A.1 Pseudocode for retrieveApplicablePolicy()

retrieveApplicablePolicy(XACMLAccessRequest){
FOR EACH PolicyComponent Π PolicyAdministrationPoint
    evaluateTarget(XACMLAccessRequest, PolicyComponent)
    IF targetMatches
    THEN add PolicyComponent to ApplicablePolicy
}
evaluateTarget(XACMLAccessRequest, PolicyComponent){
    IF SubjectsMatch() AND
        ResourcesMatch() AND
        ActionsMatch() AND
        EnvironmentMatch()
    THEN
          targetMatches
}

SubjectsMatch(XACMLAccessRequest, PolicyComponent){//at least one
    //subject matches
    FOR EACH SubjectDescriptor Π PolicyComponent.Target.SubjectDescriptors
        IF SubjectMatches() RETURN true
    RETURN false
}
SubjectMatches(XACMLAccessRequest, PolicyComponent){//all qualifiers
    //match
    FOR EACH SubjectAttributeQualifier Π SubjectDescriptor
      IF ! SubjectAttributeQualifier.operator(SubjectAttributeQualifier.value,
XACMLAccessRequest.SubjectAttributeValue)
            RETURN false
    RETURN true
}

A.2 Pseudocode for evaluateApplicablePolicy()

 evaluateApplicablePolicy(ApplicablePolicy, XACMLAccessRequest){     FOR EACH PolicyComponent p Π ApplicablePolicy       DepthFirstSearch(p) RETURN PolicyDecisionPoint.policyCombiningAlgorithm() } depthFirstSearch(PolicyComponent p){     FOR EACH PolicyComponent or Rule x Π p       IF x is a Rule         evaluateRule(x)       ELSE         depthFirstSearch(x)         p.result = p.combiningAlgorithm() ...

Get Security Patterns in Practice: Designing Secure Architectures Using Software Patterns now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Patterns in Practice: Designing Secure Architectures Using Software Patterns by

A.1 Pseudocode for retrieveApplicablePolicy()

A.2 Pseudocode for evaluateApplicablePolicy()

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly