issrg.pba
Interface Credentials

All Superinterfaces:
java.lang.Cloneable
All Known Subinterfaces:
ValidityPeriod
All Known Implementing Classes:
AbsoluteValidityPeriod, AdjustedPeriodCollection, AdjustedValidityPeriod, AnyTimeValidityPeriod, DefaultValidityPeriodBehaviour, ExpirableCredentials, IntersectionValidityPeriod, NowValidityPeriod, PermisCredentials, RelativeValidityPeriod, RoleBasedCredentials, SetOfSubsetsCredentials, SubsetCredentials

public interface Credentials
extends java.lang.Cloneable

This class implements the Credentials: the initiator's Access Decision Information (ADI) in terms of the ISO 10181-3 access control (authorisation) framework.

Note that the standard does not restrict what the initiator's ADI should be. We suggest it could be the initiator-bound data that specifies certain access privileges, like security labels, user group inclusion statements, role assignments, etc. Note that we do not limit the ADI to the stated examples.

The ADI is represented as a set of values, this allows verification against the policy ( via set comparison) that the initiator has not done more than is allowed.

The caller should know if the object is a superset of another object (ie. the object contains another credential). This is sufficient for decision-making and delegation. Since the Credentials are a set, the two other methods intersection and union help optimise the operations.

Version:
1.0
Author:
A Otenko

Method Summary
 java.lang.Object clone()
          This method creates a copy of the Credentials.
 boolean contains(Credentials subSet)
          This method tells if the Credentials contain the given subset of Credentials.
 Credentials intersection(Credentials set)
          This method returns the intersection of this set with the given set.
 Credentials union(Credentials set)
          This method returns the union of this set with the given set.
 

Method Detail

contains

boolean contains(Credentials subSet)
This method tells if the Credentials contain the given subset of Credentials.

Parameters:
subSet - is the set to test against this
Returns:
true, if this set contains the given subset, or is equal to it; returns false if the subset is not wholly contained or is not equal

intersection

Credentials intersection(Credentials set)
This method returns the intersection of this set with the given set. It is supposed the operands are replaceable: this.intersection(set) should be equal to set.intersection(this) - it may produce an internally different object, but it should behave in the same way and equals method should return true when comparing such results.

Parameters:
set - is the set to intersect with
Returns:
the intersection Credentials; the resulting set is contained within both this Credentials and the given set

union

Credentials union(Credentials set)
This method returns the union of this set with the given set. It is supposed the operands are replaceable: this.union(set) should be equal to set.union(this) - it may produce an internally different object, but it should behave in the same way and equals method should return true when comparing such results.

Parameters:
set - is the set to join with
Returns:
the union Credentials; the resulting set contains both this Credentials and the given set

clone

java.lang.Object clone()
This method creates a copy of the Credentials. It is essential for computing intermediate results.

Returns:
a copy of the credentials object