-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaccess-cycle.html
329 lines (319 loc) · 11 KB
/
access-cycle.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport"
content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<link rel="icon" href="i/common/glyph.png">
<title>Passage Access Cycle</title>
<link
href="https://fonts.googleapis.com/css2?family=Montserrat&family=Quicksand&display=swap"
rel="stylesheet">
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/main.css" rel="stylesheet" type="text/css" media="all" />
<link href="css/bl.css" rel="stylesheet" type="text/css" media="all" />
<link href="css/dev.css" rel="stylesheet" type="text/css" media="all" />
<link href="css/documentation.css" rel="stylesheet" type="text/css"
media="all" />
</head>
<body>
<div class="navigation container-fluid">
<div class="row header">
<div class="col-sm nav-ref home">
<a class="anchor" href="index.html">Home</a>
</div>
<div class="col-sm nav-ref features">
<a class="anchor" href="index.html#features">Features</a>
</div>
<div class="col-sm nav-ref products">
<a class="anchor" href="index.html#products">Products</a>
</div>
<div class="col-sm nav-ref components">
<a class="anchor" href="index.html#components">Components</a>
</div>
<div class="col-sm nav-ref examples">
<a class="anchor" href="index.html#examples">Examples</a>
</div>
<div class="col-sm nav-ref documentation">
<a class="anchor" href="index.html#docs">Documentation</a>
</div>
<div class="col-sm nav-ref support">
<a class="anchor" href="index.html#support">Support</a>
</div>
<div class="col-sm nav-ref services">
<a class="anchor" href="index.html#services">Services</a>
</div>
<div class="col-sm nav-ref contact">
<a class="anchor" href="index.html#contact">Contact</a>
</div>
<div class="col-sm nav-ref contribute">
<a class="anchor" href="index.html#contribute">Contribute</a>
</div>
</div>
</div>
<div class="titling container-fluid">
<div class="row">
<div class="col-sm-2"></div>
<div class="col-sm">
<img src="i/common/glyph.png" width="256">
</div>
<div class="col-sm">
<div class="titling-brief">
<p>
<span class="term">Access Cycle</span> is the core of Passage
runtime protection.
</p>
<p>It has plain flow-like architecture and can be altered and
extended in each point of the flow.</p>
</div>
</div>
<div class="col-sm-2"></div>
</div>
</div>
<div class="separable documentation info-section container">
<div class="row">
<div class="step-name col-sm">
<div class="section-header">Invocation</div>
</div>
</div>
<div class="row">
<div class="step-impl col-sm-4">
<p>
Product appeals to <span class="term">Access Cycle</span> when
wants to be sure a <span class="term">feature</span> is not going
to be used without proper license coverage.
</p>
</div>
<div class="step-impl col-sm-8">
<p>
On each such appeal, <span class="term">Access Cycle</span>
</p>
<ul>
<li>reads, how exactly the product wants this feature to be
protected</li>
<li>looks for available licenses,</li>
<li>evaluates, how these licenses fit the runtime and</li>
<li>finally checks, if the feature protection demand is
covered by a license.</li>
</ul>
</div>
</div>
</div>
<div class="separable documentation info-section container">
<div class="row">
<div class="step-name col-sm">
<div class="section-header">Requirements gathering: how the
product wants to be protected</div>
</div>
</div>
<div class="row">
<div class="step-impl col-sm-3">
<p>
<span class="term">Licensing requirement</span> - a formal
statement with simple meaning like <span class="sample">this
feature must not work without license</span>.
</p>
</div>
<div class="step-impl col-sm-2">
<p>
<span class="term">Requirement</span>s are supplied by the product
under licensing.
</p>
</div>
<div class="step-impl col-sm-7">
<p>
<span class="term">Access Cycle</span> <span class="emphasis">gathers</span>
<span class="term"> requirement</span>s available at the product
runtime by means of an <span class="emphasis">requirement
gathering</span> interface.
</p>
<p>
Implementations for this interface can be multiple and are provided
for <span class="term">Access Cycle</span> by its configuration.
</p>
<p>
Thus, to supply <span class="term">requirements</span> of your own
source, just implement the interface and mention it in <span
class="term">Access Cycle Configuration</span>.
</p>
</div>
</div>
</div>
<div class="separable documentation info-section container">
<div class="row">
<div class="step-name col-sm">
<div class="section-header">Grants mining: what licenses the
user has</div>
</div>
</div>
<div class="row">
<div class="step-impl col-sm-3">
<p>
<span class="term">Grant</span> - particle of a license that
states: <span class="sample">this feature can be used if
this <span class="term">condition</span> is fulfilled
</span>.
</p>
<p>
<span class="term">Condition</span> - <span class="term">grant</span>'s
restriction, formalized demand for runtime environment or user
data, like <span class="sample">hwdisk.serial='123456YU'</span> or
<span class="sample">location='Greece'</span> or <span
class="sample">root.name='SecurityTools'</span>.
</div>
<div class="step-impl col-sm-2">
<p>
<span class="term">Grant</span>s are supplied by a product license.
</p>
</div>
<div class="step-impl col-sm-7">
<p>
<span class="term">Access Cycle</span> <span class="emphasis">mines</span>
<span class="term">grant</span>s with the dedicated <span
class="emphasis">mining</span> interface.
</p>
<p>
There can be many miners registered at the product runtime; <span
class="term">Access Cycle Configuration</span> is responsible for
conveying them to <span class="term">Access Cycle</span>.
</p>
<p>
Thus, to support some new type of <span class="term">condition</span>
you should implement several connected interfaces and supply them
to <span class="term">Access Cycle</span> through its
configuration.
</p>
</div>
</div>
</div>
<div class="separable documentation info-section container">
<div class="row">
<div class="step-name col-sm">
<div class="section-header">Permission emitting: which grants
get their conditions fulfilled</div>
</div>
</div>
<div class="row">
<div class="step-impl col-sm-3">
<p>
<span class="term">Permission</span> - runtime unit with short TTL
which reads: <span class="sample">for the moment, we are
treating this <span class="term">condition</span> as fulfilled and
thus this <span class="term">grant</span> allows to use this <span
class="term">feature</span>
</span>.
</p>
</div>
<div class="step-impl col-sm-3">
<p>
<span class="term">Permission</span>s are supplied by Access Cycle:
it <span class="emphasis">evaluates</span> all the <span
class="term">grant</span>s' <span class="term">condition</span>s
against appropriate runtime environment (for instance <span
class="sample">hardware</span> or <span class="sample">user
data</span>) to detect whether it is fulfilled or not. Each <span
class="term">grant</span> with successfully evaluated <span
class="term">condition</span> begets a <span class="term">permission</span>
for the <span class="term">feature</span> to be used.
</p>
</div>
<div class="step-impl col-sm-6">
<p>
<span class="term">Access Cycle</span> <span class="emphasis">evaluates</span>
a <span class="term">condition</span> with the set of interfaces
responsible for condition text parsing to tokens, token evaluation
against runtime environment, combination of results for all tokens,
etc.
</p>
<p>
Lots of <span class="term">condition type</span>s can be supported
simultaneously.
</p>
<p>
To add your own type of <span class="term">condition</span> and
thereby empower a license to check yet unsupported runtime aspects,
you need to cover <span class="term">condition</span> evaluation
with necessary interfaces and extend <span class="term">Access
Cycle Configuration</span> correspondingly.
</p>
</div>
</div>
</div>
<div class="separable documentation info-section container">
<div class="row">
<div class="step-name col-sm">
<div class="section-header">Requirements against permissions
examining: each requirement must be covered with a permission</div>
</div>
</div>
<div class="row">
<div class="step-impl col-sm-4">
<p>Here product demands (restrictive part) meet licenses
(permissive part) to find out whether there are enough permissions
for all the demands.</p>
</div>
<div class="step-impl col-sm-8">
<p>
<span class="term">Access Cycle</span> checks if the emitted <span
class="term">permission</span>s are enough to satisfy all the
gathered <span class="term">requirement</span>s by the examination
interface.
</p>
<p>
Many implementations can be supplied at the same time; and if you
like to append more restrictive logic to the whole cycle, implement
the interface and supply it through <span class="term">Access
Cycle Configuration</span>.
</p>
<p>
According to the examination the final decision is made: where the
<span class="term">feature</span> can be used or not. <span
class="term">Examination certificate</span> is leased to convey
all the details of the solution.
</p>
<p>
For successfully examined feature a <span class="term">usage
grant</span> can be <span class="term">acquired</span>.
</p>
</div>
</div>
</div>
<div class="footer legal container-fluid">
<div class="row">
<div class="col-sm-8">
<div>© Copyright 2018 - 2021 ArSysOp</div>
</div>
<div class="col-sm">
<a href="https://projects.eclipse.org/projects/technology.passage"
target="_blank">About</a>
</div>
<div class="col-sm">
<a href="https://spdx.org/licenses/EPL-2.0.html" target="_blank">Terms
of use</a>
</div>
</div>
</div>
<div class="footer refs container-fluid">
<div class="row">
<div class="col-sm-6"></div>
<div class="col-sm">
Site is constructed with <a
href="https://github.com/twbs/bootstrap/">Bootstrap</a>.
</div>
<div class="col-sm">
<a
href="https://fonts.google.com/specimen/Quicksand?query=Quicksand"
target="_blank">Quicksand</a> and <a
href="https://fonts.google.com/specimen/Open+Sans?query=Montserrat"
target="_blank">Montserrat</a> fonts are used.
</div>
<div class="col-sm">
<a href="http://shjs.sourceforge.net/" target="_blank">SHJS</a> is
used to highlight syntaxes.
</div>
</div>
</div>
</body>
</html>