IDL Documentation for "SL3Authorization.TokenProcessor"

Local Interface SL3Authorization::TokenProcessor

local interface TokenProcessor

The TokenProcessor interface of this module is one part needed to use ATLAS effectively. The TokenProcessor is implemented by an object that processes CSIv2 AuthorizationToken. It gets called on by the Security Service when a CSIv2 Authorization Token is received from a client.

An application writer will create an object of the TokenProcessor interface and place it is credentials using the CSIArgBuilder.addATLASObject operation.

Operation Index

accept_token: This operation is called by the Security Service every time a new CSIv2 context is established.
requires_endorsement_by_client: This operation returns true if this processor requires such authorization information that will authorize the target to speak on behalf of the client.
supports_endorsement_by_client: This operation returns true if this processor can handle and successfully process authorization information that may authorize the target to speak on behalf of the client.

Operations

accept_token

void accept_token(in SecurityLevel3::Principal transport_principal,
                  in SecurityLevel3::StatementList transport_statements,
                  in SecurityLevel3::ResourceNameList transport_resources,
                  in SecurityLevel3::SimplePrincipal client_auth_principal,
                  in SecurityLevel3::IdentityStatement client_auth_statement,
                  in SecurityLevel3::Principal identity_assert_principal,
                  in SecurityLevel3::StatementList identity_assert_statements,
                  in CSI::AuthorizationToken auth_token,
                  out AuthorizationInfo auth_info)
    raises(InvalidEvidence,
           InvalidMechanism);

This operation is called by the Security Service every time a new CSIv2 context is established. It is up to this objects operation to verify and compose all information from the information given. The arguments are as follows:

transport_principal: This is the possibly compound principal that presents the client as he may have authenticated at the transport layer. This principal is lifted directly from the TransportSecurity.ClientCredentials.client_principal.
transport_statements: Any statements that support the transport principal. This list is lifted directly from the TransportSecurity.ClientCredentials.client_supporting_statements.
client_auth_principal: This is the simple principal that presents the client as he may have authenticated at the CSIv2 Authentication layer. If no authentication token was delivered the value of this argument will be null.
client_auth_statement: The IdentityStatement that supports the client authentication principal. If the principal is null, this statement will be null as well.
identity_assert_principal: This is the possibly compound principal that presents the client says for who he is making the request.
identity_assert_statements: Any statements that support the identity assertion principal.
auth_token: This argument is the authorization token, which contains a list of tagged encodings.
auth_info
This argument is the return value.

requires_endorsement_by_client

boolean requires_endorsement_by_client();

This operation returns true if this processor requires such authorization information that will authorize the target to speak on behalf of the client. This function aids in the Security Service's construction of the IOR.

supports_endorsement_by_client

boolean supports_endorsement_by_client();

This operation returns true if this processor can handle and successfully process authorization information that may authorize the target to speak on behalf of the client. This function aids in the Security Service's construction of the IOR.

Generated by the ORBacus IDL-to-HTML translator