APPENDIX A
Pseudocode for XACML Access Control Evaluation
A.1 Pseudocode for retrieveApplicablePolicy()
retrieveApplicablePolicy(XACMLAccessRequest){ FOR EACH PolicyComponent Π PolicyAdministrationPoint evaluateTarget(XACMLAccessRequest, PolicyComponent) IF targetMatches THEN add PolicyComponent to ApplicablePolicy } evaluateTarget(XACMLAccessRequest, PolicyComponent){ IF SubjectsMatch() AND ResourcesMatch() AND ActionsMatch() AND EnvironmentMatch() THEN targetMatches }
SubjectsMatch(XACMLAccessRequest, PolicyComponent){//at least one //subject matches FOR EACH SubjectDescriptor Π PolicyComponent.Target.SubjectDescriptors IF SubjectMatches() RETURN true RETURN false } SubjectMatches(XACMLAccessRequest, PolicyComponent){//all qualifiers //match FOR EACH SubjectAttributeQualifier Π SubjectDescriptor IF ! SubjectAttributeQualifier.operator(SubjectAttributeQualifier.value, XACMLAccessRequest.SubjectAttributeValue) RETURN false RETURN true }
A.2 Pseudocode for evaluateApplicablePolicy()
evaluateApplicablePolicy(ApplicablePolicy, XACMLAccessRequest){ FOR EACH PolicyComponent p Π ApplicablePolicy DepthFirstSearch(p) RETURN PolicyDecisionPoint.policyCombiningAlgorithm() } depthFirstSearch(PolicyComponent p){ FOR EACH PolicyComponent or Rule x Π p IF x is a Rule evaluateRule(x) ELSE depthFirstSearch(x) p.result = p.combiningAlgorithm() ...
Get Security Patterns in Practice: Designing Secure Architectures Using Software Patterns now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.