Changeset 5005 for TI12-security


Ignore:
Timestamp:
20/02/09 16:10:34 (11 years ago)
Author:
pjkersha
Message:

More work on Policy and Effect classes

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/pdp/xacml.py

    r4975 r5005  
    1515 
    1616from ndg.security.common.authz.pdp import PDPInterface 
    17  
     17         
    1818class Subject(object): 
    1919    '''XACML Subject designator''' 
     
    2525    '''XACML Action designator''' 
    2626 
    27 class Environment(dict): 
     27class Environment(object): 
    2828    '''XACML Environment designator''' 
     29 
     30class Policy(object): 
     31    def __init__(self): 
     32        self.description = None 
     33        self.rules = [] 
     34        self.algID = None 
     35        self.obligations = [] 
     36        self.target = None 
     37 
     38    def encode(self): 
     39        '''Encode the policy''' 
     40        raise NotImplemented() 
    2941     
     42class Target(object): 
     43    def __init__(self): 
     44        self.subject = Subject() 
     45        self.resource = Resource() 
     46        self.action = Action() 
     47 
     48    
     49class Effect(object): 
     50    def __str__(self): 
     51        raise NotImplementedError() 
     52        
     53class DenyEffect(object): 
     54    def __str__(self): 
     55        return 'deny' 
     56         
     57class PermitEffect(object): 
     58    def __str__(self): 
     59        return 'permit' 
     60 
     61class Rule(object): 
     62    '''Consists of a condition, an effect, and a target. 
     63    ''' 
     64    def __init__(self): 
     65        # Conditions are statements about attributes that upon evaluation  
     66        # return either True, False, or Indeterminate. 
     67        self.conditions = [] 
     68        # Effect is the intended consequence of the satisfied rule. It can  
     69        # either take the value Permit or Deny. 
     70        self.effect = DenyEffect() 
     71         
     72        # Target, as in the case of a policy, helps in determining whether or  
     73        # not a rule is relevant for a request. The mechanism for achieving  
     74        # this is also similar to how it is done in the case of a target for a  
     75        # policy. 
     76        self.target = Target() 
     77         
     78        
    3079class Request(object): 
    3180    '''XACML Request object 
     
    4392     
    4493    This is an initial iteration toward a complete XACML implementation''' 
    45     def accessPermitted(self, subject, resource, action, environ): 
     94    def __init__(self, *arg, **kw): 
     95        pass 
     96     
     97    def accessPermitted(self, subject, resource, action, environment): 
    4698        '''Make access control decision - override this in a derived class to 
    4799        implement the decision logic but this method may be called within 
     
    72124        # Default to denied 
    73125        return False 
    74      
    75     __call__ = accessPermitted 
Note: See TracChangeset for help on using the changeset viewer.