The Policy Enforcement Process|
The GAA-API returns three status values to describe policy enforcement process:
Initially the status values are set to GAA_S_MAYBE.
The policy enforcement process is shown in Figure 1.
- authorization status Sa.
Indicates whether the request is authorized (T), not authorized (GAA_S_NO)
or uncertain (GAA_S_MAYBE).
- mid-condition enforcement status Sm.
Indicates the evaluation status of the mid-conditions (GAA_S_YES/GAA_S_NO/GAA_S_MAYBE).
- post-condition enforcement status Sp.
Indicates the evaluation status of the post-conditions (GAA_S_YES/GAA_S_NO/GAA_S_MAYBE).
The authorization mechanism evaluates the policies using
the current system state. The system state is needed to evaluate
authorizations that contain system variables as parameters. By a system
state we mean not only information describing a particular computer system
such as system load, network bandwidth consumption, number of available
processors, but also all security-relevant information about real world
which is representable in a computer system. For example, bank account
balance, temperature and user identity.
The access control phase starts with receiving a request q=(o,r,context)
to access object o, requested type of access r and contextual information
(e.g., user identity, current time).
Before a particular access right r can be performed on an object o,
the request must be submitted to an authorization mechanism.
First, the gaa_get_object_policy_info function is called to obtain the
security policy associated with the object.
If no relevant policy was found, the authorization status is set to F
and the request is rejected.
Next the gaa_check_authorization function is called to evaluate pre- and
If there are no pre-conditions, the authorization status is set to GAA_S_YES.
Otherwise, the pre-conditions are evaluated and the result is stored in the
authorization status Sa.
If the request-result conditions are present in the policy,
the conditions are evaluated and the intermediate result is stored in variable X.
The conjunction of the X and Sa is stored in the authorization status Sa.
If authorization is not granted, the request is rejected.
The execution control phase consists of starting the operation execution process and
calling the gaa_execution_control function.
If mid-conditions are found, the conditions are evaluated. Some mid-conditions are
evaluated just once, other mid-conditions are evaluated in a loop until either
the operation finishes or any of the mid-conditions fails.
In the latter case, the operation execution is suspended and the reactive actions
are started. The mid-conditions can be returned unevaluated to be enforced by application.
The result is stored in Sm.
During the post-execution action phase the gaa_post_execution_actions function is called.
The operation execution status (indicating whether the operation succeeded/failed)
is passed to the gaa_pos_execution_actions.
If no post-conditions are found, the Sp is set to GAA_S_YES, otherwise the post-conditions
are evaluated and the result is stored in Sp.