Versions Compared

Old Version 10

changes.mady.by.user Liam Fallon

Saved on

compared with

New Version 11

changes.mady.by.user Liam Fallon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following properties are introduced on PolicyType and Policy specifications to identify the XACML target policy to execute for targets.

Porperty NameRequiredTypeDescription
targetPolicyNameConditionalStringThe name of an XACML policy to execute to check whether execution should continue for a given set of targets. If the targets keyname is specified and the targetPolicyName property is not specified, policy execution is aborted and an error is reported. If the policy specified in the targetPolicyName property does not exist, policy execution is aborted and an error is reported.
targetPolicyVersionOptionalStringThe version the XACML policy specified in the targetPolicyName property. If the targetPolicyVersion property is not specified, the latest version of the policy specified in the targetPolicyName propertyis used. If the version of the policy specified in theĀ targetPolicyVersion property does not exist, policy execution is aborted and an error is reported.

In the Policy Framework, targets are supported only for policies that are actually fired by the Policy Framework.

Type of PolicySupportedDescription
OperationalYes
NativeYes
GuardNoGuard policies may already be called by other policies, and a target policy is similar to a guard policy
MonitoringNoMonitoring policies are parameter policies and are not fired by the Policy Framework
OptimizationNoOptimization policies are parameter policies and are not fired by the Policy Framework
Match??
Naming??

Execution Sequence for targets

...

Code Block
titlePlantUML source for Sequence Diagram
collapsetrue
@startuml

title Policy Framework Target Execution

autonumber

participant PolicyCaller

box "PolicyFramework" #LightBlue
  participant AnyPDP
  participant XACML_PDP
end box

PolicyCaller --> AnyPDP : policy trigger

alt targets specified on PolicyType
  AnyPDP --> XACML_PDP : Invoke target policy specified on PolicyType
  alt targets policy rejects execution
    AnyPDP --> PolicyCaller : execution rejected
  end
end

alt targets specified on Policy
  AnyPDP --> XACML_PDP : Invoke target policy specified on Policy
  alt targets policy rejects execution
    AnyPDP --> PolicyCaller : execution rejected
  end
end

AnyPDP --> AnyPDP : execute policy

activate AnyPDP
deactivate AnyPDP

AnyPDP --> PolicyCaller : policy result

@enduml

The

PolicyType targets



Policy targets

...