[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[higgins-dev] Architecture Suggestions for handling many different policies
|
Hi folks,
I would like to propose the following two interfaces which will subsume
the role of the ISS. These two classes allow for the variety of
identity cards in the system to be used against many different access
policies.
----------
PolicyFactory: This class has one method which instantiates a class that
exposes the Policy interface below for the given policy type.
Policy ParsePolicy(String policy, String type)
throws PolicyParseException,
UnsupportedPolicyTypeException
The factory implementation is quite simple, but it allows for
extensibility---various different policies can be registered and
instantiated dynamically, etc.
----------
Policy Interface:
new(String policy) : parses the policy string
throws PolicyParseException
Choices match(Icard Registry) : matches the policy
returns a list of lists indicating the user choices
DigitalIdentity getDigitalIdentity(Selection) : makes token
The cardspace policy class implementation would simply parse the policy,
iterate through the list of cards retrieved from the registry, and call
isMatch on each one. The getDigitalIdentity would simply call the
similar function of the Icard.
An Idemix policy class implementation would have the flexibility to do
more complicated matching, and more complicated processing to get the
token.
Given these two classes, the RP protocol support class would then handle
the details of marshalling/unmarshalling, formatting parameters and
inputs, and making the right calls to the PolicyFactory and resulting
Policy class.
This architecture allows for many more interop possibilities. Anyone
who can implement a policy language for _requesting_ such credentials
can plug into this.
What do you think?
~a
