Hi, Juergen Please find the following documents attached for posting under corbamed: Title: Resource Access Decision: Revised Submission Document #: corbamed/99-04-xx Description: Second revised submission of the response to Healthcare Resource Access Control RFP. Format: MS-Word 97, PDF Title: Resource Access Decision: Revised Submission with changemarks Document #: corbamed/99-04-xx Description: Second revised submission of the response to Healthcare Resource Access Control RFP with marks showing changes from document corbamed/99-03-02 Format: MS-Word 97, PDF Title: Resource Access Decision: Errata to Revised Submission (corbamed/99-03-02) Document #: corbamed/99-04-xx Description: Errata to first revised submission of the response to Healthcare Resource Access (corbamed/99-03-02) Control RFP. Format: MS-Word 97, PDF Title: DfResourceAccessDecision.idl Document #: corbamed/99-04-xx Description: IDL code accompanying second revised submission (corbamed/99-04-xx) of the response to Healthcare Resource Access Control RFP. Format: TXT Thank you Konstantin
corbamed_99-04-xx-with-change-marks.doc
corbamed_99-04-xx-with-change-marks.pdf
errata-to-corbamed_99-03-02.doc
errata-to-corbamed_99-03-02.pdf
//File: DfResourceAccessDecision.idl
//
#ifndef _DF_RESOURCE_ACCESS_DECISION_IDL_
#define _DF_RESOURCE_ACCESS_DECISION_IDL_
#include "Security.idl"
#pragma prefix "omg.org"
module DfResourceAccessDecision {
//*********************************************************
// Basic Types
//*********************************************************
typedef sequence<boolean> BooleanList;
typedef Security::AttributeList AttributeList;
interface DynamicAttributeService;
interface DecisionCombinator;
interface PolicyEvaluator;
interface PolicyEvaluatorLocator;
interface PolicyEvaluatorLocatorAdmin;
interface PolicyEvaluatorAdmin;
//*********************************************************
// Types that identify a secured resource
//*********************************************************
struct ResourceNameComponent {
string name_string;
string value_string;
};
typedef sequence<ResourceNameComponent> ResourceNameComponentList;
typedef string ResourceNamingAuthority;
struct ResourceName {
ResourceNamingAuthority resource_naming_authority;
ResourceNameComponentList resource_name_component_list;
};
typedef ResourceName ResourceNamePattern;
typedef string Operation;
typedef sequence<Operation> OperationList;
//****************************************************
// Types associated with evaluating Access Policy
//****************************************************
typedef string PolicyName;
typedef sequence<PolicyName> PolicyNameList;
const PolicyName NO_ACCESS_POLICY = "NO_ACCESS_POLICY";
struct NamedPolicyEvaluator {
string evaluator_name;
PolicyEvaluator policy_evaluator;
};
typedef sequence<NamedPolicyEvaluator> PolicyEvaluatorList;
struct PolicyDecisionEvaluators {
PolicyEvaluatorList policy_evaluator_list;
DecisionCombinator decision_combinator;
};
//****************************************************
// Types used to request an Access Decision
//****************************************************
struct AccessDefinition {
ResourceName resource_name;
Operation operation;
};
typedef sequence<AccessDefinition> AccessDefinitionList;
enum DecisionResult {ACCESS_DECISION_ALLOWED,
ACCESS_DECISION_NOT_ALLOWED,
ACCESS_DECISION_UNKNOWN
};
//********************************************************
//* Exception Data types
//********************************************************
struct ExceptionData {
short error_code;
string reason;
};
enum InternalErrorType {Fatal, NotFatal};
//*********************************************************
// Exception thrown by the Access Decision Object
//*********************************************************
exception InternalError{InternalErrorType ed;};
//*********************************************************
// Exception thrown by Internal non-admin interfaces
//*********************************************************
exception ComponentError{
ExceptionData ed;
InternalErrorType it;
};
//*********************************************************
// Exceptions thrown by Admin Interfaces
//*********************************************************
exception PatternConflict {ExceptionData ed;};
exception PatternDuplicate {ExceptionData ed;};
exception PatternNotRegistered {ExceptionData ed;};
exception PatternInUse {ExceptionData ed;};
exception InputFormatError {ExceptionData ed;};
exception ResourceNameNotFound {ExceptionData ed;};
exception NoAssociation {ExceptionData ed;};
exception InvalidPolicy {ExceptionData ed;};
exception DuplicateEvaluatorName {ExceptionData ed;};
exception InvalidResourceName {};
exception InvalidResourceNamePattern {};
exception InvalidPolicyEvaluatorList {
ExceptionData ed;
NamedPolicyEvaluator first_invalid_element;
};
exception InvalidPolicyNameList {
ExceptionData ed;
PolicyName first_invalid_element;
};
//****************************************************
// interface AccessDecision
//****************************************************
interface AccessDecision {
boolean access_allowed(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list
)
raises (InternalError);
BooleanList multiple_access_allowed(
in AccessDefinitionList access_requests,
in AttributeList attribute_list
)
raises (InternalError);
};
//******************************************************
// interface DynamicAttributeService
//******************************************************
interface DynamicAttributeService {
AttributeList get_dynamic_attributes(
in AttributeList attribute_list,
in ResourceName resource_name,
in Operation operation
)
raises (ComponentError);
};
//******************************************************
// interface PolicyEvaluatorLocator
//******************************************************
interface PolicyEvaluatorLocator {
readonly attribute PolicyEvaluatorLocatorBasicAdmin
basic_admin;
readonly attribute PolicyEvaluatorLocatorNameAdmin
name_admin;
readonly attribute PolicyEvaluatorLocatorPatternAdmin
pattern_admin;
PolicyDecisionEvaluators get_policy_decision_evaluators(
in ResourceName resource_name
)
raises (ComponentError);
};
//********************************************************
// interface DecisionCombinator
//********************************************************
interface DecisionCombinator{
boolean combine_decisions(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list,
in PolicyEvaluatorList policy_evaluator_list
)
raises (ComponentError);
};
//******************************************************
// interface PolicyEvaluator
//******************************************************
interface PolicyEvaluator {
readonly attribute PolicyEvaluatorAdmin pe_admin;
DecisionResult evaluate(
in ResourceName resource_name,
in Operation operation,
in AttributeList attribute_list
)
raises (ComponentError);
};
//******************************************************
//
// Management Interfaces
//
//******************************************************
// interface AccessDecisionAdmin
//******************************************************
interface AccessDecisionAdmin {
PolicyEvaluatorLocator get_policy_evaluator_locator();
void set_policy_evaluator_locator (
in PolicyEvaluatorLocator policy_evaluator_locator
);
DynamicAttributeService get_dynamic_attribute_service();
void set_dynamic_attribute_service(
in DynamicAttributeService dynamic_attribute_service
);
};
//*******************************************************
// interface PolicyEvaluatorLocatorBasicAdmin
//*******************************************************
interface PolicyEvaluatorLocatorBasicAdmin {
PolicyEvaluatorList set_default_evaluators(
in PolicyEvaluatorList policy_evaluator_list
)
raises (DuplicateEvaluatorName, InvalidPolicyEvaluatorList);
PolicyEvaluatorList get_default_evaluators();
DecisionCombinator get_default_combinator ();
void set_default_combinator (
in DecisionCombinator decision_combinator
);
}
//*******************************************************
// interface PolicyEvaluatorLocatorNameAdmin
//*******************************************************
interface PolicyEvaluatorLocatorAdmin {
PolicyEvaluatorList get_evaluators(
in ResourceName resource_name
)
raises (InvalidResourceName);
void set_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceName resource_name
)
raises (InvalidPolicyEvaluatorList,
InvalidResourceName,
DuplicateEvaluatorName);
void add_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceName resource_name
)
raises (InvalidResourceName,
InvalidPolicyEvaluatorList,
DuplicateEvaluatorName);
void delete_evaluators (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceName resource_name
)
raises (InvalidResourceName,
InvalidPolicyEvaluatorList,
DuplicateEvaluatorName);
DecisionCombinator get_combinator (
in ResourceName resource_name
)
raises (InvalidResourceName);
void set_combinator (
in DecisionCombinator decision_combinator,
in ResourceName resource_name
)
raises (InvalidResourceName);
void delete_combinator (
in ResourceName resource_name
)
raises (InvalidResourceName);
};
//*******************************************************
// interface PolicyEvaluatorLocatorPatternAdmin
//*******************************************************
interface PolicyEvaluatorLocatorPatternAdmin {
void register_resource_name_pattern(
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternDuplicate,
PatternConflict);
void unregister_resource_name_pattern(
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered,
PatternInUse);
PolicyEvaluatorList get_evaluators_by_pattern(
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered);
void set_evaluators_by_pattern (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (InvalidPolicyEvaluatorList,
InputFormatError,
PatternNotRegistered,
DuplicateEvaluatorName);
PolicyEvaluatorList set_default_evaluators(
in PolicyEvaluatorList policy_evaluator_list
)
raises (DuplicateEvaluatorName, InvalidPolicyEvaluatorList);
void add_evaluators_by_pattern (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered,
InvalidPolicyEvaluatorList,
DuplicateEvaluatorName);
void delete_evaluators_by_pattern (
in PolicyEvaluatorList policy_evaluator_list,
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered,
InvalidPolicyEvaluatorList,
DuplicateEvaluatorName);
DecisionCombinator get_combinator_by_pattern (
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered);
void set_combinator_by_pattern (
in DecisionCombinator decision_combinator,
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered);
void delete_combinator_by_pattern (
in ResourceNamePattern pattern
)
raises (InvalidResourceNamePattern,
PatternNotRegistered);
DecisionCombinator get_default_combinator ();
void set_default_combinator(
in DecisionCombinator decision_combinator
);
};
//*******************************************************
// interface PolicyEvaluatorAdmin
//*******************************************************
interface PolicyEvaluatorAdmin {
void set_policies(
in PolicyNameList policy_names,
in ResourceName resource_name
)
raises (InvalidResourceName,
ResourceNameNotFound,
InvalidPolicyNameList);
void add_policies(
in PolicyNameList policy_names,
in ResourceName resource_name
)
raises (InvalidResourceName,
ResourceNameNotFound,
InvalidPolicyNameList);
void delete_policies(
in PolicyNameList policy_names,
in ResourceName resource_name
)
raises (InvalidResourceName,
ResourceNameNotFound,
InvalidPolicyNameList,
NoAssociation);
PolicyNameList list_policies();
PolicyName set_default_policy(
in PolicyName policy_names
)
raises (InvalidPolicy);
};
};
#endif // _DF_RESOURCE_ACCESS_DECISION_IDL_