[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: exceptions
Carol, Konstantin, et. al.:
Here's the text describing how preconditions and postconditions are to be
interpreted in our spec.
In this specification we use a "design by contract"
precondition/postcondition semantics. This means:
* An object which receives a call assumes that its preconditions are
true at the time the call is received
* If the preconditions are true, then:
* When the object returns from the call, the postcondition will
be true, OR
* The object will throw an exception, indicating that it was
unable to fulfill its contract
* If ANY of the preconditions is not true, then the object's behavior
is undefined, and, in particular, the postconditions
are not guaranteed to be true when the object returns from the call.
--bob
Bob Blakley
IBM Lead Security Architect
Voice: +1 (512) 838-8133
Fax: +1 (512) 838-0156
Post: 11400 Burnet Road, Mail Stop 9134, Austin, TX 78758 USA
Internet: blakley@us.ibm.com
Konstantin Beznosov <beznosov@baptisthealth.net> on 02/23/99 02:05:39 PM
Please respond to Konstantin Beznosov <beznosov@baptisthealth.net>
To: hrac-rfp@cs.fiu.edu
cc: (bcc: Bob Blakley/Austin/IBM)
Subject: exceptions
//## Module: DfResourceAccessDecision
//## Source file: S:\HRAC_submission\model\DfResourceAccessDecision.idl
#ifndef DfResourceAccessDecision_idl
#define DfResourceAccessDecision_idl
#include "NamingAuthority.idl"
#include "Security.idl"
#pragma prefix "omg.org"
// ==================================================================
module DfResourceAccessDecision
{
interface AccessDecisionAdmin;
//## BooleanList Documentation:
// A sequence of boolean used as a return value when
// multiple decisions are requested. This type is used
// as a return value in the multiple_access_allowed()
// method of the AccessDecision interface.
typedef sequence<boolean> BooleanList;
//## AttributeList Documentation:
// The Security::AttributeList is defined as follows
// in CORBA Security 1.2 (ptc/98-01-02). The Attribute
// List is provided as an input parameter by the
// "application" client when a request for an access
// decision is made. The AttributeList used for access
// decisions may be modified to include dynamic
// attributes by use of the get_dynamic_attributes()
// method of the DynamicAttributeService interface.
// As a convenience to the reader, the structure of a
// Security::AttributeList is replicated
// below.
typedef Security::AttributeList AttributeList;
//## PolicyName Documentation:
// A PolicyName is a string used to identify an access
// policy for a secured resource. This type is only
// used in the PolicyEvalutorAdmin interface. It is
// used as an input parameter to the replace_policy(),
// add_policy(), and set_default_policy() methods of
// the PolicyEvaluatorAdmin interface. PolicyNames are
// assigned by the administrative interface of the
// policy engine and
// cannot be modified or controlled by the HRAC. There
// is one standard PolicyName of "NO_ACCESS_POLICY".
// See the PolicyEvaluatorAdmin interface for usage.
// A datum element of this type is invalid if it is
// empty.
typedef string PolicyName;
//## PolicyNameList Documentation:
// A PolicyNameList is a sequence of PolicyNames. It
// is returned from the list_policy() method of the
// PolicyEvaluatorAdmin interface.
// A datum element of this type is invalid if it is
// empty or any of its sub-elements is invalid.
typedef sequence<PolicyName> PolicyNameList;
const PolicyName NO_ACCESS_POLICY = "NO_ACCESS_POLICY";
//## DecisionResult Documentation:
// DecisionResult is an enum with three possible
// values. This type is used as a result in access
// decisions where access policy is applied. This is
// the type returned from the evaluate() method of the
// PolicyEvaluator.
enum DecisionResult
{ACCESS_DECISION_ALLOWED, ACCESS_DECISION_NOT_ALLOWED,
ACCESS_DECISION_UNKNOWN};
//## DecisionResultList Documentation:
// DecisionResultList is a sequence of DecisionResult.
// This is the type returned from the multiple_
// evaluate() method of the PolicyEvaluator and is the
// type provided as an input parameter
// to the combine_decisions() method of the Decision
// Combinator.
typedef sequence<DecisionResult> DecisionResultList;
//## ResourceNamingAuthority Documentation:
// A datum element of type ResourceNamingAuthority is
// invalid if it is empty or has syntax which is
// invalid for type NamingAuthority::AuthorityIdStr.
typedef NamingAuthority::AuthorityIdStr ResourceNamingAuthority;
//## ResourceNameComponent Documentation:
// A datum element of this type is invalid if either
// name_string or value_string member is empty.
struct ResourceNameComponent {
string name_string;
string value_string;
};
//## ResourceNameComponentList Documentation:
// A datum element of type ResourceNameComponentList
// is invalid if it is empty or any of its
// sub-elements is invalid.
typedef sequence<ResourceNameComponent> ResourceNameComponentList;
//## ResourceName Documentation:
// A ResourceName is used to identify a secured
// resource. ResourceName is a sequence of strings
// allowing for groupings of resources. It is required
// that the first string in the sequence is formatted
// as a NamingAuthority::QualifiedNameStr. This
// ensures globally unique resource names (and/or
// groups) See NamingAuthority module in
// corbamed/98-02-29. Issue: Submitters are discussing
// whether we want to make this a stronger requirement
// by putting the type in the IDL (this is a
// typedef for a string with a standard format in
// NamingAuthority).
// A datum of type ResourceName is invald if either
// resource_name_authority or resource_name_component_
// list is invalid.
struct ResourceName {
ResourceNamingAuthority resource_name_authority;
ResourceNameComponentList resource_name_component_list;
};
typedef ResourceName ResourceNamePattern;
//## Operation Documentation:
// A datum element of this type is invalid if it is
// empty.
typedef string Operation;
//## OperationList Documentation:
// An OperationList is used to identify a list of
// operations that may be performed on a secured
// resource.
typedef sequence<string> OperationList;
//## AccessDefinition Documentation:
// The AccessDefinition struct is provided to allow
// multiple access definitions to be defined. It
// contains the ResourceName and the operation name
// for the secured resource access being requested.
// AccessDefinition is used as an input parameter to
// the access_allowed() method of the AccessDecision
// interface and the evaluate() method of the Policy
// Evaluator interface.
// A datum element of this type is invalid if either
// of its members is invalid.
struct AccessDefinition {
ResourceName resource_name;
Operation operation_name;
};
//## AccessDefinitionList Documentation:
// AccessDefinitionList is the type used to request
// multiple access decisions in a single operation. It
// is used as an input parameter to the multiple_access
// _allowed() method of the AccessDecision interface
// and the multiple_evaluate() method of the Policy
// Evaluator interface.
typedef sequence<AccessDefinition> AccessDefinitionList;
//## InvalidResourceName Documentation:
// This exception is raised when the provided resource
// name is invalid. Please refer to the specification
// of type ResourceName for the description of valid
// and invalid datum elements of type ResourceName.
exception InvalidResourceName {};
//## InvalidAccessRequestList Documentation:
// This exception is raised when a list of access
// request is invalid. Please refer to the
// specification of type AccessDefintionList for the
// description of valid and invalid datum items of
// this type.
exception InvalidAccessRequestList {
AccessDefinition first_invalid_element;
};
//## InvalidResourceNamePattern Documentation:
// This exceptions is raised when a resource name
// pattern, provided as an operation argument, has
// invalid syntax. Please refer to specification of
// ResourceNamePattern data type for description of
// its valid syntax.
exception InvalidResourceNamePattern {
};
//## RegisteredResourceNamePattern Documentation:
// The specified resource name pattern is already
// registered with this object instance. The same
// resource name pattern can be registered only once
// with the same object instance before it is
// unregistered.
exception RegisteredResourceNamePattern {};
//## RadInternalError Documentation:
// Access Decision object can not procede with serving
// the request.
exception RadInternalError {};
//## InvalidOperationName Documentation:
// This exception is raised when a name of operation
// on a resource is invalid. Please refer to the
// specification of type Operation for the description
// of valid and invalid datum elements of type
// Operation.
exception InvalidOperationName {};
interface DynamicAttributeService {
//## Operation: get_dynamic_attributes
//## Documentation:
// This method takes the parameters provided by the
// client of the AccessDecision object; the Attribute
// List, the ResourceName, and the operation and
// determines what (if any) dynamic attributes should
// be added to the AttributeList. In addition, the
// returned AttributeList may be modified by this
// service. The service may add or remove Sec
// Attributes to this list. It is the returned list of
// SecAttributes that is used as the basis of access
// decisions by the HRAC.
// Preconditions:
// 1. "resource_name" is valid.
// 2. "operation" is valid.
// No postconditions.
AttributeList get_dynamic_attributes(in AttributeList attribute_list,
in ResourceName resource_name, in Operation operation)
raises( InvalidResourceName, InvalidOperationName );
};
//## InvalidPolicyNameList Documentation:
// This exceptions is raised when the provided Policy
// NameList has invalid value. Please refer to the
// specification of PolicyNameList data type for a
// description of valid PolicyNameList datum elements.
exception InvalidPolicyNameList {
PolicyName first_invalid_element;
};
//## NonExistingPolicy Documentation:
// This exception is raised when a policy name, which
// is does not exist in the context of the particular
// instance of PolicyEvaluatorAdmin, is used in
// administration of PolicyEvaluator object via Policy
// EvaluatorAdmin interface operation.
exception NonExistingPolicy {
PolicyName policy_name;
};
//## PolicyEvaluatorAdmin Documentation:
// The PolicyEvaluatorAdmin interface is used to
// associate named access policies with secured
// resources. It is assumed that the administrative
// tool used to create and manage access policies
// (outside the scope of this submission) provides a
// mechanism to allow policies to be associated with
// "names" which are represented as PolicyName (a
// string). This PolicyEvaluatorAdmin interface allows
// those policies to be applied "by name" to a secured
// resource represented by a
// ResourceName.
// This interface is primarily provided for the
// application that wishes to assign a policy to a
// newly created resource programmatically at the time
// of resource creation. It does, however, require that
// the application have knowledge of the named
// policies in order to choose an appropriate policy
// for access decisions.
interface PolicyEvaluatorAdmin {
//## Operation: set_policies
//## Documentation:
// The policy identified by PolicyName is associated
// with the secured resource identified by the Resource
// Name. If the PolicyName is NO_ACCESS_POLICY, then
// all policy is removed for the resource. If a Policy
// Name is applied to a ResourceName that has existing
// policy, then the policy will be replaced by the
// policy identified by this PolicyName.
// Preconditions:
// 1. "policy_names" has a valid value.
// 2. All policy named by "policy_names" exist in this
// policy evaluator.
// 3. "resource_name" has a valid value.
void set_policies(in PolicyNameList policy_names, in ResourceName
resource_name)
raises( InvalidResourceName, InvalidPolicyNameList,
NonExistingPolicy );
//## Operation: add_policies
//## Documentation:
// The policies identified by PolicyNameList is
// associated with the secured resource identified by
// the ResourceName. If the PolicyName is NO_ACCESS_
// POLICY, then all policies are removed for the
// resource.
// Preconditions:
// 1. "policy_names" has a valid value.
// 2. All policy named by "policy_names" exist in this
// policy evaluator.
// 3. "resource_names" has a valid value.
// Postcondition:
// "resource_name".applied_policy_names == union
// ("resource_name".applied_policy_names, "policy_
// names")
void add_policies(in PolicyNameList policy_names, in ResourceName
resource_name)
raises( InvalidPolicyNameList, NonExistingPolicy,
InvalidResourceName );
//## Operation: list_policies
//## Documentation:
// A list of all existing PolicyNames is returned to
// the client.
// No preconditions.
// Postcondition:
// return == all_existing_policy_names.
PolicyNameList list_policies();
//## Operation: set_default_policy
//## Documentation:
// The policy identified by PolicyName is associated
// (as default) with any secured resource which has
// not yet been assigned an access policy.
// Preconditions:
// 1. Policy named by "policy_name" exists in this
// policy evaluator.
PolicyName set_default_policy(in PolicyName policy_name)
raises( NonExistingPolicy );
};
//## PolicyEvaluator Documentation:
// The PolicyEvaluator interface is used to obtain an
// access decision based on an encapsulated policy for
// the ResourceName/operation when provided a list of
// effective Security Attributes for the requestor.
// This submission provides a framework for the
// support of one or more policy evaluators for a
// single resource.
interface PolicyEvaluator {
//## Association:
//## Documentation:
// If the PolicyEvaluator has an associated
// administrative interface, it can be obtained via
// this attribute. If an administrative interface is
// not available for this evaluator, this attribute
// will be nil.
readonly attribute PolicyEvaluatorAdmin pe_admin;
// Operations
//## Operation: evaluate
//## Documentation:
// A single access decision is requested based on
// access policy(s) this evaluator determines is
// appropriate for the named resource. The decision is
// based on the ResourceName, the operation, and the
// effective Security Attributes. The SecAttributes
// passed to the AccessDecision object by the client
// in access_allowed() may have been modified by the
// DynamicAttributeService get_dynamic_attributes()
// method before the PolicyEvaluator is called. The
// DecisionResult is a ternary result. The Decision
// Result is as follows:
// ACCESS_DECISION_ALLOWED: the policy evaluated for
// this ResourceName, operation and Attribute list
// indicates that access is ALLOWED.
// ACCESS_DECISION_NOT_ALLOWED: the policy evaluated
// for this ResourceName, operation and Attribute list
// indicates access is NOT_ALLOWED.
// ACCESS_DECISION_UNKNOWN: the policy evaluated for
// this ResourceName, operation and Attribute list
// indicates an access decision cannot be made.
// Preconditions:
// 1. "resource_name" is valid.
// 2. "operation" is valid.
// Post-conditions:
// return == authorization decision for the requested
// operation on the specified resource name by a
// principal with the specified security attributes.
DecisionResult evaluate(in ResourceName resource_name, in Operation
operation, in AttributeList attribute_list)
raises( InvalidResourceName, InvalidOperationName );
};
struct NamedPolicyEvaluator {
string evaluator_name;
PolicyEvaluator policy_evaluator;
};
//## PolicyEvaluatorList Documentation:
// A PolicyEvaluatorList is a sequence of Policy
// Evaluator object references. The PolicyEvaluator
// Admin interface allows the association of lists of
// PolicyEvaluators with a ResourceNamePattern. This
// type is used as an input parameter in the add_
// evaluators(), replace_evaluators(), and set_default_
// evaluators() methods of this interface. See also
// PolicyDecisionEvaluators below for additional usage.
// A valid datum element of type PolicyEvaluatorList
// is a one which:
// 1. is not empty, and
// 2. contains only valid sub-elements.
typedef sequence<NamedPolicyEvaluator> PolicyEvaluatorList;
//## PolicyEvalautorNameClash Documentation:
// This exceptions is raised when a named policy
// evaluator, provided as a part of an operation
// argument, has the same value of its data member
// evalautor_name but different value of its data
// member policy_evalautor as some other named policy
// evalautor associated or to be associated (after the
// current operation was supposed to complete) with a
// resource name pattern. Such a situation is called
// here as "evalautor name clash."
exception PolicyEvalautorNameClash {
NamedPolicyEvaluator new_evaluator;
NamedPolicyEvaluator known_evalautor;
};
//## InvalidPolicyEvaluatorList Documentation:
// This exception is raised when a policy evalautor
// list, passed as a part of an operation arguments,
// is invalid. Please refer to the specification of
// PolicyEvalautorList data type for a description of
// valid PolicyEvalautorLis datum elements of that.
exception InvalidPolicyEvaluatorList {
//## Association:
//## Documentation:
// First named policy evalautor in the invalid list
// which caused the list to be invalid. If the value
// of this data member is nil than the list is invalid
// not because of a particular element, but because of
// some other reason (for example, because the list is
// empty).
NamedPolicyEvaluator first_invalid_element;
};
//## DecisionCombinator Documentation:
// The DecisionCombinator interface is used to combine
// the decisions of multiple PolicyEvaluators.
// Combinators may be provided with different
// behaviors. A combinator that supported an "ANY"
// policy would return TRUE if any of PolicyEvaluators
// returned ACCESS_DECISION_ALLOWED. A combinator that
// supported an "ALL" policy would return TRUE only if
// all of PolicyEvaluators returned ACCESS_DECISION_
// ALLOWED.
// DecisionCombinators may also be arbitrarily
// complex(although the initial submission doesn?t
// fully support this). A default combinator may be
// used for all access decisions, or combinators may
// be chosen specifically for access decisions on
// specific secured resources. The submitters have
// agreed that complex combinators (wishing to apply
// precedence) may require more information than what
// is currently passed in the DecisionResultList. It
// is, however, still an issue of exactly what would
// be useful in the general case as additional
// parameters to the DecisionCombinator. This issue
// will be addressed in the final submission.
interface DecisionCombinator {
//## Operation: combine_decisions
//## Documentation:
// The DecisionCombinator takes the list of evaluators
// as well as resource name, operation and security
// attributes and returns a boolean result. This is
// the result that will be returned by the Access
// Decision object to the original client of the HRAC
// facility.
// Preconditions:
// 1. "resource_name" is valid.
// 2. "operation" is valid.
// 3. "policy_evaluator_list" is valid.
// Postconditions.
boolean combine_decisions(in PolicyEvaluatorList policy_evaluator_list,
in ResourceName resource_name, in Operation operation, in AttributeList
attribute_list)
raises( InvalidResourceName, InvalidOperationName,
InvalidPolicyEvaluatorList );
};
//## PolicyDecisionEvaluators Documentation:
// The PolicyDecisionEvaluators struct contains a
// PolicyEvaluatorList and the DecisionCombinator.
// This is the type returned from the get_policy_
// decision_evaluators() method of the
// PolicyEvaluatorLocator interface. This structure
// contains the references of all the objects that
// must be consulted by the ADO during an access
// decision.
struct PolicyDecisionEvaluators {
PolicyEvaluatorList policy_evaluator_list;
DecisionCombinator decision_combinator;
};
//## NonregisteredResourceNamePattern Documentation:
// This exceptions is raised when a resource name
// pattern, provided as an operation argument, has not
// been registered via operation register_resource_
// name_pattern() on the corresponding object instance.
exception NonregisteredResourceNamePattern {};
//## PolicyEvaluatorLocatorAdmin Documentation:
// The PolicyEvaluatorLocatorAdmin interface is used
// to associate PolicyEvaluators with a ResourceName.
// The object is also used to associate the
// appropriate DecisionCombinator with the Resource
// Name. This submission provides a framework for the
// support of one or more policy evaluators for a
// single resource.
interface PolicyEvaluatorLocatorAdmin {
//## Operation: add_evaluators
//## Documentation:
// A list of PolicyEvaluators is added to the list of
// evaluators for the named resource. These evaluators
// will be in the list of PolicyEvaluators returned by
// the PolicyEvaluatorLocator get_policy_decision_
// evaluators() method. The addition of evaluators to
// a ResourceName which previously had none results in
// the added list of evaluators being the only
// evaluators consulted on an access decision (system
// default evaluators are no longer consulted unless a
// system default evaluator is a member of the added
// list).
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// 3. policy_evaluator_list is valid
// 4. No element from policy_evaluator_list
// introduces "evaluator name clash" (see
// specification of it in the description of Policy
// EvalautorNameClash exception).
// Postconditions:
// 1. resource_name_pattern.registered_evaluator_list
// == union (policy_evaluator_list, resource_name_
// pattern.registered_evaluator_list)
void add_evaluators(in PolicyEvaluatorList policy_evaluator_list, in
ResourceNamePattern resource_name_pattern)
raises( InvalidResourceNamePattern,
NonregisteredResourceNamePattern, InvalidPolicyEvaluatorList,
PolicyEvalautorNameClash );
//## Operation: set_evaluators
//## Documentation:
// A list of PolicyEvaluators is assigned for the
// named resource. If the resource had existing Policy
// Evaluators assigned, they are removed and the
// entire list is replaced with the ones provided in
// this method. The replacement of evaluators for a
// resource which previously had none results in the
// added list of evaluators being the only evaluators
// consulted on an access decision (system default
// evaluators are no longer consulted unless a system
// default evaluator is a member of the replacement
// list).
// These evaluators will be the PolicyEvaluators
// returned by the PolicyEvaluatorLocator get_policy_
// decision_evaluators() method.
// Preconditions.
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// 3. No element from policy_evaluator_list
// introduces "evaluator name clash" (see
// specification of it in the description of Policy
// EvalautorNameClash exception).
// Postconditions:
// resource_name_pattern.registered_evaluator_list
// == policy_evaluator_list
void set_evaluators(in PolicyEvaluatorList policy_evaluator_list, in
ResourceName resource_name)
raises( InvalidResourceNamePattern,
NonregisteredResourceNamePattern, PolicyEvalautorNameClash );
//## Operation: set_default_evaluators
//## Documentation:
// The list of PolicyEvaluators provided is set as the
// default evaluators for any ResourceName for which
// PolicyEvaluators have not been explicitly assigned.
// Default evaluators are overridden by the add_
// evaluators() or replace_evaluators() methods. The
// default evaluators will be returned by the Policy
// EvaluatorLocator get_policy_decision_evaluators()
// method when no PolicyEvaluators have been
// explicitly assigned for a ResourceName.
// Precondition:
// 1. policy_evaluator_list is valid
// 2. No element from policy_evaluator_list
// introduces "evaluator name clash" (see
// specification of it in the description of Policy
// EvalautorNameClash exception).
// Postcondition:
// default_evaluators == policy_evaluator_list
PolicyEvaluatorList set_default_evaluators(in PolicyEvaluatorList
policy_evaluator_list)
raises( InvalidPolicyEvaluatorList, PolicyEvalautorNameClash );
//## Operation: set_combinator
//## Documentation:
// A DecisionCombinator is specified for the named
// resource. This combinator will be returned by the
// PolicyEvaluatorLocator get_policy_decision_
// evaluators() method. The DecisionCombinator
// provided replaces any previous combinator specified
// for the secured resource.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// Postcondition:
// resource_name_pattern.combinator == decision_
// combinator
void set_combinator(in DecisionCombinator decision_combinator, in
ResourceName resource_name)
raises( InvalidResourceNamePattern,
NonregisteredResourceNamePattern );
//## Operation: set_default_combinator
//## Documentation:
// The DecisionCombinator provided is set as a
// default. This combinator is now the combinator used
// when a DecisionCombinator has not been explicitly
// specified for a secured resource. This combinator
// will be returned by the PolicyEvaluatorLocator get_
// policy_decision_evaluators()
// method for these resources
// No preconditions.
// Postcondition:
// default_.combinator == decision_combinator.
void set_default_combinator(in DecisionCombinator decision_combinator);
//## Operation: delete_evaluators
//## Documentation:
// A list of PolicyEvaluators is deleted from the list
// of evaluators for the named resource. These
// evaluators will not be in the list of Policy
// Evaluators returned by the PolicyEvaluatorLocator
// get_policy_decision_evaluators() method. The
// deletion of evaluators from a ResourceNameGroup
// which were not assigned to this group results in an
// exception raised.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// 3. "policy_evaluator_list" is valid
// Postconditions:
// 1. for the "resource_name_pattern" : resource_name_
// pattern.registered_evaluator_list = resource_name_
// pattern.registered_evaluators - "policy_evaluator_
// list"
void delete_evaluators(in PolicyEvaluatorList policy_evaluator_list, in
ResourceNamePattern resource_name_pattern)
raises( InvalidResourceNamePattern,
NonregisteredResourceNamePattern, InvalidPolicyEvaluatorList );
//## Operation: delete_combinator
//## Documentation:
// A DecisionCombinator is specified for the named
// resource. This combinator will be returned by the
// PolicyEvaluatorLocator get_policy_decision_
// evaluators() method. The DecisionCombinator
// provided replaces any previous combinator specified
// for the secured resource.
// Precondition:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// Postcondition:
// Resource names matching only "resource_name_
// pattern" will be associated with the efault
// combinator.
void delete_combinator(in ResourceNamePattern resource_name_pattern)
raises( InvalidResourceNamePattern,
NonregisteredResourceNamePattern );
//## Operation: get_default_combinator
//## Documentation:
// The default DecisionCombinator is returned.
// No preconditions.
// Postcondition:
// return == default_combinator.
DecisionCombinator get_default_combinator();
//## Operation: get_evaluators
//## Documentation:
// Returns evaluators for the given pattern.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// Postconditions:
// return == "resource_name_pattern".registered_
// evalautor_list
PolicyEvaluatorList get_evaluators(in ResourceNamePattern
resource_name_pattern)
raises( InvalidResourceNamePattern,
NonregisteredResourceNamePattern );
//## Operation: get_combinator
//## Documentation:
// Returns decision combinator for the given pattern.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// instance of PolicyEvaluatorLocatorAdmin.
// Postconditions:
// return == "resource_name_pattern".registered_
// decision_combinator
DecisionCombinator get_combinator(in ResourceNamePattern pattern)
raises( InvalidResourceNamePattern,
NonregisteredResourceNamePattern );
//## Operation: register_resource_name_pattern
//## Documentation:
// Registers a resource name pattern with the instance
// of a policy evaluator.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is not registered yet.
// Postconditions:
// 1. "resource_name_pattern" is registered.
void register_resource_name_pattern(in ResourceNamePattern pattern)
raises( InvalidResourceNamePattern, RegisteredResourceNamePattern
);
//## Operation: unregister_resource_name_pattern
//## Documentation:
// Unregisteres a resource name pattern with the
// instance of a policy evaluator.
// Preconditions:
// 1. "resource_name_pattern" is valid.
// 2. "resource_name_pattern" is registered with this
// object instance.
// Postconditions:
// 1. "resource_name_pattern" is unregistered.
void unregister_resource_name_pattern(in ResourceNamePattern
resoource_name_pattern)
raises( InvalidResourceNamePattern,
NonregisteredResourceNamePattern );
};
//## PolicyEvaluatorLocator Documentation:
// The PolicyEvaluatorLocator interface is used to
// locate the PolicyEvaluators and the Decision
// Combinator associated with a ResourceName. This
// submission provides a framework for the support of
// one or more policy evaluators for a single resource.
interface PolicyEvaluatorLocator {
readonly attribute PolicyEvaluatorLocatorAdmin pel_admin;
// Operations
//## Operation: get_policy_decision_evaluators
//## Documentation:
// A PolicyDecisionEvaluators structure which contains
// a list of PolicyEvaluator object references and the
// DecisionCombinator object reference for the
// resource is returned to the client.
// Preconditions:
// 1. "resource_name" is valid.
// Postconditions:
// The returned references are not null.
// Note: If the references turn out to be invalid,
// there has to be a way to configure the ADO via its
// admin interface to handle such situations according
// to the enterprise policies.
PolicyDecisionEvaluators get_policy_decision_evaluators(in ResourceName
resource_name)
raises( InvalidResourceName );
};
//## AccessDecision Documentation:
// The Access Decision object is used to request
// decisions on access based on a ResourceName, an
// Operation, and a list of SecAttributes. This
// submission provides a framework for the support of
// many policy evaluators. It is out of the scope of
// this submission to mandate how policy is defined or
// evaluated using the information provided by the
// client at the time access decisions are requested.
// This is the only interface that is necessary for a
// client to be familiar with in order to obtain
// access decisions from the HRAC.
interface AccessDecision {
attribute AccessDecisionAdmin admin;
// Operations
//## Operation: access_allowed
//## Documentation:
// A single access decision is requested and the
// result is returned as a boolean.
// Preconditions:
// 1. "resource_name" is valid.
// 2. "operation" is valid.
// Postconditions:
// return == authorization decision for the requested
// operation on the specified resource name by a
// principal with the specified security attributes.
boolean access_allowed(in ResourceName resource_name, in Operation
operation, in AttributeList attribute_list)
raises( InvalidResourceName, InvalidOperationName, RadInternalError
);
//## Operation: multiple_access_allowed
//## Documentation:
// Multiple access decisions are requested in a single
// method invocation and a sequence of booleans are
// returned. The boolean sequence maps one to one in
// the same order to the provided sequence of Resource
// Name/operation pairs.
// Preconditions:
// 1. All elements of "access_request" are valid
// Postconditions:
// 1. The length of the returned list is the same as
// of "access_requests" list.
// 1. Each element of the returned list is an
// authorization decision for the corresponding
// request in the "access_requests" list. I.e. first
// element of the returned list is an authorization
// decision for the first element of
// access_request", and so on.
BooleanList multiple_access_allowed(in AccessDefinitionList
access_requests, in AttributeList attribute_list)
raises( InvalidAccessRequestList );
};
//## AccessDecisionAdmin Documentation:
// Administration interface for AccessDecision
interface AccessDecisionAdmin {
attribute DynamicAttributeService dynamic_attribute_service;
attribute PolicyEvaluatorLocator policy_evaluator_locator;
};
};
#endif
----------------
Broadcast message to hrac-rfp from blakley@us.ibm.com.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.