PIP and Obligation Handler Profile Adapters
[XACML Profiles]

PIPs and Obligation Handlers to adapt a XACML profile to another XACML profile. More...

Variables

const pep_pip_tauthzinterop2gridwn_adapter_pip
 AuthZ Interop Profile to Grid WN AuthZ Profile PIP adapter.
const pep_obligationhandler_tgridwn2authzinterop_adapter_oh
 Grid WN AuthZ Profile to AuthZ Interop Profile ObligationHandler adapter.

Detailed Description

PIPs and Obligation Handlers to adapt a XACML profile to another XACML profile.

See Policy Information Point (PIP), Obligation Handler (OH) and XACML Profiles

Variable Documentation

const pep_pip_t* authzinterop2gridwn_adapter_pip

AuthZ Interop Profile to Grid WN AuthZ Profile PIP adapter.

This PIP transforms the outgoing XACML request as follow:

  1. The AuthZ Interop XACML Attribute "http://authz-interop.org/xacml/subject/cert-chain" is copied into a Grid WN AuthZ XACML Subject/Attribute "urn:oasis:names:tc:xacml:1.0:subject:key-info".
  2. The AuthZ Interop XACML Attributes "http://authz-interop.org/xacml/subject/voms-fqan" and "http://authz-interop.org/xacml/subject/voms-primary-fqan" are copied into the Grid WN AuthZ XACML Subject/Attributes fqan/primary and fqan (see XACML_GRIDWN_ATTRIBUTE_FQAN_PRIMARY and XACML_GRIDWN_ATTRIBUTE_FQAN_PRIMARY).
  3. The Grid WN AuthZ XACML Attribute profile-id is add to the XACML Environment (see XACML_GRIDWN_ATTRIBUTE_PROFILE_ID and XACML_GRIDWN_PROFILE_VERSION).

The authzinterop2gridwn_adapter_pip->process function never failed and always return 0.

You must register this PIP as the last PIP for the PEP-C client. Example: 

 // add your own PIPs to the PEP-C client
 pep_addpip(your_pip_1);
 ...
 pep_addpip(your_pip_n);
 // then add the AuthZ Interop Profile to Grid WN AuthZ Profile PIP adapter as last PIP
 pep_addpip(authzinterop2gridwn_adapter_pip);

See Policy Information Point (PIP) and XACML Profiles for more information

const pep_obligationhandler_t* gridwn2authzinterop_adapter_oh

Grid WN AuthZ Profile to AuthZ Interop Profile ObligationHandler adapter.

This OH transforms the incoming XACML response as follow:

  1. The AttributeAssignments from the Grid WN AuthZ XACML Obligation local-environment-map/posix will be resolved (see XACML_GRIDWN_OBLIGATION_LOCAL_ENVIRONMENT_MAP_POSIX). The user POSIX uid, gid and secondary gids are locally resolved, based on the Grid WN AuthZ AttributeAssignments user-id (XACML_GRIDWN_ATTRIBUTE_USER_ID) and group-id/primary (XACML_GRIDWN_ATTRIBUTE_GROUP_ID_PRIMARY) and group-id (XACML_GRIDWN_ATTRIBUTE_GROUP_ID) of the Obligation.
    1. Creates the AuthZ Interop XACML Obligation "http://authz-interop.org/xacml/obligation/username" with the AttributeAssignment "http://authz-interop.org/xacml/attribute/username" (Datatype: string).
    2. Creates the AuthZ Interop XACML Obligation "http://authz-interop.org/xacml/obligation/uidgid" with the AttributeAssignments "http://authz-interop.org/xacml/attribute/posix-uid" (datatype: integer) and "http://authz-interop.org/xacml/attribute/posix-gid" (Dataype: integer).
    3. Creates the AuthZ Interop XACML Obligation "http://authz-interop.org/xacml/obligation/secondary-gids" with the AttributeAssignments "http://authz-interop.org/xacml/attribute/posix-gid" (datatype: integer)

The gridwn2authzinterop_adapter_oh->process function never failed and always return 0.

You must register this OH as the first OH for the PEP-C client. Example: 

 // add the Grid WN AuthZ Profile to AuthZ Interop Profile OH adapter as first OH
 pep_addobligationhandler(gridwn2authzinterop_adapter_oh);
 // then add your own OHs after
 pep_addobligationhandler(your_oh_1);
 ...
 pep_addobligationhandler(your_oh_n);

See Obligation Handler (OH) and XACML Profiles for more information

Generated on 29 Apr 2014 for Argus PEP client API by  doxygen 1.6.1