We use the Backus-Naur Form to denote the elements of our policy language. Square brackets, [ ], denote optional items and curly brackets, {}, surround items that can repeat zero or more times. A vertical line, |, separates alternatives. Items inside double quotes are the terminal symbols.
An EACL is specified according to the following format:
eacl ::= {eacl_entry}
eacl_entry ::=
access_id {access_id} pos_access_rights {condition}
{pos_access_rights {condition}} |
access_id {access_id} neg_access_rights
access_id ::=
access_id_type def_authority value
access_id_type ::=
"access_id_HOST" |
"access_id_USER" |
"access_id_GROUP" |
"access_id_CA" |
"access_id_APPLICATION" |
"access_id_ANYBODY"
A capability is defined according to the following format:
capability ::=
grantor_id pos_access_rights {condition}
{pos_access_rights {condiction}}
grantor_id ::=
grantor_id_type def_authority value
grantor_id_type ::= "grantor_id_HOST" |
"grantor_id_USER" |
"grantor_id_GROUP" |
"grantor_id_CA" |
"grantor_id_APPLICATION" |
"grantor_id_ANYBODY"
pos_access_rights ::=
"pos_access_rights" def_authority value
{"pos_access_rights" def_authority value}
neg_access_rights ::=
"neg_access_rights" def_authority value
{"neg_access_rights" def_authority value}
condition ::=
condition_type def_authority value
condition_type ::= alphanumeric_string
def_authority ::= alphanumeric_string
value ::= alphanumeric_string