[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New draft of spec & idl
Hi,
Not finished, but the new idl is there and the exceptions I had as of this
morning plus a couple of corrections to yesterdays work. In addition, the
model picture has been updated to reflect the new flow and some wording
changed throughout the document.
Carol
revised_submission.doc
//File: DfResourceAccessDecision.idl
//
#ifndef _DF_RESOURCE_ACCESS_DECISION_IDL_
#define _DF_RESOURCE_ACCESS_DECISION_IDL_
#include "NamingAuthority.idl"
#include "Security.idl"
#pragma prefix "omg.org"
module DfResourceAccessDecision {
//*********************************************************
// Basic Types
//*********************************************************
typedef sequence<boolean> BooleanList;
typedef Security::AttributeList AttributeList;
interface DynamicAttributeService;
interface DecisionCombinator;
interface PolicyEvaluator;
interface PolicyEvaluatorLocator;
interface PolicyEvaluatorLocatorAdmin;
interface PolicyEvaluatorAdmin;
//*********************************************************
// Types that identify a secured resource
//*********************************************************
struct ResourceNameComponent {
string name_string;
string value_string;
};
typedef sequence<ResourceNameComponent> ResourceNameComponentList;
typedef NamingAuthority::AuthorityIdStr ResourceNamingAuthority;
struct ResourceName {
ResourceNamingAuthority resource_naming_authority;
ResourceNameComponentList resource_name_component_list;
};
typedef ResourceName ResourceNamePattern;
typedef string Operation;
typedef sequence<Operation> OperationList;
//****************************************************
// Types associated with evaluating Access Policy
//****************************************************
typedef string PolicyName;
typedef sequence<PolicyName> PolicyNameList;
const PolicyName NO_ACCESS_POLICY = "NO_ACCESS_POLICY";
struct NamedPolicyEvaluator {
string evaluator_name;
PolicyEvaluator policy_evaluator;
};
typedef sequence<NamedPolicyEvaluator> PolicyEvaluatorList;
struct PolicyDecisionEvaluators {
PolicyEvaluatorList policy_evaluator_list;
DecisionCombinator decision_combinator;
};
//****************************************************
// Types used to request an Access Decision
//****************************************************
struct AccessDefinition {
ResourceName resource_name;
Operation operation;
};
typedef sequence<AccessDefinition> AccessDefinitionList;
enum DecisionResult {ACCESS_DECISION_ALLOWED,
ACCESS_DECISION_NOT_ALLOWED,
ACCESS_DECISION_UNKNOWN
};
//********************************************************
//* Exception Data types
//********************************************************
struct ExceptionData {
short error_code;
string reason;
};
enum RadInternalErrorType {RadFatal, RadNotFatal};
//*********************************************************
// Exception thrown by the Access Decision Object
//*********************************************************
exception RadInternalError{RadInternalErrorType ed;};
//*********************************************************
// Exception thrown by Internal non-admin interfaces
//*********************************************************
exception RadComponentError{
ExceptionData ed;
RadInternalErrorType it;
};
//*********************************************************
// Exceptions thrown by Admin Interfaces
//*********************************************************
exception RadPatternDuplicate {ExceptionData ed;};
exception RadPatternConflict {ExceptionData ed;};
exception RadPatternNotRegistered {ExceptionData ed;};
exception RadPatternInUse {ExceptionData ed;};
exception RadInputFormatError {ExceptionData ed;};
exception RadResourceNameNotFound {ExceptionData ed;};
exception RadNoAssociation {ExceptionData ed;};
exception RadInvalidPolicy {ExceptionData ed;};
exception RadDuplicateEvaluatorName {ExceptionData ed;};
//****************************************************
// interface AccessDecision
//****************************************************
interface AccessDecision {
boolean access_allowed(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list
)
raises (RadInternalError);
BooleanList multiple_access_allowed(
in AccessDefinitionList access_requests,
in AttributeList attribute_list
)
raises (RadInternalError);
};
//******************************************************
// interface DynamicAttributeService
//******************************************************
interface DynamicAttributeService {
AttributeList get_dynamic_attributes(
in AttributeList attribute_list,
in ResourceName resource_name,
in Operation operation
)
raises (RadComponentError);
};
//******************************************************
// interface PolicyEvaluatorLocator
//******************************************************
interface PolicyEvaluatorLocator {
readonly attribute PolicyEvaluatorLocatorAdmin pel_admin;
PolicyDecisionEvaluators get_policy_decision_evaluators(
in ResourceName resource_name
)
raises (RadComponentError);
};
//********************************************************
// interface DecisionCombinator
//********************************************************
interface DecisionCombinator{
boolean combine_decisions(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list,
in PolicyEvaluatorList policy_evaluator_list
)
raises (RadComponentError);
};
//******************************************************
// interface PolicyEvaluator
//******************************************************
interface PolicyEvaluator {
readonly attribute PolicyEvaluatorAdmin pe_admin;
DecisionResult evaluate(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list
)
raises (RadComponentError);
};
//******************************************************
//
// Management Interfaces
//
//******************************************************
// interface AccessDecisionAdmin
//******************************************************
interface AccessDecisionAdmin {
attribute PolicyEvaluatorLocator policy_evaluator_locator;
attribute DynamicAttributeService dynamic_attribute_service;
};
//*******************************************************
// interface PolicyEvaluatorLocatorAdmin
//*******************************************************
interface PolicyEvaluatorLocatorAdmin {
void register_resource_name_pattern(
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternDuplicate,
RadPatternConflict);
void unregister_resource_name_pattern(
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered,
RadPatternInUse);
PolicyEvaluatorList get_policy_evaluators(
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered);
void set_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered,
RadDuplicateEvaluatorName);
PolicyEvaluatorList set_default_evaluators(
in PolicyEvaluatorList policy_evaluator_list
)
raises (RadDuplicateEvaluatorName);
void add_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered,
RadDuplicateEvaluatorName);
void delete_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered,
RadDuplicateEvaluatorName);
DecisionCombinator get_combinator (
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered);
void set_combinator (
in DecisionCombinator decision_combinator,
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered);
void delete_combinator (
in ResourceNamePattern pattern
)
raises (RadInputFormatError,
RadPatternNotRegistered);
DecisionCombinator get_default_combinator ();
void set_default_combinator(
in DecisionCombinator decision_combinator
);
};
//*******************************************************
// interface PolicyEvaluatorAdmin
//*******************************************************
interface PolicyEvaluatorAdmin {
void set_policies(
in PolicyNameList policy_name,
in ResourceName resource_name
)
raises (RadInputFormatError,
RadResourceNameNotFound,
RadInvalidPolicy);
void add_policies(
in PolicyNameList policy_name,
in ResourceName resource_name
)
raises (RadInputFormatError,
RadResourceNameNotFound,
RadInvalidPolicy);
void delete_policies(
in PolicyNameList policy_name,
in ResourceName resource_name
)
raises (RadInputFormatError,
RadNoAssociation);
PolicyNameList list_policies();
PolicyName set_default_policy(
in PolicyName policy_name
)
raises (RadInvalidPolicy);
};
};
#endif // DfResourceAccessDecision
_________________________________________________________
Carol Burt 2AB, Inc.
cburt@2ab.com Integration Architects
205-621-7455 www.2ab.com
Member, OMG Architecture Board OMG Domain Member
-- integrating yesterday's systems with today's technology --