kaos.core.csi.policy
Interface PolicyAdvice


public interface PolicyAdvice

Author:
KAoS Team This interface defines operations to advice the user as to which property values are allowed/forbidden for the given action.

Method Summary
 java.util.Vector getAllowableValuesForActionProperties(ActionInstanceDescription actionDesc, PolicyDecisionObserver pObserver)
          In this case, there are NO properties specified.
 java.util.Vector getAllowableValuesForActionProperties(java.util.Vector propertyNames, ActionInstanceDescription actionDesc, boolean tight, PolicyDecisionObserver pObserver)
          This function is used when the agent/enforcer has only partial information about an action and would like to determine what range of properties can be allowed by the policy set.
 java.util.Set getAllowableValuesForActionProperty(java.lang.String origPropertyName, ActionInstanceDescription origActionDesc, java.util.Set allTargetValues, boolean tight, PolicyDecisionObserver pObserver)
          This function is used when the enforcer has only partial information about an action and needs to determine what range of a property can be allowed by the policy.
 java.util.Vector getForbiddenValuesForActionProperty(java.lang.String origPropertyName, ActionInstanceDescription origActionDesc, PolicyDecisionObserver pObserver)
          At the moment this method would work only for A- policies for 'moveTo' action, and for 'movingTo' property.
 java.util.List getPoliciesForActionType(java.lang.String actionType, PolicyDecisionObserver pObserver)
          Get policies for the specified action type.
 

Method Detail

getPoliciesForActionType

java.util.List getPoliciesForActionType(java.lang.String actionType,
                                        PolicyDecisionObserver pObserver)
                                        throws ServiceFailure
Get policies for the specified action type.

Parameters:
actionType - String specifying the action type for the requested policies.
pObserver - PolicyDecisionObserver, an entity interested in receiving updates whenever policy decisions change.
Returns:
List Contains policies defined for the specified action.
Throws:
ServiceFailure - when the policy service cannot be reached, or fails.

getAllowableValuesForActionProperties

java.util.Vector getAllowableValuesForActionProperties(java.util.Vector propertyNames,
                                                       ActionInstanceDescription actionDesc,
                                                       boolean tight,
                                                       PolicyDecisionObserver pObserver)
                                                       throws ServiceFailure
This function is used when the agent/enforcer has only partial information about an action and would like to determine what range of properties can be allowed by the policy set. The agent/enforcer partially fills an ActionInstanceDescription object and sends it to the method, which finds those policies that are applicable to this action and contain the given property. The method will then select only those values for the given properties that will not conflict with higher priority policies containing the given properties.

Parameters:
propertyNames - Vector containing the properties for which values are to be found.
actionDesc - ActionInstanceDescription object which will be used to find applicable policies.
tight - boolean, if set to 'true', will result in returning only these values for the missing specified property which would satisfy some policy if used alone.
pObserver - PolicyDecisionObserver, an entity interested in receiving updates whenever policy decisions change.
Returns:
Vector The Vector containing multiple ActionInstanceDescription objects which contain the allowed values for those properties.
Throws:
ServiceFailure - when the policy service cannot be reached, or fails.

getAllowableValuesForActionProperties

java.util.Vector getAllowableValuesForActionProperties(ActionInstanceDescription actionDesc,
                                                       PolicyDecisionObserver pObserver)
                                                       throws ServiceFailure
In this case, there are NO properties specified. The function uses the given, partially filled, ActionInstanceDescription object to find those policies that are applicable to this action, and then it selects all the properties from those policies which are not originally contained in the provided ActionInstanceDescription object. It then chooses only those values for the given properties which do not conflict with their higher priority selves, and returns all those properties in the ActionInstanceDescription object.

Parameters:
actionDesc - ActionInstanceDescription object which will be used to find applicable policies.
pObserver - PolicyDecisionObserver, an entity interested in receiving updates whenever policy decisions change.
Returns:
Vector The Vector containing multiple ActionInstanceDescription objects which contain the allowed values for those properties.
Throws:
ServiceFailure - when the policy service cannot be reached, or fails.

getAllowableValuesForActionProperty

java.util.Set getAllowableValuesForActionProperty(java.lang.String origPropertyName,
                                                  ActionInstanceDescription origActionDesc,
                                                  java.util.Set allTargetValues,
                                                  boolean tight,
                                                  PolicyDecisionObserver pObserver)
                                                  throws ServiceFailure
This function is used when the enforcer has only partial information about an action and needs to determine what range of a property can be allowed by the policy. The enforcer partially fills an ActionInstanceDescription object and sends it to the PolicyDisclosure object to find those policies that are applicable to this action and contain the given property. PolicyDisclosure will then select only those values for the given property that will not conflict with higher priority policies containing the given property. This is a complex function and needs to be understood in the context of how it is used - this is getting written elsewhere and will be included here at a later time.

Parameters:
origPropertyName - String specifying the property for which values are to be found.
origActionDesc - ActionInstanceDescription object which will be used to find applicable policies.
allTargetValues - Set of possible property values - now it is a fake argument, which should really be calculated by the directory service and passed to the entity disclosing the policy (PolicyDisclosure).
tight - boolean, if set to 'true', will result in returning only these values for the missing specified property which would satisfy some policy if used alone.
pObserver - PolicyDecisionObserver, an entity interested in receiving updates whenever policy decisions change.
Returns:
Set The Set containing allowed values for the given property, or null, if a thread waiting to complete execution of this method has been interrupted. The interrupted status will be propagated.
Throws:
ServiceFailure - when the policy service cannot be reached, or fails.

getForbiddenValuesForActionProperty

java.util.Vector getForbiddenValuesForActionProperty(java.lang.String origPropertyName,
                                                     ActionInstanceDescription origActionDesc,
                                                     PolicyDecisionObserver pObserver)
                                                     throws ServiceFailure
At the moment this method would work only for A- policies for 'moveTo' action, and for 'movingTo' property. For other policies, the behaviour of this method is undefined. This method would be made more generic in future, for handling nested property values.

Parameters:
origPropertyName - the property for which to find those values.
origActionDesc - the AID for which to find the values.
pObserver - PolicyDecisionObserver, an entity interested in receiving updates whenever policy decisions change.
Returns:
Vector a Vector of OntInstanceDescriptionImpl objects, which are the forbidden values.
Throws:
ServiceFailure - when the policy service cannot be reached, or fails.


Copyright © 2005 IHMC All Rights Reserved.