Cisco System Model: Classpki:Ep

Overview

Naming

Diagram

Containers

Contained

Inheritance

Events

Faults

FSMs

Properties Summary

Properties Detail

Class pki:Ep (CONCRETE)

Class ID:1478
Class Label: Public Key Management
Encrypted: false - Exportable: true - Persistent: true - Configurable: true - Subject to Quota: Disabled
Write Access: [aaa, admin]
Read Access: [aaa, admin]
Creatable/Deletable: no (see Container Mos for details)
Semantic Scope: Fabric
Semantic Scope Evaluation Rule: Parent
Monitoring Policy Source: Parent
Monitoring Flags : [ IsObservable: false, HasStats: false, HasFaults: false, HasHealth: false, HasEventRules: false ]

The PKI configuration, which includes key rings and certificate authority (CA) credentials. Components of the PKI are used to establish secure communications between two devices.

Naming Rules
RN FORMAT: pkiext [1] PREFIX=pkiext DN FORMAT: [1] uni/userext/pkiext

Diagram
Super Mo: pki:Definition, Container Mos: aaa:UserEp (deletable:no), Contained Mos: pki:CsyncPolicy, pki:CsyncSharedKey, pki:DebugPluginChallenge, pki:KeyRing, pki:TP, pki:TbkKey, pki:WebTokenData, Relations From: fabric:SecRelnHolder, Relations: pki:RtResPkiEp,

Containers Hierarchies

top:Root This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.

├

fabric:Topology The root for IFC topology.

├

fabric:Pod A pod.

├

fabric:Node The root node for the APIC.

├

ctx:Local The local Context.

├

ctx:Application The context application.

├

pol:Uni Represents policy definition/resolution universe.

├

aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control

├

pki:Ep The PKI configuration, which includes key rings and certificate authority (CA) credentials. Components of the PKI are used to establish secure communications between two devices.

top:Root This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.

├

pol:Uni Represents policy definition/resolution universe.

├

aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control

├

pki:Ep The PKI configuration, which includes key rings and certificate authority (CA) credentials. Components of the PKI are used to establish secure communications between two devices.

Contained Hierarchy

pki:Ep The PKI configuration, which includes key rings and certificate authority (CA) credentials. Components of the PKI are used to establish secure communications between two devices.

├

fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.

├

pki:CsyncPolicy Used to control csync timeout and enable/disable.

├

├

pki:CsyncElement The file pattern, the type of pattern (include or exclude), and the symbolic name of the pattern.

├

├

pki:CsyncSharedKey Used to distribute the key to all IFC nodes.

├

├

pki:DebugPluginChallenge The debug plugin challenge.

├

├

pki:KeyRing A keyring to create and hold an SSL certificate. The SSL certificate contains the public RSA key and signed identity information of a PKI device. The PKI device holds a pair of RSA encryption keys, one kept private and one made public, stored in an internal key ring. The keyring certificate merges into the PKI device keyring to create a trusted relationship.

├

├

pki:CertReq A request sent to a certificate authority (CA or trustpoint) requesting that the CA affirm the identity of the requester and issue a digital certificate verifying that the requestor is the owner of the presented public key.

├

pki:RtKeyRing

├

pki:RtKeyringRef

├

pki:RtResPkiEp A target relation to the PKI configuration.

├

pki:TP A trustpoint (certificate authority/CA), which issues and validates (signs) digital certificates. When participating in secure communications using the public key infrastructure (PKI), a participant can verify the identity of the other party through the CA that signed the other party's public key.

├

├

pki:TbkKey

├

├

pki:WebTokenData The cryptographic data used for generating and verifying web tokens.

├

├

pki:RtWebtokenRel A target relation to cryptographic data used for generating and verifying web tokens.

Inheritance

naming:NamedObject An abstract base class for an object that contains a name.

├

pol:Obj Represents a generic policy object.

├

pol:Def Represents self-contained policy document.

├

pki:Definition This is an abstract class and cannot be instantiated.

├

pki:Ep The PKI configuration, which includes key rings and certificate authority (CA) credentials. Components of the PKI are used to establish secure communications between two devices.

Events
pki:Ep:creation__pki_Ep pki:Ep:modification__pki_Ep pki:Ep:deletion__pki_Ep

Faults

Fsms

Properties Summary

Defined in: pki:Definition
naming:Name string:Basic	name (pki:Definition:name) Overrides:pol:Obj:name \| naming:NamedObject:name

Defined in: pol:Def
naming:Descr string:Basic	descr (pol:Def:descr) Specifies a description of the policy definition.
naming:Descr string:Basic	ownerKey (pol:Def:ownerKey) The key for enabling clients to own their data for entity correlation.
naming:Descr string:Basic	ownerTag (pol:Def:ownerTag) A tag for enabling clients to add their own data. For example, to indicate who created this object.

Defined in: naming:NamedObject
naming:NameAlias string:Basic	nameAlias (naming:NamedObject:nameAlias) NO COMMENTS

Defined in: mo:Resolvable
mo:Owner scalar:Enum8	lcOwn (mo:Resolvable:lcOwn) A value that indicates how this object was created. For internal use only.

Defined in: mo:TopProps
mo:ModificationChildAction scalar:Bitmask32	childAction (mo:TopProps:childAction) Delete or ignore. For internal use only.
reference:BinRef	dn (mo:TopProps:dn) A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
reference:BinRN	rn (mo:TopProps:rn) Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.
mo:ModificationStatus scalar:Bitmask32	status (mo:TopProps:status) The upgrade status. This property is for internal use only.

Defined in: mo:Modifiable
mo:TStamp scalar:Date	modTs (mo:Modifiable:modTs) The time when this object was last modified.

Defined in: mo:Ownable
scalar:Uint16	uid (mo:Ownable:uid) A unique identifier for this object.

Properties Detail

childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction

Comments:

Delete or ignore. For internal use only.

Constants
deleteAll	16384u	deleteAll	NO COMMENTS
ignore	4096u	ignore	NO COMMENTS
deleteNonPresent	8192u	deleteNonPresent	NO COMMENTS
DEFAULT	0	---	This type is used to

descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+

Comments:

Specifies a description of the policy definition.

dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn

Comments:

A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.

lcOwn

Type: mo:Owner
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

Comments:

A value that indicates how this object was created. For internal use only.

Constants
local	0	Local	NO COMMENTS
policy	1	Policy	NO COMMENTS
replica	2	Replica	NO COMMENTS
resolveOnBehalf	3	ResolvedOnBehalf	NO COMMENTS
implicit	4	Implicit	NO COMMENTS
DEFAULT	local(0)	Local	NO COMMENTS

modTs

Type: mo:TStamp
Primitive Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

Comments:

The time when this object was last modified.

Constants
never	0ull	never	NO COMMENTS
DEFAULT	never(0ull)	never	NO COMMENTS

name

Type: naming:Name
Primitive Type: string:Basic

Overrides:pol:Obj:name  |  naming:NamedObject:name

Units: null
Encrypted: false
Access: create
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.:-]+

Comments:

nameAlias

Type: naming:NameAlias
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "63"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.-]+

Comments:

NO COMMENTS

ownerKey

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+

Comments:

The key for enabling clients to own their data for entity correlation.

ownerTag

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+

Comments:

A tag for enabling clients to add their own data. For example, to indicate who created this object.

rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn

Comments:

Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.

status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus

Comments:

The upgrade status. This property is for internal use only.

Constants
created	2u	created	In a setter method: specifies that an object should be created. An error is returned if the object already exists. In the return value of a setter method: indicates that an object has been created.
modified	4u	modified	In a setter method: specifies that an object should be modified In the return value of a setter method: indicates that an object has been modified.
deleted	8u	deleted	In a setter method: specifies that an object should be deleted. In the return value of a setter method: indicates that an object has been deleted.
DEFAULT	0	---	This type controls the life cycle of objects passed in the XML API. When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed. In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed. When invoking a setter method, the ModificationStatus is optional: If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.

uid

Type: scalar:Uint16

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

Comments:

A unique identifier for this object.

Overview

Naming

Diagram

Containers

Contained

Inheritance

Events

Faults

FSMs

Properties Summary

Properties Detail