issrg.pba.rbac
Interface RuleComparator
- All Known Implementing Classes:
- DefaultRuleComparator, PMITest.TestRuleComparator
public interface RuleComparator
Method Summary |
boolean |
isSufficient(AssignmentRule asRAR,
AssignmentRule vaRAR,
java.lang.Object assertion,
java.lang.Object validated)
This function test whether the constrained assertion is good enough |
ParsedToken[] |
predict(java.lang.Object assertion,
java.util.Vector tokens,
Entry holder)
This function will take the vector of asserted RARs of issuer, ignore unrelevant RARs for the assertion,
and sort relevant RARs according to the assertion |
void |
setFlag(boolean manySOAs)
|
predict
ParsedToken[] predict(java.lang.Object assertion,
java.util.Vector tokens,
Entry holder)
- This function will take the vector of asserted RARs of issuer, ignore unrelevant RARs for the assertion,
and sort relevant RARs according to the assertion
- Parameters:
assertion
- is either a credentials or a RoleAssignmentRule of the holder that needs to be validatedtokens
- stores all the RARs of issuerholder
- is the holder of the assertion credentials or the RoleAssignmentRule
- Returns:
- an array of ParsedToken that is sorted according to the assertion.
isSufficient
boolean isSufficient(AssignmentRule asRAR,
AssignmentRule vaRAR,
java.lang.Object assertion,
java.lang.Object validated)
- This function test whether the constrained assertion is good enough
- Parameters:
asRAR
- is the RoleAssignmentRule of the issuervaRAR
- is the validated RoleAssignmentRule of the issuer. Both of these RoleAssignmentRules may be null.
If they are null, it means RoleAssignmentRule of the issuer is totally trusted and we do not care about it.assertion
- is either a credentials or a RoleAssignmentRule of the holder that needs to be validatedvalidated
- is a validated credentials or validated RoleAssignmentRules of the holder
- Returns:
- a boolean value. If it is true then the issuer's RAR is good enough for validating the request and
we do not need to use another issuer'RAR for validating the request. Otherwise, we need to use another RAR
to validate the request. Currently, this function simply return true.
setFlag
void setFlag(boolean manySOAs)