6:33 a.m.
Author: sohil.shah(a)jboss.com
Date: 2009-02-12 07:33:40 -0500 (Thu, 12 Feb 2009)
New Revision: 12812
Modified:
modules/authorization/trunk/documentation/reference-guide/en/modules/concepts.xml
Log:
Concepts chapter
Modified:
modules/authorization/trunk/documentation/reference-guide/en/modules/concepts.xml
===================================================================
---
modules/authorization/trunk/documentation/reference-guide/en/modules/concepts.xml 2009-02-11
23:15:40 UTC (rev 12811)
+++
modules/authorization/trunk/documentation/reference-guide/en/modules/concepts.xml 2009-02-12
12:33:40 UTC (rev 12812)
@@ -10,42 +10,88 @@
<title>Concepts</title>
<sect1>
<title>Resource</title>
- <para>
+ <para>
+ A Data, Service, or a System component.
+ </para>
+ <para>
+ <emphasis role="bold">Examples</emphasis> : a HTTP URL, a
Servlet, a Portlet, a POJO (Plain Old Java Object), a Java Method, a Java Field, etc
</para>
</sect1>
<sect1>
<title>Action</title>
<para>
+ An operation on a resource.
</para>
+ <para>
+ <emphasis role="bold">Examples</emphasis> : CRUD (Create,
Read, Update, Delete), HTTP GET, HTTP POST, PORTLET VIEW, PORTLET ACTION, etc
+ </para>
</sect1>
<sect1>
<title>Subject</title>
- <para>
+ <para>
+ An actor.
</para>
+ <para>
+ <emphasis role="bold">Examples</emphasis> : Authenticated
User, Anonymous User, a Machine, etc
+ </para>
</sect1>
<sect1>
<title>Environment</title>
<para>
+ The set of attributes that are relevant to an authorization decision and are
independent of a particular subject, resource, or action.
</para>
+ <para>
+ <emphasis role="bold">Examples</emphasis> : Current Date
and/or Time, Application Data in a HTTP Session, the parameters passed to a Java method
call, etc
+ </para>
</sect1>
<sect1>
<title>Attribute</title>
- <para>
- </para>
+ <para>
+ A characteristic of a Resource, Action, Subject or Environment which is referenced
within a Policy Rule or a Policy Target. Attributes are runtime information
+ which are presented with an Authorization Context during Enforcement. Within
the policy definition, conditions, logic, and target matching are applied to
+ information referenced by Attributes. The concept of Attributes allows
Authorization to be flexible and allows including arbitrary runtime information during
+ the decision process.
+ </para>
+ <para>
+ <emphasis role="bold">Resource Examples</emphasis> : Unique
URI, Resource Id, File Name, etc
+ </para>
+ <para>
+ <emphasis role="bold">Action Examples</emphasis> : CRUD
(Create, Read, Update, Delete), HTTP GET, HTTP POST, etc
+ </para>
+ <para>
+ <emphasis role="bold">Subject Examples</emphasis> :
Username, Roles for this User, IP Address, Authentication Method, Authentication Time,
etc
+ </para>
+ <para>
+ <emphasis role="bold">Environment Examples</emphasis> :
Current Date and/or Time, etc
+ </para>
</sect1>
<sect1>
<title>Policy</title>
- <para>
+ <para>
+ A security policy consisting of a target and multiple rules. An Enterprise
application will have multiple policies stored in the system. Enforcement
+ requests are evaluated by applying the logic specified within these policies. A
Policy Evaluation results in a Permit or Deny State.
</para>
</sect1>
<sect1>
<title>Target</title>
<para>
+ The set of Enforcement requests identified by policy definitions of Resource,
Subject, and Action that a Policy or a Rule is intended to evalute.
+ Simply put, Target definition consists of logic that determines whether a
particular Policy or Rule should be evaluated for the incoming Enforcement request.
</para>
</sect1>
<sect1>
<title>Rule</title>
<para>
+ A Policy Component which consists of the following:
</para>
+ <para>
+ <emphasis>Target</emphasis> : To determine if the Rule should be
evaluated for the incoming Enforcement request.
+ </para>
+ <para>
+ <emphasis>Expression</emphasis> : Encapsulates the Logic that must be
evaluated resulting in a Boolean (true|false) result.
+ </para>
+ <para>
+ <emphasis>Effect</emphasis> : Decides what to do (Permit or Deny), if
this Rule evaluates to true.
+ </para>
</sect1>
</chapter>