Re: [higgins-dev] PDPs for context providers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] PDPs for context providers

From: David Kuehr-McLaren <dkuehrmc@xxxxxxxxxx>
Date: Fri, 2 May 2008 01:18:19 -0400
Delivered-to: higgins-dev@eclipse.org

Tom, Duane,

Thanks for the answers and guidance. We will consider what the proper usage of the PDPs in our CP design.

David Kuehr-McLaren

"Tom Doman" <tdoman@xxxxxxxxxx>
Sent by: higgins-dev-bounces@xxxxxxxxxxx

04/30/2008 05:43 PM

Please respond to
"Higgins \(Trust Framework\) Project developer discussions" <higgins-dev@xxxxxxxxxxx>

To	"Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>, <higgins-dev-bounces@xxxxxxxxxxx>
cc
Subject	Re: [higgins-dev] PDPs for context providers

David, Indeed, I meant to say that as well, namely, MAY. And that is an unqualified MAY and that's where I went with my description to Raj. That is, like the PDP interfaces but want a different implementation for a different policy language? Awesome, but you'll have to write yourself. Like the PDP interfaces but want to add more decision points? Great, let's at least discuss them but, ultimately, it's open source and each CP can create, pick, and choose which PDPs to support (notice that there are PDPs I didn't support directly in the JNDI CP that ARE supported in the JScriptPolicy CP which is basically a "wrapper\mapper" CP). Or, don't like those interfaces at all? No problem, the CP implementor may choose a different way to solve those requirements. It's all good! Though, yeah, we thought those interfaces might be helpful to other CP implementors as long term solution but even if only for bootstrapping until they could implement some other preferred solution. My druthers? We work together on defining PDP interfaces for mapping\transformations and implement them in the policy languages we like the best. In work that predates Higgins, we had done some XACML PDPs but we didn't have a nice way for consumers to edit those policies and, wow, flexible? Sure. Complex? Unbelievably when you're editing the XACML manually. So, in Higgins we thought we'd start with _javascript_ because it's much easier to work with. There's a nice long answer to a short question. :) Tom >>> David Kuehr-McLaren <dkuehrmc@xxxxxxxxxx> 04/30/08 3:16 PM >>> Tom, I work with Raj (we are on different timezones, so we are tag- teaming the post). Thanks for the implementation. I assumed that the PDP interfaces in org.eclipse.higgins.util.idas.cp are not required to be implemented by an IdAS CP. The idas.util.cp PDP interfaces and jscript implementation *may* be used by a CP. Or is it that a CP *must* use the idas.util.cp PDP interfaces for attribute mapping and transformation? Thanks, David David Kuehr- McLaren IBM Tivoli 919.224.1960 "Tom Doman" <tdoman@xxxxxxxxxx> Sent by: higgins- dev- bounces@xxxxxxxxxxx 04/30/2008 11:34 AM Please respond to "Higgins \(Trust Framework\) Project developer discussions" <higgins- dev@xxxxxxxxxxx> To <higgins- dev@xxxxxxxxxxx> cc Subject Re: [higgins- dev] PDPs for context providers One more thing I should add, as Jim was saying yesterday, some of IdAS is being refactored and so that will effect this code as well (ie. Metadata is changing to regular attributes). So, you may want to wait to get into this stuff too deeply. Tom >>> "Tom Doman" <tdoman@xxxxxxxxxx> 04/30/08 9:03 AM >>> Raj, Yes, there is. I don't know how you discovered the IAttributePDPs interface but the JNDI CP code has example usages of all of the PDPs we've defined in the Higgins project so far. Note that those PDPs are implemented only with _javascript_ implementations so far. In other words, no other policy languages have yet been implemented. We'll also want to create additional PDPs in the future as well but the basic set you'd need are there as exampled in the JNDI CP as long as you're happy to define your CPs policies in _javascript_. Tom >>> Rajalakshmi S Iyer <iyer_rajalakshmi@xxxxxxxxxx> 04/30/08 4:39 AM >>> Hello, I am in the process of defining a context provider and need some guidance with respect to mapping between the provider (my context) and consumer (IdAS based context provider) IDs, types etc. I have come up with an ontology for this context provider that derives from the base Higgins ontology. As I understand, I will need to implement the IAttributePDPs interface for my context provider which will do the conversion for attribute names, types and their values between provider and the consumer. However, conversion is also required between provider and consumer entity IDs and entity types. For e.g. a 'Person' in the context provider ontology could mean an 'ePerson' in the context's schema. Is there an interface to cover this kind of entity- level policy decisions? If not, is it worthwhile coming up with one? Thanks in advance, Best regards, Rajalakshmi Iyer _______________________________________________ higgins- dev mailing list higgins- dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/higgins- dev _______________________________________________ higgins- dev mailing list higgins- dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/higgins- dev _______________________________________________ higgins- dev mailing list higgins- dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/higgins- dev _______________________________________________ higgins-dev mailing list higgins-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/higgins-dev

References:
- Re: [higgins-dev] PDPs for context providers
  - From: Tom Doman

Prev by Date: RE: Re[2]: [higgins-dev] please help in deploying rpps-axis.war
Next by Date: Re: [higgins-dev] Firefox Extension for external selectors
Previous by thread: Re: [higgins-dev] PDPs for context providers
Next by thread: [higgins-dev] bug 222143 done: action required
Index(es):
- Date
- Thread