DMAcc 云解决方案提供商DMAcc CSP

DMAcc 配置服务提供商允许 OMA 设备管理 (DM) 版本 1.2 服务器处理 OMA DM 帐户对象。The DMAcc configuration service provider allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects. 服务器可以使用此配置服务提供程序添加新帐户或管理现有帐户,包括使用w7 应用程序配置服务提供程序启动的帐户The server can use this configuration service provider to add a new account or to manage an existing account, including an account that was bootstrapped by using the w7 APPLICATION configuration service provider

注意 此配置服务提供程序要求从网络配置应用程序访问 ID_CAP_CSP_FOUNDATION 和 ID_CAP_DEVICE_MANAGEMENT_ADMIN 功能。Note This configuration service provider requires the ID_CAP_CSP_FOUNDATION and ID_CAP_DEVICE_MANAGEMENT_ADMIN capabilities to be accessed from a network configuration application.

对于 DMAcc CSP,除非节点已存在,否则不能使用"替换"命令。For the DMAcc CSP, you cannot use the Replace command unless the node already exists.

下面以树格式显示 OMA 设备管理版本 1.2 使用的 DMAcc 配置服务提供程序管理对象。The following shows the DMAcc configuration service provider management object in tree format as used by OMA Device Management version 1.2. 此配置服务提供商不支持 OMA 客户端预配协议。The OMA Client Provisioning protocol is not supported by this configuration service provider.

./SyncML
DMAcc
----*
--------AppID
--------ServerID
--------Name
--------PrefConRef
--------AppAddr
------------*
----------------Addr
----------------AddrType
----------------Port
--------------------*
------------------------PortNbr
--------AAuthPref
--------AppAuth
------------*
----------------AAuthLevel
----------------AAuthType
----------------AAuthName
----------------AAuthSecret
----------------AAuthData
--------Ext
------------Microsoft
----------------Role
----------------ProtoVer
----------------DefaultEncoding
----------------UseHwDevID
----------------ConnRetryFreq
----------------InitialBackOffTime
----------------MaxBackOffTime
----------------BackCompatRetryDisabled
----------------UseNonceResync
----------------CRLCheck
----------------DisableOnRoaming
----------------SSLCLIENTCERTSEARCHCRITERIA

DMAccDMAcc
必需。Required. 定义使用 OMA DM 版本 1.2 协议的所有 OMA DM 服务器帐户的根节点。Defines the root node of all OMA DM server accounts that use the OMA DM version 1.2 protocol.

AccountUIDAccountUID
可选。Optional. 定义使用 OMA DM 版本 1.2 协议的 OMA DM 服务器帐户的唯一标识符。Defines the unique identifier for an OMA DM server account that uses the OMA DM version 1.2 protocol.

对于 w7 应用程序配置服务提供程序 引导的帐户,此元素由 OMA DM 客户端分配一个唯一的名称。For a w7 APPLICATION configuration service provider bootstrapped account, this element is assigned a unique name by the OMA DM Client. 唯一名称是提供程序 ID 的 256 位 SHA-2 哈希的十六进制表示形式。The unique name is the hexadecimal representation of the 256-bit SHA-2 hash of the provider ID. OMA DM 服务器可以在后续 OMA DM 会话中更改此节点名称。The OMA DM server can change this node name in subsequent OMA DM sessions.

*AccountUID*/AppID*AccountUID*/AppID
必需。Required. 指定 OMA DM 帐户的应用程序标识符。Specifies the application identifier for the OMA DM account.

此值必须设置为"w7"。This value must be set to "w7".

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

*AccountUID*/ServerID*AccountUID*/ServerID
必需。Required. 指定 OMA DM 服务器当前 OMA DM 帐户的唯一标识符。Specifies the OMA DM server's unique identifier for the current OMA DM account. 此值区分大小写。This value is case-sensitive.

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

*AccountUID*/Name*AccountUID*/Name
可选。Optional. 指定显示名称的组。Specifies the display name of the application.

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

*AccountUID*/PrefConRef*AccountUID*/PrefConRef
可选。Optional. 指定 OMA DM 帐户的首选连接。Specifies the preferred connectivity for the OMA DM account.

此元素包含 NAP 管理对象的 URI 或连接管理器使用的连接 GUID。This element contains either a URI to a NAP management object or a connection GUID used by Connection Manager. 如果缺少此元素,设备将使用连接管理器提供的默认连接。If this element is missing, the device uses the default connection that is provided by Connection Manager.

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

*AccountUID*/AppAddr*AccountUID*/AppAddr
DM 服务器地址的内部节点。Interior node for DM server address.

必需。Required.

AppAddr/ ObjectNameAppAddr/ObjectName
必需。Required. 定义 OMA DM 服务器地址。Defines the OMA DM server address. 只能配置一个服务器地址。Only one server address can be configured.

w7 APPLICATION 配置服务提供程序映射到 DMAcc 配置服务提供程序时,此元素的名称为"1"。When mapping the w7 APPLICATION configuration service provider to the DMAcc Configuration Service Provider, the name of this element is "1". 这是 w7 应用程序配置服务提供程序中遇到的第一个 DM 地址,其他 DM 帐户将被忽略。This is the first DM address encountered in the w7 APPLICATION configuration service provider, other DM accounts are ignored.

*ObjectName*/Addr*ObjectName*/Addr
必需。Required. 指定 OMA DM 帐户的地址。Specifies the address of the OMA DM account. 存储的地址类型由 AddrType 元素指定。The type of address stored is specified by the AddrType element.

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

*ObjectName*/AddrType*ObjectName*/AddrType
必需。Required. 指定 Addr 节点值的格式和解释。Specifies the format and interpretation of the Addr node value. 默认值为"URI"。The default is "URI".

默认值"URI"指定 Addr 中的 OMA DM 帐户地址为 URI 地址。The default value of "URI" specifies that the OMA DM account address in Addr is a URI address. 值"IPv4"指定 Addr 中的 OMA DM 帐户地址是 IP 地址。A value of "IPv4" specifies that the OMA DM account address in Addr is an IP address.

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

*ObjectName*/Port*ObjectName*/Port
端口信息的内部节点。Interior node for port information.

可选。Optional.

端口/ ObjectNamePort/ObjectName
必需。Required. 只能配置一个端口号。Only one port number can be configured.

w7 APPLICATION 配置服务提供程序映射到 DMAcc 配置服务提供程序时,此元素的名称为"1"。When mapping the w7 APPLICATION configuration service provider to the DMAcc Configuration Service Provider, the name of this element is "1".

*ObjectName*/PortNbr*ObjectName*/PortNbr
必需。Required. 指定 OMA MD 帐户地址的端口号。Specifies the port number of the OMA MD account address. 这必须是一个适合 16 位无符号整数范围的十进制数。This must be a decimal number that fits within the range of a 16-bit unsigned integer.

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

*AccountUID*/AAuthPref*AccountUID*/AAuthPref
可选。Optional. 指定应用程序身份验证首选项。Specifies the application authentication preference.

值"BASIC"指定客户端尝试基本身份验证。A value of "BASIC" specifies that the client attempts BASIC authentication. 值"DIGEST"指定客户端尝试 MD5 身份验证。A value of "DIGEST' specifies that the client attempts MD5 authentication.

如果此值为空,客户端将尝试使用在上一个会话中协商的身份验证机制(如果存在)。If this value is empty, the client attempts to use the authentication mechanism negotiated in the previous session if one exists. 如果值为空,不存在以前的会话,并且存在 MD5 凭据,客户端将首先尝试 MD5 授权。If the value is empty, no previous session exists, and MD5 credentials exist, clients try MD5 authorization first. 如果不满足条件,则客户端将首先尝试基本授权。If the criteria are not met then the client tries BASIC authorization first.

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

*AccountUID*/AppAuth*AccountUID*/AppAuth
可选。Optional. 定义身份验证设置。Defines authentication settings.

AppAuth/ ObjectNameAppAuth/ObjectName
必需。Required. 定义一组身份验证设置。Defines one set of authentication settings.

w7 应用程序 配置服务提供程序映射到 DMAcc 配置服务提供程序时,此元素的名称与 AAuthLevel 值的名称相同 ("CLRED"或"SRVCRED") 。When mapping the w7 APPLICATION configuration service provider to the DMAcc Configuration Service Provider, the name of this element is same name as the AAuthLevel value ("CLRED" or "SRVCRED").

*ObjectName*/AAuthlevel*ObjectName*/AAuthlevel
必需。Required. 指定应用程序身份验证级别。Specifies the application authentication level.

值"CLCRED"指示凭据客户端将在 OMA DM 协议级别向 OMA DM 服务器验证自身。A value of "CLCRED" indicates that the credentials client will authenticate itself to the OMA DM server at the OMA DM protocol level. 值"SRVCRED"指示凭据服务器将在 OMA DM 协议级别向 OMA DM 客户端验证自身。A value of "SRVCRED" indicates that the credentials server will authenticate itself to the OMA DM Client at the OMA DM protocol level.

值类型为字符串。Value type is string. 支持的操作包括添加和替换。Supported operations are Add and Replace.

*ObjectName*/AAuthType*ObjectName*/AAuthType
必需。Required. 指定身份验证类型。Specifies the authentication type.

如果 AAuthlevel 是"CLCRED",则支持的值是"BASIC"和"DIGEST"。If the AAuthlevel is "CLCRED", the supported values are "BASIC" and "DIGEST". 如果 AAuthlevel 是"SRVCRED",则支持的值是"DIGEST"。If the AAuthlevel is "SRVCRED", the supported value is "DIGEST".

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

*ObjectName*/AAuthName*ObjectName*/AAuthName
可选。Optional. 指定身份验证名称。Specifies the authentication name.

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

*ObjectName*/AAuthSecret*ObjectName*/AAuthSecret
可选。Optional. 指定用于身份验证的密码或密码。Specifies the password or secret used for authentication.

值类型为字符串。Value type is string. 支持的操作包括添加和替换。Supported operations are Add and Replace.

*ObjectName*/AAuthData*ObjectName*/AAuthData
可选。Optional. 指定下一个用于身份验证的 nonce。Specifies the next nonce used for authentication.

"Nonce"指一次使用一个数。"Nonce" refers to a number used once. 它通常是身份验证协议颁发的随机或伪随机数,以确保旧通信不能在重复攻击中重复使用。It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in repeat attacks.

值类型为二进制。Value type is binary. 支持的操作包括添加和替换。Supported operations are Add and Replace.

*AccountUID*/Ext*AccountUID*/Ext
必需。Required. 定义一组扩展参数。Defines a set of extended parameters.

此元素包含有关 OMA DM 帐户的供应商特定信息,并且会在创建 OMA DM 帐户时自动创建。This element holds vendor-specific information about the OMA DM account and is created automatically when the OMA DM account is created.

Ext/MicrosoftExt/Microsoft
必需。Required. 定义一组特定于 Microsoft 的扩展参数。Defines a set of Microsoft-specific extended parameters.

创建 OMA DM 帐户时,将自动创建此元素。This element is created automatically when the OMA DM account is created.

Microsoft/BackCompatRetryDisabledMicrosoft/BackCompatRetryDisabled
可选。Optional. 指定是否重试重新发送包含较旧协议版本 (例如,1.1) 在后续尝试的 SyncHdr (不包括第一次) 。Specifies whether to retry resending a package with an older protocol version (for example, 1.1) in the SyncHdr on subsequent attempts (not including the first time). 默认值为"FALSE"。The default is "FALSE".

“FALSE”的默认值指示启用后向兼容重试。The default value of "FALSE" indicates that backward-compatible retries are enabled. “TRUE”的值指示禁用后向兼容重试。A value of "TRUE" indicates that backward-compatible retries are disabled.

值类型为 bool。Value type is bool. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

Microsoft/ConnRetryFreqMicrosoft/ConnRetryFreq
可选。Optional. 指定 DM 客户端在出现连接管理器级别或 wininet 级别错误时执行的重试次数。Specifies the number of retries the DM client performs when there are Connection Manager level or wininet level errors.

默认值为 3。The default value is 3.

值类型为整数。Value type is integer. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

Microsoft/DefaultEncodingMicrosoft/DefaultEncoding
可选。Optional. 指定 OMA DM 客户端在与服务器通信时是否将 WBXML 或 XML 用于 DM 程序包。Specifies whether the OMA DM client will use WBXML or XML for the DM package when communicating with the server. 默认值为"application/vnd.syncml.dm+xml"。The default is "application/vnd.syncml.dm+xml".

"application/vnd.syncml.dm+xml"的默认值指定使用 XML。The default value of "application/vnd.syncml.dm+xml" specifies that XML is used. 值"application/vnd.syncml.dm+wbxml"指定使用 WBXML。A value of "application/vnd.syncml.dm+wbxml" specifies that WBXML is used.

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

Microsoft/InitialBackOffTimeMicrosoft/InitialBackOffTime
可选。Optional. 指定 OMA DM 客户端首次重试时的初始等待时间(以毫秒为单位)。Specifies the initial wait time in milliseconds when the OMA DM client retries for the first time. 等待时间呈指数级增长。The wait time grows exponentially.

默认值为 16000。The default value is 16000.

值类型为整数。Value type is integer. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

Microsoft/MaxBackOffTimeMicrosoft/MaxBackOffTime
可选。Optional. 此节点指定尝试连接重试之前要等待的最大毫秒数。This node specifies the maximum number of milliseconds to wait before attempting a connection retry.

默认值为 86400000。The default value is 86400000.

值类型为整数。Value type is integer. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

Microsoft/ProtoVerMicrosoft/ProtoVer
可选。Optional. 指定服务器支持的 OMA DM 协议版本。Specifies the OMA DM Protocol version that the server supports. 没有默认值。There is no default value.

有效值为"1.1"和"1.2"。Valid values are "1.1" and "1.2". 此元素设置的协议版本将匹配 DM 客户端报告给程序包 1 中 SyncHdr 中的服务器的协议版本。The protocol version set by this element will match the protocol version that the DM client reports to the server in SyncHdr in package 1. 如果在添加 DM 服务器帐户时未指定此元素,则使用客户端支持的最新 DM 协议版本。If this element is not specified when adding a DM server account, the latest DM protocol version that the client supports is used. Windows 10 客户端支持版本 1.2。Windows 10 clients support version 1.2.

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

Microsoft/RoleMicrosoft/Role
必需。Required. 指定 OMA DM 会话与服务器通信时运行的角色掩码。Specifies the role mask that the OMA DM session runs with when it communicates with the server.

如果此参数不存在,则为 DM 会话提供服务器创建的 OMA DM 会话的角色掩码。If this parameter is not present, the DM session is given the role mask of the OMA DM session that the server created. 以下列表显示了有效的安全角色掩码及其值。The following list shows the valid security role masks and their values.

  • 4 = SECROLE_OPERATOR4 = SECROLE_OPERATOR

  • 8 = SECROLE_MANAGER8 = SECROLE_MANAGER

  • 16 = SECROLE_USER_AUTH16 = SECROLE_USER_AUTH

  • 128 = SECROLE_OPERATOR_TPS128 = SECROLE_OPERATOR_TPS

此节点可接受的访问角色不能超过分配给 DMAcc 对象的角色。The acceptable access roles for this node cannot be more than the roles assigned to the DMAcc object.

值类型为整数。Value type is integer. 支持的操作包括 Get 和 Replace。Supported operations are Get and Replace.

Microsoft/UseHWDevIDMicrosoft/UseHWDevID
可选。Optional. 指定是否使用 DM 帐户中的 ./DevInfo/DevID 元素的硬件 ID 来标识设备。Specifies whether to use the hardware ID for the ./DevInfo/DevID element in the DM account to identify the device. 默认值为"FALSE"。The default is "FALSE".

默认值"FALSE"指定为 ./DevInfo/DevID 而不是硬件设备 ID 返回特定于应用程序的 GUID。The default value of "FALSE" specifies that an application-specific GUID is returned for the ./DevInfo/DevID rather than the hardware device ID.

值为"TRUE",指定将为发送到服务器的 OMA DM 包的 ./DevInfo/DevID 元素和 Source LocURI 提供硬件设备 ID。A value is "TRUE" specifies that the hardware device ID will be provided for the ./DevInfo/DevID element and the Source LocURI for the OMA DM package that is sent to the server. 在这种情况下:In this case:

  • 对于 GSM 电话,将返回 IMEI。For GSM phones, the IMEI is returned.

  • 对于 CDMA 电话,将返回 MEID。For CDMA phones, the MEID is returned.

  • 对于双 SIM 卡手机,此值从主数据线路的 UICC 检索。For dual SIM phones, this value is retrieved from the UICC of the primary data line.

值类型为 bool。Value type is bool. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

Microsoft/UseNonceResyncMicrosoft/UseNonceResync
可选。Optional. 指定当服务器触发通知未通过身份验证时,OMA DM 客户端是否应该使用 nonce 重新同步过程。Specifies whether the OMA DM client should use the nonce resynchronization procedure if the server trigger notification fails authentication. 默认值为"FALSE"。The default is "FALSE".

如果身份验证失败,因为服务器 nonce 与设备上存储的服务器 nonce 不匹配,则设备可以将备份 nonce 用作服务器 nonce。If the authentication fails because the server nonce does not match the server nonce that is stored on the device, then the device can use the backup nonce as the server nonce. 若要使此过程成功,如果设备没有使用预配置的 nonce 值进行身份验证,则服务器在发送已签名的服务器通知邮件时必须使用备份 nonce。For this procedure to be successful, if the device did not authenticate with the preconfigured nonce value, the server must then use the backup nonce when sending the signed server notification message.

默认值"FALSE"指定如果对存储 nonce 的身份验证失败,客户端不会尝试通过备份服务器 nonce 对通知进行身份验证。The default value of "FALSE" specifies that the client does not try to authenticate the notification with the backup server nonce if authentication to the stored nonce fails. 值"TRUE"指定在身份验证失败后收到备份服务器 nonce 时,客户端启动 DM 会话。A value of "TRUE" specifies that the client initiates a DM session if the backup server nonce is received after authentication failed.

值类型为 bool。Value type is bool. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

CRLCheckCRLCheck
可选。Optional. 允许连接到 DM 服务器以检查证书吊销列表 (CRL)。Allows connection to the DM server to check the Certificate Revocation List (CRL). 设置为 true 以启用 SSL 吊销。Set to true to enable SSL revocation.

值类型为 bool。Value type is bool. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

DisableOnRoamingDisableOnRoaming
可选。Optional. 确定是否应在漫游时启动 OMA DM 客户端。Determines whether the OMA DM client should be launched when roaming.

值类型为 bool。Value type is bool. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

SSLCLIENTCERTSEARCHCRITERIASSLCLIENTCERTSEARCHCRITERIA
可选。Optional. SSLCLIENTCERTSEARCHCRITERIA 参数用于指定客户端证书搜索条件。The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certificate search criteria. 此参数支持按主题属性和证书存储进行搜索。This parameter supports search by subject attribute and certificate stores. 如果提供了任何其他条件,则忽略该条件。If any other criteria are provided, it is ignored.

字符串是名称/值对的串联,该名称/值对的每个成员由"&"分隔。The string is a concatenation of name/value pairs, each member of the pair delimited by the "&" character. 名称和值由"="字符分隔。The name and values are delimited by the "=" character. 如果有多个值,则每个值由 Unicode 字符"U+F000"分隔。If there are multiple values, each value is delimited by the Unicode character "U+F000". 如果名称或值包含未在 RFC2396 (中指定的"未保留") ,则根据 RFC 对这些字符进行 URI 转义。If the name or value contains characters not in the UNRESERVED set (as specified in RFC2396), then those characters are URI-escaped per the RFC.

受支持的名称为 Subject 和 Stores;不支持通配符证书搜索。The supported names are Subject and Stores; wildcard certificate search is not supported.

存储指定 DM 客户端将搜索哪些证书存储以查找 SSL 客户端证书。Stores specifies which certificate stores the DM client will search to find the SSL client certificate. 有效存储值为 My%5CUser。The valid store value is My%5CUser. 存储名称不区分大小写。The store name is not case sensitive.

注意 %EF%80%80 是 UTF8 编码字符 U+F000。Note %EF%80%80 is the UTF8-encoded character U+F000.

Subject 指定要搜索的证书。Subject specifies the certificate to search for. 例如,若要指定需要具有特定 Subject 属性的证书 ( CN=Tester,O=Microsoft") ,请使用以下内容:For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:

<parm name="SSLCLIENTCERTSEARCHCRITERIA" 
   value="Subject=CN%3DTester,O%3DMicrosoft&amp;Stores=My%5CUser" />

值类型为字符串。Value type is string. 支持的操作包括添加、获取和替换。Supported operations are Add, Get, and Replace.

InitiateSessionInitiateSession
可选。Optional. 添加此节点时,会话会从 MDM 服务器启动。When this node is added, a session is started with the MDM server.

支持的操作包括"添加"和"替换"。Supported operations are Add, and Replace.

配置服务提供程序参考Configuration service provider reference