HP Visualize c160L HP-UX DMI 2.0 Developer's Guide: HP-UX/HP 9000 Computers, - Page 51

Management Interface Concepts MI Security MI Security DMI does not provide primitives to own or lock resources over a sequence of commands. Multiple management applications may make simultaneous accesses to the interfaces. Grouping and scheduling of operations, other than the synchronization provided by the DMI SP, are the responsibility of the management application. Likewise, any desire for mutual exclusion to lock out certain accesses or to provide DMI database security in any form is the responsibility of the management application. The HP-UX implementation of DMI 2.0 stresses the need to protect attribute values. The attribute names do not require protection as they do not provide useful information. There are three levels of security for the HP-UX implementation of DMI 2.0. These are: • Group-level security provided by the component developer. • Machine list protection; • User name check on HP-UX clients; These levels are described in the following sections. Group-Level Security For detailed information on group-level security, see Group-Level Security in the Component Interface Concepts chapter. Intel recommends this type of security and it must be enforced by the component instrumentation developer. Access to protected attribute values requires a Security Token. Group level security requires that the Component Instrumentation developer and the management application developer agree on a Security Token. HP provides a library with a Security Token-generating procedure and a Security Token validation procedure. Additionally, HP provides a library to management application writers that wish to retrieve protected attributes from HP's implementation of the Unix Standard Groups Definition. This library also has the Security Token generating procedure. Chapter 7 51