The Policy Enforcement Process

The GAA-API returns three status values to describe policy enforcement process:

1. authorization status Sa.
   Indicates whether the request is authorized (T), not authorized (GAA_S_NO) or uncertain (GAA_S_MAYBE).

2. mid-condition enforcement status Sm.
   Indicates the evaluation status of the mid-conditions (GAA_S_YES/GAA_S_NO/GAA_S_MAYBE).

3. post-condition enforcement status Sp.
   Indicates the evaluation status of the post-conditions (GAA_S_YES/GAA_S_NO/GAA_S_MAYBE).

The authorization mechanism evaluates the policies using the current system state. The system state is needed to evaluate authorizations that contain system variables as parameters. By a system state we mean not only information describing a particular computer system such as system load, network bandwidth consumption, number of available processors, but also all security-relevant information about real world which is representable in a computer system. For example, bank account balance, temperature and user identity.

• The access control phase starts with receiving a request q=(o,r,context) to access object o, requested type of access r and contextual information (e.g., user identity, current time). Before a particular access right r can be performed on an object o, the request must be submitted to an authorization mechanism.

• First, the gaa_get_object_policy_info function is called to obtain the security policy associated with the object.
  If no relevant policy was found, the authorization status is set to F and the request is rejected.

  Next the gaa_check_authorization function is called to evaluate pre- and request-result conditions.
  If there are no pre-conditions, the authorization status is set to GAA_S_YES. Otherwise, the pre-conditions are evaluated and the result is stored in the authorization status Sa.

  If the request-result conditions are present in the policy, the conditions are evaluated and the intermediate result is stored in variable X. The conjunction of the X and Sa is stored in the authorization status Sa. If authorization is not granted, the request is rejected.
  

• The execution control phase consists of starting the operation execution process and calling the gaa_execution_control function.
  If mid-conditions are found, the conditions are evaluated. Some mid-conditions are evaluated just once, other mid-conditions are evaluated in a loop until either the operation finishes or any of the mid-conditions fails. In the latter case, the operation execution is suspended and the reactive actions are started. The mid-conditions can be returned unevaluated to be enforced by application. The result is stored in Sm.
  

• During the post-execution action phase the gaa_post_execution_actions function is called. The operation execution status (indicating whether the operation succeeded/failed) is passed to the gaa_pos_execution_actions.
  If no post-conditions are found, the Sp is set to GAA_S_YES, otherwise the post-conditions are evaluated and the result is stored in Sp.

GAA-API Hompage | Documentation & Papers | Software Distribution | FAQ