIPVersionVariableAuxClass instance, the only allowed value
   for the pcelsExpectedValueTypes attribute is
   'pcelsIntegerValueAuxClass'.  Additionally, only policy values that
   represent integers in the range 0..15 (inclusive) SHOULD be used with
   pcelsIPVersionVariableAuxClass instances.
Top   ToC   RFC4104 - Page 50
   The pcelsIPToSVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.27
     NAME 'pcelsIPToSVariableAuxClass'
     DESC 'IP ToS octet'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsIPToSVariableAuxClass instance, the only allowed values for
   the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass'
   and 'pcelsBitStringValueAuxClass'.  Additionally, only policy values
   that represent integers in the range 0..255 (inclusive) or 8-bit
   bitStrings SHOULD be used with pcelsIPToSVariableAuxClass instances.

   The pcelsDSCPVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.28
     NAME 'pcelsDSCPVariableAuxClass'
     DESC 'DiffServ code point'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsDSCPVariableAuxClass instance, the only allowed values for
   the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass'
   and 'pcelsBitStringValueAuxClass'.  Additionally, only policy values
   that represent integers in the range 0..63 (inclusive) or 6-bit
   bitStrings SHOULD be used with pcelsDSCPVariableAuxClass instances.

   The pcelsFlowIdVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.29
     NAME 'pcelsFlowIdVariableAuxClass'
     DESC 'Flow Identifier'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsFlowIdVariableAuxClass instance, the only allowed values
   for the pcelsExpectedValueTypes attribute are
   'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
   Additionally, only policy values that represent integers in the range
   0..1048575 (inclusive) or 20-bit bitStrings SHOULD be used with
   pcelsFlowIdVariableAuxClass instances.
Top   ToC   RFC4104 - Page 51
   The pcelsSourceMACVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.30
     NAME 'pcelsSourceMACVariableAuxClass'
     DESC 'Source MAC address'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsSourceMACVariableAuxClass instance, the only allowed value
   for the pcelsExpectedValueTypes attribute is
   'pcelsMACAddrValueAuxClass'.

   The pcelsDestinationMACVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.31
     NAME 'pcelsDestinationMACVariableAuxClass'
     DESC 'Destination MAC address'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsDestinationMACVariableAuxClass instance, the only allowed
   value for the pcelsExpectedValueTypes attribute is
   'pcelsMACAddrValueAuxClass'.

   The pcelsVLANVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.32
     NAME 'pcelsVLANVariableAuxClass'
     DESC 'VLAN'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsVLANVariableAuxClass instance, the only allowed values for
   the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass'
   and 'pcelsBitStringValueAuxClass'.  Additionally, only policy values
   that represent integers in the range 0..4095 (inclusive) or 12-bit
   bitStrings SHOULD be used with pcelsVLANVariableAuxClass instances.
Top   ToC   RFC4104 - Page 52
   The pcelsCoSVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.33
     NAME 'pcelsCoSVariableAuxClass'
     DESC 'Class of service'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsCoSVariableAuxClass instance, the only allowed values for
   the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass'
   and 'pcelsBitStringValueAuxClass'.  Additionally, only policy values
   that represent integers in the range 0..7 (inclusive) or 3-bit
   bitStrings SHOULD be used with pcelsCoSVariableAuxClass instances.

   The pcelsEthertypeVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.34
     NAME 'pcelsEthertypeVariableAuxClass'
     DESC 'Ethertype'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsEthertypeVariableAuxClass instance, the only allowed values
   for the pcelsExpectedValueTypes attribute are
   'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
   Additionally, only policy values that represent integers in the range
   0..65535 (inclusive) or 16-bit bitStrings SHOULD be used with
   pcelsEthertypeVariableAuxClass instances.

   The pcelsSourceSAPVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.35
     NAME 'pcelsSourceSAPVariableAuxClass'
     DESC 'Source SAP'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsSourceSAPVariableAuxClass instance, the only allowed values
   for the pcelsExpectedValueTypes attribute are
   'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
   Additionally, only policy values that represent integers in the range
   0..255 (inclusive) or 8-bit bitStrings SHOULD be used with
   pcelsSourceSAPVariableAuxClass instances.
Top   ToC   RFC4104 - Page 53
   The pcelsDestinationSAPVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.36
     NAME 'pcelsDestinationSAPVariableAuxClass'
     DESC 'Destination SAP'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsDestinationSAPVariableAuxClass instance, the only allowed
   values for the pcelsExpectedValueTypes attribute are
   'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
   Additionally, only policy values that represent integers in the range
   0..255 (inclusive) or 8-bit bitStrings SHOULD be used with
   pcelsDestinationSAPVariableAuxClass instances.

   The pcelsSNAPOUIVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.37
     NAME 'pcelsSNAPOUIVariableAuxClass'
     DESC 'SNAP OUI'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsSNAPOUIVariableAuxClass instance, the only allowed values
   for the pcelsExpectedValueTypes attribute are
   'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
   Additionally, only policy values that represent integers in the range
   0..16777215 (inclusive) or 24-bit bitStrings SHOULD be used with
   pcelsSNAPOUIVariableAuxClass instances.

   The pcelsSNAPTypeVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.38
     NAME 'pcelsSNAPTypeVariableAuxClass'
     DESC 'SNAP type'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsSNAPTypeVariableAuxClass instance, the only allowed values
   for the pcelsExpectedValueTypes attribute are
   'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
   Additionally, only policy values that represent integers in the range
   0..65535 (inclusive) or 16-bit bitStrings SHOULD be used with
   pcelsSNAPTypeVariableAuxClass instances.
Top   ToC   RFC4104 - Page 54
   The pcelsFlowDirectionVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.39
     NAME 'pcelsFlowDirectionVariableAuxClass'
     DESC 'Flow direction'
     SUP pcelsImplicitVariableAuxClass
     AUXILIARY
   )

   In a pcelsFlowDirectionVariableAuxClass instance, the only allowed
   value for the pcelsExpectedValueTypes attribute is
   'pcelsStringValueAuxClass'.  Additionally, only policy values that
   represent the strings 'IN' and 'OUT' SHOULD be used with
   pcelsFlowDirectionVariableAuxClass instances.

5.16. The Auxiliary Class pcelsValueAuxClass

The pcelsValueAuxClass class is the base class for representing a policy value. It is mapped from the PolicyValue class [PCIM_EXT]. The pcelsValueAuxClass is an auxiliary object class and it is derived directly from the 'top' object class [LDAP_SCHEMA]. The pcelsValueAuxClass class does not represent actual values; these are introduced by its subclasses. pcelsValueAuxClass introduces the semantics of being a policy value that are inherited by all its subclasses. Among these semantics are those of representing either rule-specific or reusable policy values. In order to preserve the ability to represent rule-specific or reusable values, all the subclasses of pcelsValueAuxClass MUST also be auxiliary classes. The pcelsValueAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.40 NAME 'pcelsValueAuxClass' DESC 'Base class for representing a policy value' SUP top AUXILIARY MAY ( pcelsValueName ) ) The pcelsValueName attribute type may be used as naming attribute for pcelsValueAuxClass entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value.
Top   ToC   RFC4104 - Page 55
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.19
     NAME 'pcelsValueName'
     DESC 'The user-friendly name of a value'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE
   )

5.17. The Subclasses of pcelsValueAuxClass

The following classes are derived from the pcelsValueAuxClass class. They are mapped from the corresponding subclasses of the PolicyValue class [PCIM_EXT]. All the classes defined below are auxiliary object classes. The pcelsIPv4AddrValueAuxClass class represents a policy value that provides an unordered set of IPv4 addresses, IPv4 address ranges or hosts. It is mapped from the PolicyIPv4AddrValue class [PCIM_EXT]. The pcelsIPv4AddrValueAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.41 NAME 'pcelsIPv4AddrValueAuxClass' DESC 'Provides IPv4 addresses' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsIPv4AddrList ) ) The pcelsIPv4AddrList attribute type represents an unordered set of IPv4 addresses, IPv4 address ranges or hosts. It is mapped from the PolicyIPv4AddrValue.IPv4AddrList property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are strings conforming to any of the formats defined for the IPv4AddrList property [PCIM_EXT].
Top   ToC   RFC4104 - Page 56
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.20
     NAME 'pcelsIPv4AddrList'
     DESC 'Unordered set of IPv4 addresses, IPv4 address ranges or
           hosts'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   )

   The pcelsIPv6AddrValueAuxClass class represents a policy value that
   provides an unordered set of IPv6 addresses, IPv6 address ranges or
   hosts.  It is mapped from the PolicyIPv6AddrValue class [PCIM_EXT].

   The pcelsIPv6AddrValueAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.42
     NAME 'pcelsIPv6AddrValueAuxClass'
     DESC 'Provides IPv6 addresses'
     SUP pcelsValueAuxClass
     AUXILIARY
     MUST ( pcelsIPv6AddrList )
   )

   The pcelsIPv6AddrList attribute type represents an unordered set of
   IPv6 addresses, IPv6 address ranges or hosts.  It is mapped from the
   PolicyIPv6AddrValue.IPv6AddrList property [PCIM_EXT].  This attribute
   type is of syntax Directory String [LDAP_SYNTAX].  It has an equality
   matching rule of caseIgnoreMatch, an ordering matching rule of
   caseIgnoreOrderingMatch and a substrings matching rule of
   caseIgnoreSubstringsMatch [LDAP_SYNTAX].  Attributes of this type can
   have multiple values.  The only allowed values for attributes of this
   type are strings conforming to any of the formats defined for the
   IPv6AddrList property [PCIM_EXT].

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.21
     NAME 'pcelsIPv6AddrList'
     DESC 'Unordered set of IPv6 addresses, IPv6 address ranges or
           hosts'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   )
Top   ToC   RFC4104 - Page 57
   The pcelsMACAddrValueAuxClass class represents a policy value that
   provides an unordered set of MAC addresses or MAC address ranges.  It
   is mapped from the PolicyMACAddrValue class [PCIM_EXT].

   The pcelsMACAddrValueAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.43
     NAME 'pcelsMACAddrValueAuxClass'
     DESC 'Provides MAC addresses'
     SUP pcelsValueAuxClass
     AUXILIARY
     MUST ( pcelsMACAddrList )
   )

   The pcelsMACAddrList attribute type represents an unordered set of
   MAC addresses or MAC address ranges.  It is mapped from the
   PolicyMACAddrValue.MACAddrList property [PCIM_EXT].  This attribute
   type is of syntax Directory String [LDAP_SYNTAX].  It has an equality
   matching rule of caseIgnoreMatch, an ordering matching rule of
   caseIgnoreOrderingMatch and a substrings matching rule of
   caseIgnoreSubstringsMatch [LDAP_SYNTAX].  Attributes of this type can
   have multiple values.  The only allowed values for attributes of this
   type are strings conforming to any of the formats defined for the
   MACAddrList property [PCIM_EXT].

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.22
     NAME 'pcelsMACAddrList'
     DESC 'Unordered set of MAC addresses or MAC address ranges'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   )

   The pcelsStringValueAuxClass class represents a policy value that
   provides an unordered set of strings with wildcards.  It is mapped
   from the PolicyStringValue class [PCIM_EXT].

   The pcelsStringValueAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.44
     NAME 'pcelsStringValueAuxClass'
     DESC 'Provides string values'
     SUP pcelsValueAuxClass
     AUXILIARY
     MUST ( pcelsStringList )
Top   ToC   RFC4104 - Page 58
   )

   The pcelsStringList attribute type represents an unordered set of
   strings with wildcards.  It is mapped from the
   PolicyStringValue.StringList property [PCIM_EXT].  This attribute
   type is of syntax Directory String [LDAP_SYNTAX].  It has an equality
   matching rule of caseIgnoreMatch, an ordering matching rule of
   caseIgnoreOrderingMatch and a substrings matching rule of
   caseIgnoreSubstringsMatch [LDAP_SYNTAX].  Attributes of this type can
   have multiple values.  The only allowed values for attributes of this
   type are strings conforming to the format defined for the StringList
   property [PCIM_EXT].

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.23
     NAME 'pcelsStringList'
     DESC 'Unordered set of strings with wildcards'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   )

   The pcelsBitStringValueAuxClass class represents a policy value that
   provides an unordered set of bit strings or bit string ranges.  It is
   mapped from the PolicyBitStringValue class [PCIM_EXT].

   The pcelsBitStringValueAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.45
     NAME 'pcelsBitStringValueAuxClass'
     DESC 'Provides bit strings'
     SUP pcelsValueAuxClass
     AUXILIARY
     MUST ( pcelsBitStringList )
   )

   The pcelsBitStringList attribute type represents an unordered set of
   bit strings or bit string ranges.  It is mapped from the
   PolicyBitStringValue.BitStringList property [PCIM_EXT].  This
   attribute type is of syntax Directory String [LDAP_SYNTAX].  It has
   an equality matching rule of caseIgnoreMatch, an ordering matching
   rule of caseIgnoreOrderingMatch and a substrings matching rule of
   caseIgnoreSubstringsMatch [LDAP_SYNTAX].  Attributes of this type can
   have multiple values.  The only allowed values for attributes of this
   type are strings conforming to any of the formats defined for the
   BitStringList property [PCIM_EXT].
Top   ToC   RFC4104 - Page 59
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.24
     NAME 'pcelsBitStringList'
     DESC 'Unordered set of bit strings or bit string ranges'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   )

   The pcelsIntegerValueAuxClass class represents a policy value that
   provides an unordered set of integers or integer ranges.  It is
   mapped from the PolicyIntegerValue class [PCIM_EXT].

   The pcelsIntegerValueAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.46
     NAME 'pcelsIntegerValueAuxClass'
     DESC 'Provides integer values'
     SUP pcelsValueAuxClass
     AUXILIARY
     MUST ( pcelsIntegerList )
   )

   The pcelsIntegerList attribute type represents an unordered set of
   integers or integer ranges.  It is mapped from the
   PolicyIntegerValue.IntegerList property [PCIM_EXT].  This attribute
   type is of syntax Directory String [LDAP_SYNTAX].  It has an equality
   matching rule of caseIgnoreMatch, an ordering matching rule of
   caseIgnoreOrderingMatch and a substrings matching rule of
   caseIgnoreSubstringsMatch [LDAP_SYNTAX].  Attributes of this type can
   have multiple values.  The only allowed values for attributes of this
   type are strings conforming to the format defined for the IntegerList
   property [PCIM_EXT].

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.25
     NAME 'pcelsIntegerList'
     DESC 'Unordered set of integers or integer ranges'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   )
Top   ToC   RFC4104 - Page 60
   The pcelsBooleanValueAuxClass class represents a policy value that
   provides a boolean.  It is mapped from the PolicyIntegerValue class
   [PCIM_EXT].

   The pcelsBooleanValueAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.47
     NAME 'pcelsBooleanValueAuxClass'
     DESC 'Provides a boolean value.'
     SUP pcelsValueAuxClass
     AUXILIARY
     MUST ( pcelsBoolean )
   )

   The pcelsBoolean attribute type represents a boolean.  It is mapped
   from the PolicyBooleanValue.BooleanValue property [PCIM_EXT].  This
   attribute type is of syntax Boolean [LDAP_SYNTAX].  It has an
   equality matching rule of booleanMatch [LDAP_MATCH].  Attributes of
   this type can only have a single value.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.26
     NAME 'pcelsBoolean'
     DESC 'Boolean value'
     EQUALITY booleanMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
     SINGLE-VALUE
   )



(page 60 continued on part 4)

Next Section