[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New IDL for HRAC

To: hrac-rfp@cs.fiu.edu
Subject: New IDL for HRAC
From: Carol Burt <cburt@2ab.com>
Date: Mon, 22 Feb 1999 06:36:54 -0600
Cc: Bob Burt <bburt@2ab.com>
Sender: owner-hrac-rfp@cs.fiu.edu

Hi,

Attached is the IDL from the Austin submitter meeting.  This will be
incorporated into the submissions and Exceptions will be proposed for
discussion before the conference call tomorrow afternoon.

Carol

//File: DfResourceAccessDecision.idl 
// 

#ifndef _DF_RESOURCE_ACCESS_DECISION_IDL_ 
#define _DF_RESOURCE_ACCESS_DECISION_IDL_ 

#include "NamingAuthority.idl"
#include "Security.idl"

#pragma prefix "omg.org"

module DfResourceAccessDecision {

//*********************************************************
//         Basic Types 
//*********************************************************

typedef sequence<boolean> BooleanList;

typedef Security::AttributeList AttributeList;

interface DynamicAttributeService;
interface DecisionCombinator;
interface PolicyEvaluator;
interface PolicyEvaluatorLocator;
interface PolicyEvaluatorLocatorAdmin;
interface PolicyEvaluatorAdmin;

exception RadInternalError{};

//*********************************************************
//   Types that identify a secured resource
//*********************************************************

struct ResourceNameComponent {
	string  	name_string;
	string		value_string;
};
typedef sequence<ResourceNameComponent> ResourceNameComponentList;	

typedef NamingAuthority::AuthorityIdStr ResourceNamingAuthority;

struct ResourceName {
	ResourceNamingAuthority resource_naming_authority;
	ResourceNameComponentList resource_name_component_list;
};

typedef ResourceName ResourceNamePattern;

typedef string Operation;	
typedef sequence<Operation> OperationList;

//****************************************************
//   Types associated with evaluating Access Policy
//****************************************************
typedef string	PolicyName;
typedef sequence<PolicyName> PolicyNameList;

const PolicyName NO_ACCESS_POLICY = "NO_ACCESS_POLICY";

struct NamedPolicyEvaluator {
		string				evaluator_name;
		PolicyEvaluator	policy_evaluator;
};
typedef sequence<NamedPolicyEvaluator> PolicyEvaluatorList;

struct PolicyDecisionEvaluators {
	PolicyEvaluatorList	policy_evaluator_list;
	DecisionCombinator	decision_combinator;
};

//****************************************************
//      Types used to request an Access Decision
//****************************************************

struct AccessDefinition {
	ResourceName	resource_name;
	Operation		operation;
};
typedef sequence<AccessDefinition> AccessDefinitionList;

enum DecisionResult {ACCESS_DECISION_ALLOWED, 
					 ACCESS_DECISION_NOT_ALLOWED, 
					 ACCESS_DECISION_UNKNOWN
};

typedef sequence<DecisionResult> DecisionResultList;


//****************************************************
//     interface AccessDecision
//****************************************************

interface AccessDecision {
	 
	boolean access_allowed(
		in ResourceName		resource_name,
		in	Operation		operation,
		in  AttributeList	attribute_list
	) 
	raises (RadInternalError
	);

	BooleanList multiple_access_allowed(
		in  AccessDefinitionList  access_requests,
		in  AttributeList         attribute_list
	);

};

//******************************************************
//     interface AccessDecisionAdmin
//******************************************************
interface AccessDecisionAdmin {
		attribute PolicyEvaluatorLocator policy_evaluator_locator;
		attribute DynamicAttributeService dynamic_attribute_service;
};

//******************************************************
//     interface DynamicAttributeService
//******************************************************

interface DynamicAttributeService {

	AttributeList get_dynamic_attributes(
		in	AttributeList   attribute_list,
		in	ResourceName	resource_name,
		in  Operation			operation
	);
};

//******************************************************
//     interface PolicyEvaluatorLocator
//******************************************************

interface PolicyEvaluatorLocator {

	readonly attribute PolicyEvaluatorLocatorAdmin pel_admin;

	PolicyDecisionEvaluators get_policy_decision_evaluators(
		in	ResourceName    resource_name
	);

};


//*******************************************************
//     interface PolicyEvaluatorLocatorAdmin
//*******************************************************

interface PolicyEvaluatorLocatorAdmin {

	void register_resource_name_pattern(
		in  ResourceNamePattern pattern
	);

	void unregister_resource_name_pattern(
		in  ResourceNamePattern pattern
	);

	PolicyEvaluatorList get_policy_evaluators(
		in	ResourceNamePattern pattern
	);

	void set_evaluators (
		in	PolicyEvaluatorList policy_evaluator_list,
		in  ResourceNamePattern pattern
	);

	PolicyEvaluatorList set_default_evaluators( 
		in	PolicyEvaluatorList policy_evaluator_list
	);

	void add_evaluators (
		in	PolicyEvaluatorList policy_evaluator_list,
		in	ResourceNamePattern pattern
	);

	void delete_evaluators (
		in	PolicyEvaluatorList policy_evaluator_list,
		in  ResourceNamePattern pattern
	);

	DecisionCombinator get_combinator (
		in  ResourceNamePattern pattern
	);

	void set_combinator (
		in  DecisionCombinator decision_combinator,
		in  ResourceNamePattern pattern
	);

	void delete_combinator (
		in  ResourceNamePattern pattern
	);

	DecisionCombinator get_default_combinator ();

	void set_default_combinator(
		in	DecisionCombinator decision_combinator
	);


};

//******************************************************
//     interface PolicyEvalutator
//******************************************************

interface PolicyEvaluator {

	readonly attribute PolicyEvaluatorAdmin pe_admin;

	DecisionResult evaluate(
		in  ResourceName	resource_name,
		in	Operation			operation,
		in  AttributeList	attribute_list
	);


};


//*******************************************************
//     interface PolicyEvaluatorAdmin
//*******************************************************

interface PolicyEvaluatorAdmin {

	void	set_policies(
		in	PolicyNameList	policy_name,
		in	ResourceName resource_name
	);

	void	add_policies(
		in	PolicyNameList  policy_name,
		in	ResourceName resource_name
	);

	void	delete_policies(
		in  PolicyNameList  policy_name,
		in	ResourceName resource_name
	);

	PolicyNameList	list_policies();

	PolicyName	set_default_policy(
		in	PolicyName	policy_name
	);
};


//********************************************************
//     interface DecisionCombinator
//********************************************************
 
interface DecisionCombinator{

	boolean combine_decisions(
		in  ResourceName		resource_name,
		in	Operation				operation,
		in  AttributeList		attribute_list,
		in  PolicyEvaluatorList policy_evaluator_list
	);
};

	
};

#endif  // DfResourceAccessDecision


_________________________________________________________
Carol Burt                                             2AB, Inc.
cburt@2ab.com                                     Integration Architects
205-621-7455                                        www.2ab.com
Member, OMG Architecture Board          OMG Domain Member

   --  integrating yesterday's systems with today's technology --

Prev by Date: UML models of HRAC
Next by Date: HRAC tomorrow conference call information
Prev by thread: UML models of HRAC
Next by thread: HRAC tomorrow conference call information
Index(es):
- Date
- Thread