Versions Compared

Old Version 11

changes.mady.by.user Liam Fallon

Saved on

compared with

New Version 12

changes.mady.by.user Liam Fallon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titlePlantUML source for Sequence Diagram
collapsetrue
@startuml

title Policy Framework Target Execution

autonumber

participant PolicyCaller

box "PolicyFramework" #LightBlue
  participant AnyPDP
  participant XACML_PDP
end box

PolicyCaller --> AnyPDP : policy trigger

alt targets specified on PolicyType
  AnyPDP --> XACML_PDP : Invoke target policy specified on PolicyType
  alt targets policy rejects execution
    AnyPDP --> PolicyCaller : execution rejected
  end
end

alt targets specified on Policy
  AnyPDP --> XACML_PDP : Invoke target policy specified on Policy
  alt targets policy rejects execution
    AnyPDP --> PolicyCaller : execution rejected
  end
end

AnyPDP --> AnyPDP : execute policy

activate AnyPDP
deactivate AnyPDP

AnyPDP --> PolicyCaller : policy result

@enduml

The Policy Framework will introduce common support for targets as a library function that all PDPs can use. This support can be used by any of the Policy Framework PDPs, as shown above.

When a trigger event is received by a PDP (Step 1), the PDP invokes the common handling for targets (Steps 2 to 5). If this common handling permits execution to proceed, policy execution proceeds as normal (Step 6).

The common handling works as follows:

  • A check of the Policy Type specification is made to see if targets have been specified on it, if so, the XACML PDP is invoked with the specified target policy and the specified targets as parameters (Step 2).
  • If the target policy for the Policy Type rejects the targets, execution of the policy proper is rejected (Step 3).
  • If no targets are specified on the Policy Type or the target policy for the Policy Type accepts the target, execution continues
  • A check of the Policy specification is made to see if targets have been specified on it, if so, the XACML PDP is invoked with the specified target policy and the specified targets as parameters (Step 4).
  • If the target policy for the Policy rejects the targets, execution of the policy proper is rejected (Step 5).
  • If no targets are specified on the Policy or the target policy for the Policy accepts the target, execution continues (Step 6)

PolicyType targets

(TOSCA code)

Policy targets

(TOSCA code)

Implementation Alternatives