Versions Compared

Old Version 8

changes.mady.by.user Liam Fallon

Saved on

compared with

New Version 9

changes.mady.by.user Liam Fallon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The TOSCA specification is silent on how targets, should be interpreted. Therefore the Policy Framework will allow the user to specify what way the targets should be treated for each PolicyType or Policy on which targets are specified. This will be achieved by asking the user to specify a XACML policy for each PolicyType or Policy on which targets have been specified.

If targets are specified on a PolicyType or Policy, the user specifies the name and version of an XACML policy to execute prior to execution. The list of targets is passed to the XACML target policy, which returns a boolean value of true or false. Execution of the Policy proper only proceeds if the XACML target policy returns true.

The following properties are introduced on PolicyType and Policy specifications to identify the XACML target policy to execute for targets.

Porperty NameRequiredTypeDescription
targetPolicyNameConditionalStringThe name of an XACML policy to execute to check whether execution should continue for a given set of targets. If the targets keyname is specified and the targetPolicyName property is not specified, policy execution is aborted and an error is reported. If the policy specified in the targetPolicyName property does not exist, policy execution is aborted and an error is reported.
targetPolicyVersionOptionalStringThe version the XACML policy specified in the targetPolicyName property. If the targetPolicyVersion property is not specified, the latest version of the policy specified in the targetPolicyName propertyis used. If the version of the policy specified in the targetPolicyVersion property does not exist, policy execution is aborted and an error is reported.

In the Policy Framework, targets are supported only for policies that are actually fired by the Policy Framework.

Type of PolicySupportedDescription
OperationalYes
NativeYes
GuardNoGuard policies may already be called by other policies, and a target policy is similar to a guard policy
MonitoringNoMonitoring policies are parameter policies and are not fired by the Policy Framework
OptimizationNoOptimization policies are parameter policies and are not fired by the Policy Framework
Match??
Naming??

PolicyType targets



Policy targets

...