Re: ideas about the decision interface

[Konstantin Beznosov <beznosov@baptisthealth.net>]

-- BEGIN included message

• To: Konstantin Beznosov <beznosov@baptisthealth.net>
• Subject: Re: ideas about the decision interface
• From: Carol Burt <cburt@2ab.com>
• Date: Tue, 14 Jul 1998 12:55:24 -0500
• In-Reply-To: <ML-3.3.900094674.2197.beznosov@longs>

Hi,

Sorry the delay in comment... zoo here as well ;-)

At first glance... a couple of comments

>   typedef SecurityLevel2::Opaque Resource;

This effectively says every implementation can make up it's own rules about
the structure of a Resource Identifier... so if I write a server to use
this, I have to know what ADO is going to be used in an enterprise... no
way.  This is the same issue that a Naming Service has... we must at least
provide enough structure that implementations are substitutable.  I would
suggest some sort of sequence of string (or struct) that could be built
into hierarchies --- each application would then have a standard way to
provide Resources and sub-resource identifiers.   It wouldn't matter whose
HRAC you purchased --- they would have to use this structured identifier.
We should look at the NamingAuthority pattern already standardized by
CORBAMed... it provides a standard way to go from structured to stringified
versions of names.

I question whether access decision methods should throw exceptions at
all... an audit log should have this info... but not the client... seems it
should be a binary decision.

Carol

>//File: DfAccessDecision.idl
>//
>// **********************************************************************
>// This file format is supposed to be according to the 
>//"OMG IDL Style Guide" doc #ab/98-06-03
>// **********************************************************************
>// 
>#ifndef _DF_ACCESS_DECISION_IDL_
>#define _DF_ACCESS_DECISION_IDL_
>
>#include <SecurityLevel2.idl>
>
>#pragma prefix "omg.org"
>
>module DfAccessDecision
>{
>   // Define Operation
>   typedef short Operation;
>   const Operation CREATE	= 0;
>   const Operation READ		= 1;
>   const Operation WRITE	= 2;
>   const Operation USE		= 3;
>   const Operation DELETE  = 4;
>   
>   typedef short OperationErrorCode;
>   
>   // The operation is none of the defined above
>   const OperationErrorCode BAD_OPERATION                = 0;
>   
>   // The operation is valid but is not supported by the facility
>   const OperationErrorCode UNSUPPORTED_OPERATION        = 1;
>   
>   exception OperationError { OperationErrorCode reason;};
>   
>   // Define Resource
>   typedef SecurityLevel2::Opaque Resource;
>
>   typedef short ResourceErrorCode;
>   
>   // The facility does not have any decision rule about this resource
>   const ResourceErrorCode UNSUPPORTED_RESOURCE          = 0;
>   
>   exception ResourceError { ResourceErrorCode reason; };
>   
>   // Auxilary structures for obtained authorization decisions on
>   // multiple actions
>   struct ResourceOperationPair {
>      Resource resource,
>      Operation operation
>   };
>   
>   typedef sequence<ResourceOperationPair> ResourceOperationList;
>   
>   enum ActionErrorSource {
>      Resource,
>      Operation,
>      ResourceAndOperation
>   };
>   
>   struct ResourceOperationExceptionInformation {
>      ResourceOperationPair action_info,
>      // shows what error code below to check
>      ActionErrorSource error_source, 
>      short resource_error_code,
>      short operation_error_code
>   };
>   
>   typedef sequence<ResourceOperationExceptionInformation> ErrorList;
>   
>   exception MultipleActionsError { ErrorList reasons; };
>   
>   struct ResourceOperationDecision {
>      ResourceOperationPair action_info,
>      boolean action_decision
>   };
>   
>   typedef sequence<ResourceOperationDecision> ActionDecisionList;
>   
>         
>   interface Decision
>   {

>		boolean access_allowed(
>		   in SecurityLevel2::CredentialsList cred_list,
>         in Resource resource, 
>		   in Operation operation, 
>		)
>		raises (ResourceError, OperationError); //CredentialsError ?
>      
>      ActionDecisionList multiple_actions_access_allowed(
>         in SecurityLevel2::CredentialsList cred_list,
>         in ResourceOperationList
>      )raises (MultipleActionsError);
>      
>   };
>};
>#endif //_DF_ACCESS_DECISION_IDL_
> 
_________________________________________________________
Carol Burt                                             2AB, Inc.
cburt@2ab.com                                     Integration Architects
205-621-7455                                        www.2ab.com
Member, OMG Architecture Board          OMG Domain Member

   --  integrating yesterday's systems with today's technology --

-- END included message