[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
HRAC IDL
Hi,
Enjoy. You may have to modify the CORBA 1.2 Security IDL. I had to
comment out some of the newer stuff in 1.2 to get it thru the Orbix
compiler... remember 1.2 is assuming some orb stuff that may not be in
product yet. But this compiles both with Orbix 2.3a (C++) and OrbixWeb 3.0
Carol
//File: DfResourceAccessControl.idl
//
#ifndef _DF_RESOURCE_ACCESS_CONTROL_IDL_
#define _DF_RESOURCE_ACCESS_CONTROL_IDL_
#include <orb.idl>
#include "Security.idl"
#pragma prefix "omg.org"
module DfResourceAccessControl {
//*********************************************************
// Basic Types
//*********************************************************
typedef sequence<boolean> BooleanList;
typedef Security::AttributeList AttributeList;
interface DecisionCombinator;
interface PolicyEvaluator;
interface PolicyEvaluatorLocatorAdmin;
interface PolicyEvaluatorAdmin;
//*********************************************************
// Types that identify a secured resource
//*********************************************************
struct ResourceNameComponent {
string name_string;
string value_string;
};
typedef sequence<ResourceNameComponent> ResourceName;
typedef sequence<string> OperationList;
//****************************************************
// Types associated with evaluating Access Policy
//****************************************************
typedef string PolicyName;
typedef sequence<PolicyName> PolicyNameList;
//const PolicyName NO_ACCESS_POLICY = "NO_ACCESS_POLICY";
typedef sequence<PolicyEvaluator> PolicyEvaluatorList;
struct PolicyDecisionEvaluators {
PolicyEvaluatorList policy_evaluator_list;
DecisionCombinator decision_combinator;
};
//****************************************************
// Types used to request an Access Decision
//****************************************************
struct AccessDefinition {
ResourceName resource_name;
string operation;
};
typedef sequence<AccessDefinition> AccessDefinitionList;
enum DecisionResult {ACCESS_DECISION_ALLOWED,
ACCESS_DECISION_NOT_ALLOWED,
ACCESS_DECISION_UNKNOWN
};
typedef sequence<DecisionResult> DecisionResultList;
//****************************************************
// interface AccessDecision
//****************************************************
interface AccessDecision {
boolean access_allowed(
in ResourceName resource_name,
in string operation,
in AttributeList attribute_list
);
BooleanList multiple_access_allowed(
in AccessDefinitionList access_requests,
in AttributeList attribute_list
);
};
//******************************************************
// interface DynamicAttributeService
//******************************************************
interface DynamicAttributeService {
AttributeList get_dynamic_attributes(
in AttributeList attribute_list,
in ResourceName resource_name,
in string operation
);
};
//******************************************************
// interface PolicyEvaluatorLocator
//******************************************************
interface PolicyEvaluatorLocator {
readonly attribute PolicyEvaluatorLocatorAdmin policy_evaluator_locator_admin;
PolicyDecisionEvaluators get_policy_decision_evaluators(
in ResourceName resource_name
);
};
//*******************************************************
// interface PolicyEvaluatorLocatorAdmin
//*******************************************************
interface PolicyEvaluatorLocatorAdmin {
void add_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceName resource_name
);
void replace_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceName resource_name
);
void set_default_evaluators(
in PolicyEvaluatorList policy_evaluator_list
);
void apply_combinator (
in DecisionCombinator decision_combinator,
in ResourceName resource_name
);
void set_default_combinator(
in DecisionCombinator decision_combinator
);
};
//******************************************************
// interface PolicyEvalutator
//******************************************************
interface PolicyEvaluator {
readonly attribute PolicyEvaluatorAdmin policy_evaluator_admin;
DecisionResult evaluate(
in ResourceName resource_name,
in string operation,
in AttributeList attribute_list
);
DecisionResultList multiple_evaluate(
in AccessDefinitionList access_requests,
in AttributeList attribute_list
);
};
//*******************************************************
// interface PolicyEvalutatorAdmin
//*******************************************************
interface PolicyEvaluatorAdmin {
void replace_policy(
in PolicyName policy_name,
in ResourceName resource_name
);
void add_policy(
in PolicyName policy_name,
in ResourceName resource_name
);
PolicyNameList list_policy();
void set_default_policy(
in PolicyName policy_name
);
};
//********************************************************
// interface DecisionCombinator
//********************************************************
interface DecisionCombinator{
boolean combine_decisions(
in DecisionResultList decision_result_list
);
};
};
#endif // DfResourceAccessControl
_________________________________________________________
Carol Burt 2AB, Inc.
cburt@2ab.com Integration Architects
205-621-7455 www.2ab.com
Member, OMG Architecture Board OMG Domain Member
-- integrating yesterday's systems with today's technology --
- Follow-Ups:
- Re: HRAC IDL
- From: Konstantin Beznosov <beznosov@baptisthealth.net>