...
Execution Sequence for targets
| Code Block | ||||
|---|---|---|---|---|
| ||||
@startuml title Policy Framework Target Execution autonumber participant PolicyCaller box "PolicyFramework" #LightBlue participant AnyPDP participant XACML_PDP end box PolicyCaller --> AnyPDP : policy trigger loop from root to last descendant PolicyType alt targets specified on PolicyType AnyPDP --> XACML_PDP : Invoke target policy specified on PolicyType alt targets policy rejects execution AnyPDP --> PolicyCaller : execution rejected end end end loop from root to last descendant Policy alt targets specified on Policy AnyPDP --> XACML_PDP : Invoke target policy specified on Policy alt targets policy rejects execution AnyPDP --> PolicyCaller : execution rejected end end end AnyPDP --> AnyPDP : execute policy activate AnyPDP deactivate AnyPDP AnyPDP --> PolicyCaller : policy result @enduml |
...
The common handling works as follows:
- The Policy Framework loops over the root PolicyType to the last descendant PolicyType
- A check of the Policy Type specification is made to see if targets have been specified on it, if so, the XACML PDP is invoked with the specified target policy and the specified targets as parameters (Step 2).
- If the target policy for the Policy Type rejects the targets, execution of the policy proper is rejected (Step 3).
- If no targets are specified on the Policy Type or the target policy for the Policy Type accepts the target, execution continues
- The Policy Framework loops over the root Policy to the last descendant Policy
- A check of the Policy specification is made to see if targets have been specified on it, if so, the XACML PDP is invoked with the specified target policy and the specified targets as parameters (Step 4).
- If the target policy for the Policy rejects the targets, execution of the policy proper is rejected (Step 5).
- If no targets are specified on the Policy or the target policy for the Policy accepts the target, execution continues (Step 6)
PolicyType targets
(TOSCA code)
...