issrg.pba.rbac
Interface RuleComparator

All Known Implementing Classes:
DefaultRuleComparator, PMITest.TestRuleComparator

public interface RuleComparator


Method Summary
 boolean isSufficient(AssignmentRule asRAR, AssignmentRule vaRAR, java.lang.Object assertion, java.lang.Object validated)
          This function test whether the constrained assertion is good enough
 ParsedToken[] predict(java.lang.Object assertion, java.util.Vector tokens, Entry holder)
          This function will take the vector of asserted RARs of issuer, ignore unrelevant RARs for the assertion, and sort relevant RARs according to the assertion
 void setFlag(boolean manySOAs)
           
 

Method Detail

predict

ParsedToken[] predict(java.lang.Object assertion,
                      java.util.Vector tokens,
                      Entry holder)
This function will take the vector of asserted RARs of issuer, ignore unrelevant RARs for the assertion, and sort relevant RARs according to the assertion

Parameters:
assertion - is either a credentials or a RoleAssignmentRule of the holder that needs to be validated
tokens - stores all the RARs of issuer
holder - is the holder of the assertion credentials or the RoleAssignmentRule
Returns:
an array of ParsedToken that is sorted according to the assertion.

isSufficient

boolean isSufficient(AssignmentRule asRAR,
                     AssignmentRule vaRAR,
                     java.lang.Object assertion,
                     java.lang.Object validated)
This function test whether the constrained assertion is good enough

Parameters:
asRAR - is the RoleAssignmentRule of the issuer
vaRAR - is the validated RoleAssignmentRule of the issuer. Both of these RoleAssignmentRules may be null. If they are null, it means RoleAssignmentRule of the issuer is totally trusted and we do not care about it.
assertion - is either a credentials or a RoleAssignmentRule of the holder that needs to be validated
validated - is a validated credentials or validated RoleAssignmentRules of the holder
Returns:
a boolean value. If it is true then the issuer's RAR is good enough for validating the request and we do not need to use another issuer'RAR for validating the request. Otherwise, we need to use another RAR to validate the request. Currently, this function simply return true.

setFlag

void setFlag(boolean manySOAs)