kaos.core.csi.policy
Interface PolicyChecking


public interface PolicyChecking

Defines the operations to check permissions and get obligations.

Author:
KAoS Team $Revision: 1.13 $

Method Summary
 void checkDeepPermission(ActionInstanceDescription aid, PolicyDecisionObserver pObserver)
          The method checks if the given action is permitted according to the current set of policies.
 void checkPermission(ActionInstanceDescription aid, PolicyDecisionObserver pObserver)
          The method checks if the given action is permitted according to the current set of policies.
 void findPolicyDecision(ActionInstanceDescription aid, PolicyDecisionObserver pObserver)
          The method checks if the given action is permitted according to the current set of policies, or if the given action is a trigger for some obligation policy.
 java.util.Vector getObligationsForTriggerCondition(ActionInstanceDescription triggerAID, PolicyDecisionObserver pObserver)
          Based on the specified trigger ActionInstanceDescription, select all matching obligation policies and create ActionInstanceDescription describing obligations.
 

Method Detail

checkPermission

void checkPermission(ActionInstanceDescription aid,
                     PolicyDecisionObserver pObserver)
                     throws KAoSSecurityException,
                            java.lang.NullPointerException,
                            ServiceFailure
The method checks if the given action is permitted according to the current set of policies.

Parameters:
aid - ActionInstanceDescription describing action
pObserver - PolicyDecisionObserver, an entity interested in receiving updates whenever policy decisions change.
Throws:
KAoSSecurityException - if the action is not allowed.
java.lang.NullPointerException - if the ActionInstanceDescription argument is null.
ServiceFailure - if the policy service is not available or fails.

checkDeepPermission

void checkDeepPermission(ActionInstanceDescription aid,
                         PolicyDecisionObserver pObserver)
                         throws java.lang.NullPointerException,
                                ServiceFailure,
                                KAoSSecurityException
The method checks if the given action is permitted according to the current set of policies. However, if the given action is not permitted by a policy, instead of stopping there, it goes on to find all those policies that forbid the given action, and then returns a vector that contains their ids. The vector containing forbidding policies' ids is stored in the KAoSSecurityException.

Parameters:
aid - ActionInstanceDescription to be checked by the Guard in order to allow/disallow an action.
pObserver - PolicyDecisionObserver, an entity interested in receiving updates whenever policy decisions change.
Throws:
java.lang.NullPointerException - if the aid argument is null.
ServiceFailure - if the policy service is not available, or fails.
KAoSSecurityException - if the action is not permitted.

findPolicyDecision

void findPolicyDecision(ActionInstanceDescription aid,
                        PolicyDecisionObserver pObserver)
                        throws ObligationViolationException,
                               KAoSSecurityException,
                               ServiceFailure
The method checks if the given action is permitted according to the current set of policies, or if the given action is a trigger for some obligation policy. If the action is not permitted, the method throws an exception, but if the action is a trigger, the method returns a Vector containing all those obligation policies for which the action is a trigger.

Parameters:
aid - ActionInstanceDescription to be checked by the Guard in order to allow/disallow the action; or the trigger to be checked for obligation policies.
pObserver - PolicyDecisionObserver, an entity interested in receiving updates whenever policy decisions change.
Throws:
ObligationViolationException - some aspect of the returned obligations have been violated
ServiceFailure - if the policy service is not available, or fails.
KAoSSecurityException - if the action is not permitted.

getObligationsForTriggerCondition

java.util.Vector getObligationsForTriggerCondition(ActionInstanceDescription triggerAID,
                                                   PolicyDecisionObserver pObserver)
                                                   throws ObligationViolationException,
                                                          ServiceFailure
Based on the specified trigger ActionInstanceDescription, select all matching obligation policies and create ActionInstanceDescription describing obligations. Sort the obligation ActionInstanceDescriptions in descending order by the priority of the obligation policy, which matched the trigger.

Parameters:
triggerAID - ActionInstanceDescription describes an instance of the trigger condition sent by the trigger condition monitor.
pObserver - PolicyDecisionObserver, an entity interested in receiving updates whenever policy decisions change.
Returns:
A Vector of control ActionInstanceDescriptions, whose BasicActionDescriptions are contained in policies matching the parameter triggerAID. The returned control ActionInstanceDescriptions are sorted in descending sequence by their policy priority.
Throws:
ObligationViolationException - when specified obligation constraints in a policy applicable to the given trigger are not satisfied.
ServiceFailure - if the policy service is not available.


Copyright © 2005 IHMC All Rights Reserved.