[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pre|post-conditions and corresponding exceptions
Hi,
Please find attached one of my action items -- pre|post-conditions for HRAC
operations and the corresponding exceptions. Each operation in the attached
IDL (austin-99 version) is prefaced with the operation description (from
initial HRAC submission text) and pre|post-conditions. Also, all exceptions
have a short descriptions. Some data type also have definition of what values
of this data type items are invalid because most of the exceptions a raised
when a corresponding datum has invalid value. A UML diagram of exception data
types is attached too.
Konstantin
//## Module: DfResourceAccessDecision
//## Source file: S:\HRAC_submission\model\DfResourceAccessDecision.idl
#ifndef DfResourceAccessDecision_idl
#define DfResourceAccessDecision_idl
#include "NamingAuthority.idl"
#include "Security.idl"
#pragma prefix "omg.org"
// ==================================================================
module DfResourceAccessDecision
{
interface AccessDecisionAdmin;
//## BooleanList Documentation:
// A sequence of boolean used as a return value when
// multiple decisions are requested. This type is used
// as a return value in the multiple_access_allowed()
// method of the AccessDecision interface.
typedef sequence<boolean> BooleanList;
//## AttributeList Documentation:
// The Security::AttributeList is defined as follows
// in CORBA Security 1.2 (ptc/98-01-02). The Attribute
// List is provided as an input parameter by the
// "application" client when a request for an access
// decision is made. The AttributeList used for access
// decisions may be modified to include dynamic
// attributes by use of the get_dynamic_attributes()
// method of the DynamicAttributeService interface.
// As a convenience to the reader, the structure of a
// Security::AttributeList is replicated
// below.
typedef Security::AttributeList AttributeList;
//## PolicyName Documentation:
// A PolicyName is a string used to identify an access
// policy for a secured resource. This type is only
// used in the PolicyEvalutorAdmin interface. It is
// used as an input parameter to the replace_policy(),
// add_policy(), and set_default_policy() methods of
// the PolicyEvaluatorAdmin interface. PolicyNames are
// assigned by the administrative interface of the
// policy engine and
// cannot be modified or controlled by the HRAC. There
// is one standard PolicyName of "NO_ACCESS_POLICY".
// See the PolicyEvaluatorAdmin interface for usage.
// A datum element of this type is invalid if it is
// empty.
typedef string PolicyName;
//## PolicyNameList Documentation:
// A PolicyNameList is a sequence of PolicyNames. It
// is returned from the list_policy() method of the
// PolicyEvaluatorAdmin interface.
// A datum element of this type is invalid if it is
// empty or any of its sub-elements is invalid.
typedef sequence<PolicyName> PolicyNameList;
const PolicyName NO_ACCESS_POLICY = "NO_ACCESS_POLICY";
//## DecisionResult Documentation:
// DecisionResult is an enum with three possible
// values. This type is used as a result in access
// decisions where access policy is applied. This is
// the type returned from the evaluate() method of the
// PolicyEvaluator.
enum DecisionResult
{ACCESS_DECISION_ALLOWED, ACCESS_DECISION_NOT_ALLOWED, ACCESS_DECISION_UNKNOWN};
//## DecisionResultList Documentation:
// DecisionResultList is a sequence of DecisionResult.
// This is the type returned from the multiple_
// evaluate() method of the PolicyEvaluator and is the
// type provided as an input parameter
// to the combine_decisions() method of the Decision
// Combinator.
typedef sequence<DecisionResult> DecisionResultList;
//## ResourceNamingAuthority Documentation:
// A datum element of type ResourceNamingAuthority is
// invalid if it is empty or has syntax which is
// invalid for type NamingAuthority::AuthorityIdStr.
typedef NamingAuthority::AuthorityIdStr ResourceNamingAuthority;
//## ResourceNameComponent Documentation:
// A datum element of this type is invalid if either
// name_string or value_string member is empty.
struct ResourceNameComponent {
string name_string;
string value_string;
};
//## ResourceNameComponentList Documentation:
// A datum element of type ResourceNameComponentList
// is invalid if it is empty or any of its
// sub-elements is invalid.
typedef sequence<ResourceNameComponent> ResourceNameComponentList;
//## ResourceName Documentation:
// A ResourceName is used to identify a secured
// resource. ResourceName is a sequence of strings
// allowing for groupings of resources. It is required
// that the first string in the sequence is formatted
// as a NamingAuthority::QualifiedNameStr. This
// ensures globally unique resource names (and/or
// groups) See NamingAuthority module in
// corbamed/98-02-29. Issue: Submitters are discussing
// whether we want to make this a stronger requirement
// by putting the type in the IDL (this is a
// typedef for a string with a standard format in
// NamingAuthority).
// A datum of type ResourceName is invald if either
// resource_name_authority or resource_name_component_
// list is invalid.
struct ResourceName {
ResourceNamingAuthority resource_name_authority;
ResourceNameComponentList resource_name_component_list;
};
typedef ResourceName ResourceNamePattern;
//## Operation Documentation:
// A datum element of this type is invalid if it is
// empty.
typedef string Operation;
//## OperationList Documentation:
// An OperationList is used to identify a list of
// operations that may be performed on a secured
// resource.
typedef sequence<string> OperationList;
//## AccessDefinition Documentation:
// The AccessDefinition struct is provided to allow
// multiple access definitions to be defined. It
// contains the ResourceName and the operation name
// for the secured resource access being requested.
// AccessDefinition is used as an input parameter to
// the access_allowed() method of the AccessDecision
// interface and the evaluate() method of the Policy
// Evaluator interface.
// A datum element of this type is invalid if either
// of its members is invalid.
struct AccessDefinition {
ResourceName resource_name;
Operation operation_name;
};
//## AccessDefinitionList Documentation:
// AccessDefinitionList is the type used to request
// multiple access decisions in a single operation. It
// is used as an input parameter to the multiple_access
// _allowed() method of the AccessDecision interface
// and the multiple_evaluate() method of the Policy
// Evaluator interface.
typedef sequence<AccessDefinition> AccessDefinitionList;
//## InvalidResourceName Documentation:
// This exception is raised when the provided resource
// name is invalid. Please refer to the specification
// of type ResourceName for the description of valid
// and invalid datum elements of type ResourceName.
exception InvalidResourceName {};
//## InvalidAccessRequestList Documentation:
// This exception is raised when a list of access
// request is invalid. Please refer to the
// specification of type AccessDefintionList for the
// description of valid and invalid datum items of
// this type.
exception InvalidAccessRequestList {
AccessDefinition first_invalid_element;
};
//## InvalidResourceNamePattern Documentation:
// This exceptions is raised when a resource name
// pattern, provided as an operation argument, has
// invalid syntax. Please refer to specification of
// ResourceNamePattern data type for description of
// its valid syntax.
exception InvalidResourceNamePattern {
};
//## RegisteredResourceNamePattern Documentation:
// The specified resource name pattern is already
// registered with this object instance. The same
// resource name pattern can be registered only once
// with the same object instance before it is
// unregistered.
exception RegisteredResourceNamePattern {};
//## RadInternalError Documentation:
// Access Decision object can not procede with serving
// the request.
exception RadInternalError {};
//## InvalidOperationName Documentation:
// This exception is raised when a name of operation
// on a resource is invalid. Please refer to the
// specification of type Operation for the description
// of valid and invalid datum elements of type
// Operation.
exception InvalidOperationName {};
interface DynamicAttributeService {
//## Operation: get_dynamic_attributes
//## Documentation:
// This method takes the parameters provided by the
// client of the AccessDecision object; the Attribute
// List, the ResourceName, and the operation and
// determines what (if any) dynamic attributes should
// be added to the AttributeList. In addition, the
// returned AttributeList may be modified by this
// service. The service may add or remove Sec
// Attributes to this list. It is the returned list of
// SecAttributes that is used as the basis of access
// decisions by the HRAC.
// Preconditions:
// 1. "resource_name" is valid.
// 2. "operation" is valid.
// No postconditions.
AttributeList get_dynamic_attributes(in AttributeList attribute_list, in ResourceName resource_name, in Operation operation)
raises( InvalidResourceName, InvalidOperationName );
};
//## InvalidPolicyNameList Documentation:
// This exceptions is raised when the provided Policy
// NameList has invalid value. Please refer to the
// specification of PolicyNameList data type for a
// description of valid PolicyNameList datum elements.
exception InvalidPolicyNameList {
PolicyName first_invalid_element;
};
//## NonExistingPolicy Documentation:
// This exception is raised when a policy name, which
// is does not exist in the context of the particular
// instance of PolicyEvaluatorAdmin, is used in
// administration of PolicyEvaluator object via Policy
// EvaluatorAdmin interface operation.
exception NonExistingPolicy {
PolicyName policy_name;
};
//## PolicyEvaluatorAdmin Documentation:
// The PolicyEvaluatorAdmin interface is used to
// associate named access policies with secured
// resources. It is assumed that the administrative
// tool used to create and manage access policies
// (outside the scope of this submission) provides a
// mechanism to allow policies to be associated with
// "names" which are represented as PolicyName (a
// string). This PolicyEvaluatorAdmin interface allows
// those policies to be applied "by name" to a secured
// resource represented by a
// ResourceName.
// This interface is primarily provided for the
// application that wishes to assign a policy to a
// newly created resource programmatically at the time
// of resource creation. It does, however, require that
// the application have knowledge of the named
// policies in order to choose an appropriate policy
// for access decisions.
interface PolicyEvaluatorAdmin {
//## Operation: set_policies
//## Documentation:
// The policy identified by PolicyName is associated
// with the secured resource identified by the Resource
// Name. If the PolicyName is NO_ACCESS_POLICY, then
// all policy is removed for the resource. If a Policy
// Name is applied to a ResourceName that has existing
// policy, then the policy will be replaced by the
// policy identified by this PolicyName.
// Preconditions:
// 1. "policy_names" has a valid value.
// 2. All policy named by "policy_names" exist in this
// policy evaluator.
// 3. "resource_name" has a valid value.
void set_policies(in PolicyNameList policy_names, in ResourceName resource_name)
raises( InvalidResourceName, InvalidPolicyNameList, NonExistingPolicy );
//## Operation: add_policies
//## Documentation:
// The policies identified by PolicyNameList is
// associated with the secured resource identified by
// the ResourceName. If the PolicyName is NO_ACCESS_
// POLICY, then all policies are removed for the
// resource.
// Preconditions:
// 1. "policy_names" has a valid value.
// 2. All policy named by "policy_names" exist in this
// policy evaluator.
// 3. "resource_names" has a valid value.
// Postcondition:
// "resource_name".applied_policy_names == union
// ("resource_name".applied_policy_names, "policy_
// names")
void add_policies(in PolicyNameList policy_names, in ResourceName resource_name)
raises( InvalidPolicyNameList, NonExistingPolicy, InvalidResourceName );
//## Operation: list_policies
//## Documentation:
// A list of all existing PolicyNames is returned to
// the client.
// No preconditions.
// Postcondition:
// return == all_existing_policy_names.
PolicyNameList list_policies();
//## Operation: set_default_policy
//## Documentation:
// The policy identified by PolicyName is associated
// (as default) with any secured resource which has
// not yet been assigned an access policy.
// Preconditions:
// 1. Policy named by "policy_name" exists in this
// policy evaluator.
PolicyName set_default_policy(in PolicyName policy_name)
raises( NonExistingPolicy );
};
//## PolicyEvaluator Documentation:
// The PolicyEvaluator interface is used to obtain an
// access decision based on an encapsulated policy for
// the ResourceName/operation when provided a list of
// effective Security Attributes for the requestor.
// This submission provides a framework for the
// support of one or more policy evaluators for a
// single resource.
interface PolicyEvaluator {
//## Association:
//## Documentation:
// If the PolicyEvaluator has an associated
// administrative interface, it can be obtained via
// this attribute. If an administrative interface is
// not available for this evaluator, this attribute
// will be nil.
readonly attribute PolicyEvaluatorAdmin pe_admin;
// Operations
//## Operation: evaluate
//## Documentation:
// A single access decision is requested based on
// access policy(s) this evaluator determines is
// appropriate for the named resource. The decision is
// based on the ResourceName, the operation, and the
// effective Security Attributes. The SecAttributes
// passed to the AccessDecision object by the client
// in access_allowed() may have been modified by the
// DynamicAttributeService get_dynamic_attributes()
// method before the PolicyEvaluator is called. The
// DecisionResult is a ternary result. The Decision
// Result is as follows:
// ACCESS_DECISION_ALLOWED: the policy evaluated for
// this ResourceName, operation and Attribute list
// indicates that access is ALLOWED.
// ACCESS_DECISION_NOT_ALLOWED: the policy evaluated
// for this ResourceName, operation and Attribute list
// indicates access is NOT_ALLOWED.
// ACCESS_DECISION_UNKNOWN: the policy evaluated for
// this ResourceName, operation and Attribute list
// indicates an access decision cannot be made.
// Preconditions:
// 1. "resource_name" is valid.
// 2. "operation" is valid.
// Post-conditions:
// return == authorization decision for the requested
// operation on the specified resource name by a
// principal with the specified security attributes.
DecisionResult evaluate(in ResourceName resource_name, in Operation operation, in AttributeList attribute_list)
raises( InvalidResourceName, InvalidOperationName );
};
struct NamedPolicyEvaluator {
string evaluator_name;
PolicyEvaluator policy_evaluator;
};
//## PolicyEvaluatorList Documentation:
// A PolicyEvaluatorList is a sequence of Policy
// Evaluator object references. The PolicyEvaluator
// Admin interface allows the association of lists of
// PolicyEvaluators with a ResourceNamePattern. This
// type is used as an input parameter in the add_
// evaluators(), replace_evaluators(), and set_default_
// evaluators() methods of this interface. See also
// PolicyDecisionEvaluators below for additional usage.
// A valid datum element of type PolicyEvaluatorList
// is a one which:
// 1. is not empty, and
// 2. contains only valid sub-elements.
typedef sequence<NamedPolicyEvaluator> PolicyEvaluatorList;
//## PolicyEvalautorNameClash Documentation:
// This exceptions is raised when a named policy
// evaluator, provided as a part of an operation
// argument, has the same value of its data member
// evalautor_name but different value of its data
// member policy_evalautor as some other named policy
// evalautor associated or to be associated (after the
// current operation was supposed to complete) with a
// resource name pattern. Such a situation is called
// here as "evalautor name clash."
exception PolicyEvalautorNameClash {
NamedPolicyEvaluator new_evaluator;
NamedPolicyEvaluator known_evalautor;
};
//## InvalidPolicyEvaluatorList Documentation:
// This exception is raised when a policy evalautor
// list, passed as a part of an operation arguments,
// is invalid. Please refer to the specification of
// PolicyEvalautorList data type for a description of
// valid PolicyEvalautorLis datum elements of that.
exception InvalidPolicyEvaluatorList {
//## Association:
//## Documentation:
// First named policy evalautor in the invalid list
// which caused the list to be invalid. If the value
// of this data member is nil than the list is invalid
// not because of a particular element, but because of
// some other reason (for example, because the list is
// empty).
NamedPolicyEvaluator first_invalid_element;
};
//## DecisionCombinator Documentation:
// The DecisionCombinator interface is used to combine
// the decisions of multiple PolicyEvaluators.
// Combinators may be provided with different
// behaviors. A combinator that supported an "ANY"
// policy would return TRUE if any of PolicyEvaluators
// returned ACCESS_DECISION_ALLOWED. A combinator that
// supported an "ALL" policy would return TRUE only if
// all of PolicyEvaluators returned ACCESS_DECISION_
// ALLOWED.
// DecisionCombinators may also be arbitrarily
// complex(although the initial submission doesn’t
// fully support this). A default combinator may be
// used for all access decisions, or combinators may
// be chosen specifically for access decisions on
// specific secured resources. The submitters have
// agreed that complex combinators (wishing to apply
// precedence) may require more information than what
// is currently passed in the DecisionResultList. It
// is, however, still an issue of exactly what would
// be useful in the general case as additional
// parameters to the DecisionCombinator. This issue
// will be addressed in the final submission.
interface DecisionCombinator {
//## Operation: combine_decisions
//## Documentation:
// The DecisionCombinator takes the list of evaluators
// as well as resource name, operation and security
// attributes and returns a boolean result. This is
// the result that will be returned by the Access
// Decision object to the original client of the HRAC
// facility.
// Preconditions:
// 1. "resource_name" is valid.
// 2. "operation" is valid.
// 3. "policy_evaluator_list" is valid.
// Postconditions.
boolean combine_decisions(in PolicyEvaluatorList policy_evaluator_list, in ResourceName resource_name, in Operation operation, in AttributeList attribute_list)
raises( InvalidResourceName, InvalidOperationName, InvalidPolicyEvaluatorList );
};
//## PolicyDecisionEvaluators Documentation:
// The PolicyDecisionEvaluators struct contains a
// PolicyEvaluatorList and the DecisionCombinator.
// This is the type returned from the get_policy_
// decision_evaluators() method of the
// PolicyEvaluatorLocator interface. This structure
// contains the references of all the objects that
// must be consulted by the ADO during an access
// decision.
struct PolicyDecisionEvaluators {
PolicyEvaluatorList policy_evaluator_list;
DecisionCombinator decision_combinator;
};
//## NonregisteredResourceNamePattern Documentation:
// This exceptions is raised when a resource name
// pattern, provided as an operation argument, has not
// been registered via operation register_resource_
// name_pattern() on the corresponding object instance.
exception NonregisteredResourceNamePattern {};
//## PolicyEvaluatorLocatorAdmin Documentation:
// The PolicyEvaluatorLocatorAdmin interface is used
// to associate PolicyEvaluators with a ResourceName.
// The object is also used to associate the
// appropriate DecisionCombinator with the Resource
// Name. This submission provides a framework for the
// support of one or more policy evaluators for a
// single resource.
interface PolicyEvaluatorLocatorAdmin {
//## Operation: add_evaluators
//## Documentation:
// A list of PolicyEvaluators is added to the list of
// evaluators for the named resource. These evaluators
// will be in the list of PolicyEvaluators returned by
// the PolicyEvaluatorLocator get_policy_decision_
// evaluators() method. The addition of evaluators to
// a ResourceName which previously had none results in
// the added list of evaluators being the only
// evaluators consulted on an access decision (system
// default evaluators are no longer consulted unless a
// system default evaluator is a member of the added
// list).
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// 3. policy_evaluator_list is valid
// 4. No element from policy_evaluator_list
// introduces "evaluator name clash" (see
// specification of it in the description of Policy
// EvalautorNameClash exception).
// Postconditions:
// 1. resource_name_pattern.registered_evaluator_list
// == union (policy_evaluator_list, resource_name_
// pattern.registered_evaluator_list)
void add_evaluators(in PolicyEvaluatorList policy_evaluator_list, in ResourceNamePattern resource_name_pattern)
raises( InvalidResourceNamePattern, NonregisteredResourceNamePattern, InvalidPolicyEvaluatorList, PolicyEvalautorNameClash );
//## Operation: set_evaluators
//## Documentation:
// A list of PolicyEvaluators is assigned for the
// named resource. If the resource had existing Policy
// Evaluators assigned, they are removed and the
// entire list is replaced with the ones provided in
// this method. The replacement of evaluators for a
// resource which previously had none results in the
// added list of evaluators being the only evaluators
// consulted on an access decision (system default
// evaluators are no longer consulted unless a system
// default evaluator is a member of the replacement
// list).
// These evaluators will be the PolicyEvaluators
// returned by the PolicyEvaluatorLocator get_policy_
// decision_evaluators() method.
// Preconditions.
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// 3. No element from policy_evaluator_list
// introduces "evaluator name clash" (see
// specification of it in the description of Policy
// EvalautorNameClash exception).
// Postconditions:
// resource_name_pattern.registered_evaluator_list
// == policy_evaluator_list
void set_evaluators(in PolicyEvaluatorList policy_evaluator_list, in ResourceName resource_name)
raises( InvalidResourceNamePattern, NonregisteredResourceNamePattern, PolicyEvalautorNameClash );
//## Operation: set_default_evaluators
//## Documentation:
// The list of PolicyEvaluators provided is set as the
// default evaluators for any ResourceName for which
// PolicyEvaluators have not been explicitly assigned.
// Default evaluators are overridden by the add_
// evaluators() or replace_evaluators() methods. The
// default evaluators will be returned by the Policy
// EvaluatorLocator get_policy_decision_evaluators()
// method when no PolicyEvaluators have been
// explicitly assigned for a ResourceName.
// Precondition:
// 1. policy_evaluator_list is valid
// 2. No element from policy_evaluator_list
// introduces "evaluator name clash" (see
// specification of it in the description of Policy
// EvalautorNameClash exception).
// Postcondition:
// default_evaluators == policy_evaluator_list
PolicyEvaluatorList set_default_evaluators(in PolicyEvaluatorList policy_evaluator_list)
raises( InvalidPolicyEvaluatorList, PolicyEvalautorNameClash );
//## Operation: set_combinator
//## Documentation:
// A DecisionCombinator is specified for the named
// resource. This combinator will be returned by the
// PolicyEvaluatorLocator get_policy_decision_
// evaluators() method. The DecisionCombinator
// provided replaces any previous combinator specified
// for the secured resource.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// Postcondition:
// resource_name_pattern.combinator == decision_
// combinator
void set_combinator(in DecisionCombinator decision_combinator, in ResourceName resource_name)
raises( InvalidResourceNamePattern, NonregisteredResourceNamePattern );
//## Operation: set_default_combinator
//## Documentation:
// The DecisionCombinator provided is set as a
// default. This combinator is now the combinator used
// when a DecisionCombinator has not been explicitly
// specified for a secured resource. This combinator
// will be returned by the PolicyEvaluatorLocator get_
// policy_decision_evaluators()
// method for these resources
// No preconditions.
// Postcondition:
// default_.combinator == decision_combinator.
void set_default_combinator(in DecisionCombinator decision_combinator);
//## Operation: delete_evaluators
//## Documentation:
// A list of PolicyEvaluators is deleted from the list
// of evaluators for the named resource. These
// evaluators will not be in the list of Policy
// Evaluators returned by the PolicyEvaluatorLocator
// get_policy_decision_evaluators() method. The
// deletion of evaluators from a ResourceNameGroup
// which were not assigned to this group results in an
// exception raised.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// 3. "policy_evaluator_list" is valid
// Postconditions:
// 1. for the "resource_name_pattern" : resource_name_
// pattern.registered_evaluator_list = resource_name_
// pattern.registered_evaluators - "policy_evaluator_
// list"
void delete_evaluators(in PolicyEvaluatorList policy_evaluator_list, in ResourceNamePattern resource_name_pattern)
raises( InvalidResourceNamePattern, NonregisteredResourceNamePattern, InvalidPolicyEvaluatorList );
//## Operation: delete_combinator
//## Documentation:
// A DecisionCombinator is specified for the named
// resource. This combinator will be returned by the
// PolicyEvaluatorLocator get_policy_decision_
// evaluators() method. The DecisionCombinator
// provided replaces any previous combinator specified
// for the secured resource.
// Precondition:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// Postcondition:
// Resource names matching only "resource_name_
// pattern" will be associated with the efault
// combinator.
void delete_combinator(in ResourceNamePattern resource_name_pattern)
raises( InvalidResourceNamePattern, NonregisteredResourceNamePattern );
//## Operation: get_default_combinator
//## Documentation:
// The default DecisionCombinator is returned.
// No preconditions.
// Postcondition:
// return == default_combinator.
DecisionCombinator get_default_combinator();
//## Operation: get_evaluators
//## Documentation:
// Returns evaluators for the given pattern.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// Postconditions:
// return == "resource_name_pattern".registered_
// evalautor_list
PolicyEvaluatorList get_evaluators(in ResourceNamePattern resource_name_pattern)
raises( InvalidResourceNamePattern, NonregisteredResourceNamePattern );
//## Operation: get_combinator
//## Documentation:
// Returns decision combinator for the given pattern.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// Postconditions:
// return == "resource_name_pattern".registered_
// decision_combinator
DecisionCombinator get_combinator(in ResourceNamePattern pattern)
raises( InvalidResourceNamePattern, NonregisteredResourceNamePattern );
//## Operation: register_resource_name_pattern
//## Documentation:
// Registers a resource name pattern with the instance
// of a policy evaluator.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is not registered yet.
// Postconditions:
// 1. "resource_name_pattern" is registered.
void register_resource_name_pattern(in ResourceNamePattern pattern)
raises( InvalidResourceNamePattern, RegisteredResourceNamePattern );
//## Operation: unregister_resource_name_pattern
//## Documentation:
// Unregisteres a resource name pattern with the
// instance of a policy evaluator.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// object instance.
// Postconditions:
// 1. "resource_name_pattern" is unregistered.
void unregister_resource_name_pattern(in ResourceNamePattern resoource_name_pattern)
raises( InvalidResourceNamePattern, NonregisteredResourceNamePattern );
};
//## PolicyEvaluatorLocator Documentation:
// The PolicyEvaluatorLocator interface is used to
// locate the PolicyEvaluators and the Decision
// Combinator associated with a ResourceName. This
// submission provides a framework for the support of
// one or more policy evaluators for a single resource.
interface PolicyEvaluatorLocator {
readonly attribute PolicyEvaluatorLocatorAdmin pel_admin;
// Operations
//## Operation: get_policy_decision_evaluators
//## Documentation:
// A PolicyDecisionEvaluators structure which contains
// a list of PolicyEvaluator object references and the
// DecisionCombinator object reference for the
// resource is returned to the client.
// Preconditions:
// 1. "resource_name" is valid.
// Postconditions:
// The returned references are not null.
// Note: If the references turn out to be invalid,
// there has to be a way to configure the ADO via its
// admin interface to handle such situations according
// to the enterprise policies.
PolicyDecisionEvaluators get_policy_decision_evaluators(in ResourceName resource_name)
raises( InvalidResourceName );
};
//## AccessDecision Documentation:
// The Access Decision object is used to request
// decisions on access based on a ResourceName, an
// Operation, and a list of SecAttributes. This
// submission provides a framework for the support of
// many policy evaluators. It is out of the scope of
// this submission to mandate how policy is defined or
// evaluated using the information provided by the
// client at the time access decisions are requested.
// This is the only interface that is necessary for a
// client to be familiar with in order to obtain
// access decisions from the HRAC.
interface AccessDecision {
attribute AccessDecisionAdmin admin;
// Operations
//## Operation: access_allowed
//## Documentation:
// A single access decision is requested and the
// result is returned as a boolean.
// Preconditions:
// 1. "resource_name" is valid.
// 2. "operation" is valid.
// Postconditions:
// return == authorization decision for the requested
// operation on the specified resource name by a
// principal with the specified security attributes.
boolean access_allowed(in ResourceName resource_name, in Operation operation, in AttributeList attribute_list)
raises( InvalidResourceName, InvalidOperationName, RadInternalError );
//## Operation: multiple_access_allowed
//## Documentation:
// Multiple access decisions are requested in a single
// method invocation and a sequence of booleans are
// returned. The boolean sequence maps one to one in
// the same order to the provided sequence of Resource
// Name/operation pairs.
// Preconditions:
// 1. All elements of "access_request" are valid
// Postconditions:
// 1. The length of the returned list is the same as
// of "access_requests" list.
// 1. Each element of the returned list is an
// authorization decision for the corresponding
// request in the "access_requests" list. I.e. first
// element of the returned list is an authorization
// decision for the first element of
// access_request", and so on.
BooleanList multiple_access_allowed(in AccessDefinitionList access_requests, in AttributeList attribute_list)
raises( InvalidAccessRequestList );
};
//## AccessDecisionAdmin Documentation:
// Administration interface for AccessDecision
interface AccessDecisionAdmin {
attribute DynamicAttributeService dynamic_attribute_service;
attribute PolicyEvaluatorLocator policy_evaluator_locator;
};
};
#endif
hrac-exceptions.pdf