[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Exceptions on hrac interfaces
Hi,
Attached is a set of idl with exceptions.
Carol
//File: DfResourceAccessDecision.idl
//
#ifndef _DF_RESOURCE_ACCESS_DECISION_IDL_
#define _DF_RESOURCE_ACCESS_DECISION_IDL_
#include "NamingAuthority.idl"
#include "Security.idl"
#pragma prefix "omg.org"
module DfResourceAccessDecision {
//*********************************************************
// Basic Types
//*********************************************************
typedef sequence<boolean> BooleanList;
typedef Security::AttributeList AttributeList;
interface DynamicAttributeService;
interface DecisionCombinator;
interface PolicyEvaluator;
interface PolicyEvaluatorLocator;
interface PolicyEvaluatorLocatorAdmin;
interface PolicyEvaluatorAdmin;
// Definition of error_code and reason values is implementation decision
struct ExceptionData {
short error_code;
string reason;
};
enum RadInternalErrorType {RadFatal, RadNotFatal};
// The RadInternalError exception should be reserved for internal logic
// errors and should NOT be used as a reason code for rejecting a request.
// ADO clients should not be exposed to the security reason for not allowing
// access. Indicating RadFatal means that the ADO client should discontinue
// using the ADO.
exception RadInternalError{RadInternalErrorType ed;};
// The RadComponentError exception should be thrown by non-administrative
// interfaces to indicate a problem that should cause the ADO to return false
// to its client or to throw a RadInternalError if the system cannot
// continue to partially function without this component. For non-fatal
// errors, the ADO might log the error_code and reason and return false.
// Compenents could also log these error conditions.
exception RadComponentError{ExceptionData ed; RadInternalErrorType it;};
// The following exceptions are thrown by the administrative interfaces
// to indicate error situations
exception RadPatternDuplicate {ExceptionData ed;};
exception RadPatternConflict {ExceptionData ed;};
exception RadPatternNotRegistered {ExceptionData ed;};
exception RadPatternInUse {ExceptionData ed;};
exception RadInputFormatError {ExceptionData ed;};
exception RadResourceNameNotFound {ExceptionData ed;};
exception RadPolicyNameNotFound {ExceptionData ed;};
exception RadInvalidPolicy {ExceptionData ed;};
exception RadDuplicateEvaluatorName {ExceptionData ed;};
//*********************************************************
// Types that identify a secured resource
//*********************************************************
struct ResourceNameComponent {
string name_string;
string value_string;
};
typedef sequence<ResourceNameComponent> ResourceNameComponentList;
typedef NamingAuthority::AuthorityIdStr ResourceNamingAuthority;
struct ResourceName {
ResourceNamingAuthority resource_naming_authority;
ResourceNameComponentList resource_name_component_list;
};
typedef ResourceName ResourceNamePattern;
typedef string Operation;
typedef sequence<Operation> OperationList;
//****************************************************
// Types associated with evaluating Access Policy
//****************************************************
typedef string PolicyName;
typedef sequence<PolicyName> PolicyNameList;
const PolicyName NO_ACCESS_POLICY = "NO_ACCESS_POLICY";
struct NamedPolicyEvaluator {
string evaluator_name;
PolicyEvaluator policy_evaluator;
};
typedef sequence<NamedPolicyEvaluator> PolicyEvaluatorList;
struct PolicyDecisionEvaluators {
PolicyEvaluatorList policy_evaluator_list;
DecisionCombinator decision_combinator;
};
//****************************************************
// Types used to request an Access Decision
//****************************************************
struct AccessDefinition {
ResourceName resource_name;
Operation operation;
};
typedef sequence<AccessDefinition> AccessDefinitionList;
enum DecisionResult {ACCESS_DECISION_ALLOWED,
ACCESS_DECISION_NOT_ALLOWED,
ACCESS_DECISION_UNKNOWN
};
typedef sequence<DecisionResult> DecisionResultList;
//****************************************************
// interface AccessDecision
//****************************************************
interface AccessDecision {
boolean access_allowed(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list
)
raises (RadInternalError
);
BooleanList multiple_access_allowed(
in AccessDefinitionList access_requests,
in AttributeList attribute_list
)
raises (RadInternalError
);
};
//******************************************************
// interface AccessDecisionAdmin
//******************************************************
interface AccessDecisionAdmin {
attribute PolicyEvaluatorLocator policy_evaluator_locator;
attribute DynamicAttributeService dynamic_attribute_service;
};
//******************************************************
// interface DynamicAttributeService
//******************************************************
interface DynamicAttributeService {
AttributeList get_dynamic_attributes(
in AttributeList attribute_list,
in ResourceName resource_name,
in Operation operation
)
raises (RadComponentError);
};
//******************************************************
// interface PolicyEvaluatorLocator
//******************************************************
interface PolicyEvaluatorLocator {
readonly attribute PolicyEvaluatorLocatorAdmin pel_admin;
PolicyDecisionEvaluators get_policy_decision_evaluators(
in ResourceName resource_name
)
raises (RadComponentError);
};
//*******************************************************
// interface PolicyEvaluatorLocatorAdmin
//*******************************************************
interface PolicyEvaluatorLocatorAdmin {
void register_resource_name_pattern(
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternDuplicate,
RadPatternConflict);
void unregister_resource_name_pattern(
in ResourceNamePattern pattern
)
raises (RadInputFormatError, RadPatternNotRegistered, RadPatternInUse);
PolicyEvaluatorList get_policy_evaluators(
in ResourceNamePattern pattern
)
raises (RadInputFormatError, RadPatternNotRegistered);
void set_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered,
RadDuplicateEvaluatorName);
PolicyEvaluatorList set_default_evaluators(
in PolicyEvaluatorList policy_evaluator_list
)
raises (RadDuplicateEvaluatorName);
void add_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered,
RadDuplicateEvaluatorName);
void delete_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered,
RadDuplicateEvaluatorName);
DecisionCombinator get_combinator (
in ResourceNamePattern pattern
)
raises (RadInputFormatError, RadPatternNotRegistered);
void set_combinator (
in DecisionCombinator decision_combinator,
in ResourceNamePattern pattern
)
raises (RadInputFormatError, RadPatternNotRegistered);
void delete_combinator (
in ResourceNamePattern pattern
)
raises (RadInputFormatError, RadPatternNotRegistered);
DecisionCombinator get_default_combinator ();
void set_default_combinator(
in DecisionCombinator decision_combinator
);
};
//******************************************************
// interface PolicyEvalutator
//******************************************************
interface PolicyEvaluator {
readonly attribute PolicyEvaluatorAdmin pe_admin;
DecisionResult evaluate(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list
)
raises (RadComponentError);
};
//*******************************************************
// interface PolicyEvaluatorAdmin
//*******************************************************
interface PolicyEvaluatorAdmin {
void set_policies(
in PolicyNameList policy_name,
in ResourceName resource_name
)
raises (RadInputFormatError, RadInvalidPolicy);
void add_policies(
in PolicyNameList policy_name,
in ResourceName resource_name
)
raises (RadInputFormatError, RadInvalidPolicy);
void delete_policies(
in PolicyNameList policy_name,
in ResourceName resource_name
)
raises (RadInputFormatError, RadResourceNameNotFound, RadPolicyNameNotFound);
PolicyNameList list_policies();
PolicyName set_default_policy(
in PolicyName policy_name
)
raises (RadInvalidPolicy);
};
//********************************************************
// interface DecisionCombinator
//********************************************************
interface DecisionCombinator{
boolean combine_decisions(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list,
in PolicyEvaluatorList policy_evaluator_list
)
raises (RadComponentError);
};
};
#endif // DfResourceAccessDecision
_________________________________________________________
Carol Burt 2AB, Inc.
cburt@2ab.com Integration Architects
205-621-7455 www.2ab.com
Member, OMG Architecture Board OMG Domain Member
-- integrating yesterday's systems with today's technology --