Hi, Attached is the revised submission and IDL. I am sending the word document back to Konstantin directly. He may need to change the omg document number on the cover and if you find editorial stuff he can make those changes on Monday as I'm flying out to spend the week with a customer and will be unavailable all day Monday. Thanks to everyone for your support during the drafting of the doc. I'll see you in Philadelphia. Carol
March_1_RAD_revised-submission.PDF
//File: DfResourceAccessDecision.idl
//
#ifndef _DF_RESOURCE_ACCESS_DECISION_IDL_
#define _DF_RESOURCE_ACCESS_DECISION_IDL_
#include "Security.idl"
#pragma prefix "omg.org"
module DfResourceAccessDecision {
//*********************************************************
// Basic Types
//*********************************************************
typedef sequence<boolean> BooleanList;
typedef Security::AttributeList AttributeList;
interface DynamicAttributeService;
interface DecisionCombinator;
interface PolicyEvaluator;
interface PolicyEvaluatorLocator;
interface PolicyEvaluatorLocatorAdmin;
interface PolicyEvaluatorAdmin;
//*********************************************************
// Types that identify a secured resource
//*********************************************************
struct ResourceNameComponent {
string name_string;
string value_string;
};
typedef sequence<ResourceNameComponent> ResourceNameComponentList;
typedef string ResourceNamingAuthority;
struct ResourceName {
ResourceNamingAuthority resource_naming_authority;
ResourceNameComponentList resource_name_component_list;
};
typedef ResourceName ResourceNamePattern;
typedef string Operation;
typedef sequence<Operation> OperationList;
//****************************************************
// Types associated with evaluating Access Policy
//****************************************************
typedef string PolicyName;
typedef sequence<PolicyName> PolicyNameList;
const PolicyName NO_ACCESS_POLICY = "NO_ACCESS_POLICY";
struct NamedPolicyEvaluator {
string evaluator_name;
PolicyEvaluator policy_evaluator;
};
typedef sequence<NamedPolicyEvaluator> PolicyEvaluatorList;
struct PolicyDecisionEvaluators {
PolicyEvaluatorList policy_evaluator_list;
DecisionCombinator decision_combinator;
};
//****************************************************
// Types used to request an Access Decision
//****************************************************
struct AccessDefinition {
ResourceName resource_name;
Operation operation;
};
typedef sequence<AccessDefinition> AccessDefinitionList;
enum DecisionResult {ACCESS_DECISION_ALLOWED,
ACCESS_DECISION_NOT_ALLOWED,
ACCESS_DECISION_UNKNOWN
};
//********************************************************
//* Exception Data types
//********************************************************
struct ExceptionData {
short error_code;
string reason;
};
enum InternalErrorType {Fatal, NotFatal};
//*********************************************************
// Exception thrown by the Access Decision Object
//*********************************************************
exception InternalError{InternalErrorType ed;};
//*********************************************************
// Exception thrown by Internal non-admin interfaces
//*********************************************************
exception ComponentError{
ExceptionData ed;
InternalErrorType it;
};
//*********************************************************
// Exceptions thrown by Admin Interfaces
//*********************************************************
exception PatternConflict {ExceptionData ed;};
exception PatternDuplicate {ExceptionData ed;};
exception PatternNotRegistered {ExceptionData ed;};
exception PatternInUse {ExceptionData ed;};
exception InputFormatError {ExceptionData ed;};
exception ResourceNameNotFound {ExceptionData ed;};
exception NoAssociation {ExceptionData ed;};
exception InvalidPolicy {ExceptionData ed;};
exception DuplicateEvaluatorName {ExceptionData ed;};
exception InvalidResourceName {};
exception InvalidResourceNamePattern {};
exception InvalidPolicyEvaluatorList {
ExceptionData ed;
NamedPolicyEvaluator first_invalid_element;
};
exception InvalidPolicyNameList {
ExceptionData ed;
PolicyName first_invalid_element;
};
//****************************************************
// interface AccessDecision
//****************************************************
interface AccessDecision {
boolean access_allowed(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list
)
raises (InternalError);
BooleanList multiple_access_allowed(
in AccessDefinitionList access_requests,
in AttributeList attribute_list
)
raises (InternalError);
};
//******************************************************
// interface DynamicAttributeService
//******************************************************
interface DynamicAttributeService {
AttributeList get_dynamic_attributes(
in AttributeList attribute_list,
in ResourceName resource_name,
in Operation operation
)
raises (ComponentError);
};
//******************************************************
// interface PolicyEvaluatorLocator
//******************************************************
interface PolicyEvaluatorLocator {
readonly attribute PolicyEvaluatorLocatorAdmin pel_admin;
PolicyDecisionEvaluators get_policy_decision_evaluators(
in ResourceName resource_name
)
raises (ComponentError);
};
//********************************************************
// interface DecisionCombinator
//********************************************************
interface DecisionCombinator{
boolean combine_decisions(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list,
in PolicyEvaluatorList policy_evaluator_list
)
raises (ComponentError);
};
//******************************************************
// interface PolicyEvaluator
//******************************************************
interface PolicyEvaluator {
readonly attribute PolicyEvaluatorAdmin pe_admin;
DecisionResult evaluate(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list
)
raises (ComponentError);
};
//******************************************************
//
// Management Interfaces
//
//******************************************************
// interface AccessDecisionAdmin
//******************************************************
interface AccessDecisionAdmin {
PolicyEvaluatorLocator get_policy_evaluator_locator();
void set_policy_evaluator_locator (
in PolicyEvaluatorLocator policy_evaluator_locator
);
DynamicAttributeService get_dynamic_attribute_service();
void set_dynamic_attribute_service(
in DynamicAttributeService dynamic_attribute_service
);
};
//*******************************************************
// interface PolicyEvaluatorLocatorAdmin
//*******************************************************
interface PolicyEvaluatorLocatorAdmin {
void register_resource_name_pattern(
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternDuplicate,
PatternConflict);
void unregister_resource_name_pattern(
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered,
PatternInUse);
PolicyEvaluatorList get_evaluators(
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered);
void set_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (InputFormatError,
PatternNotRegistered,
DuplicateEvaluatorName);
PolicyEvaluatorList set_default_evaluators(
in PolicyEvaluatorList policy_evaluator_list
)
raises (DuplicateEvaluatorName, InvalidPolicyEvaluatorList);
void add_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered,
InvalidPolicyEvaluatorList,
DuplicateEvaluatorName);
void delete_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered,
InvalidPolicyEvaluatorList,
DuplicateEvaluatorName);
DecisionCombinator get_combinator (
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered);
void set_combinator (
in DecisionCombinator decision_combinator,
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered);
void delete_combinator (
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered);
DecisionCombinator get_default_combinator ();
void set_default_combinator(
in DecisionCombinator decision_combinator
);
};
//*******************************************************
// interface PolicyEvaluatorAdmin
//*******************************************************
interface PolicyEvaluatorAdmin {
void set_policies(
in PolicyNameList policy_names,
in ResourceName resource_name
)
raises (InvalidResourceName,
ResourceNameNotFound,
InvalidPolicyNameList);
void add_policies(
in PolicyNameList policy_names,
in ResourceName resource_name
)
raises (InvalidResourceName,
ResourceNameNotFound,
InvalidPolicyNameList);
void delete_policies(
in PolicyNameList policy_names,
in ResourceName resource_name
)
raises (InvalidResourceName,
ResourceNameNotFound,
InvalidPolicyNameList,
NoAssociation);
PolicyNameList list_policies();
PolicyName set_default_policy(
in PolicyName policy_names
)
raises (InvalidPolicy);
};
};
#endif // _DF_RESOURCE_ACCESS_DECISION_IDL_
_________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com Integration Architects 205-621-7455 www.2ab.com Member, OMG Architecture Board OMG Domain Member -- integrating yesterday's systems with today's technology --