/*
* Copyright (c) 2003, KNOPFLERFISH project
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* - Neither the name of the KNOPFLERFISH project nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.knopflerfish.service.um.useradmin;
import java.util.Dictionary;
import org.osgi.service.useradmin.Authorization;
/**
* This subclass to Authorization adds authentication context to the
* authorization information. The authentication context is information about
* how the user was authenticated. When checking the set of roles that the user
* is authorized as ({@link org.osgi.service.useradmin.Authorization} getRoles
* or hasRole), evaluation of Conditions can compare the value of context
* parameters with the corresponding values in their filter expressions.
*
*/
public interface ContextualAuthorization extends Authorization {
/**
* Context parameter for authentication date, the parameter string is
* "auth_date". A value should be on the format
* yyyy-MM-dd. This format makes it possible for example to
* create a filter expression that evaluates to true when the authentication
* date is between a start and end date. For example:
* (&(auth_date>=2001-06-01)(auth_date<=2001-07-01))
*/
String CONTEXT_AUTH_DATE = "auth_date";
/**
* Context parameter for authentication time, the parameter string is
* "auth_time". A value should be on the format
* HH:mm:ss, that is 24-hour with minutes and seconds.
*/
String CONTEXT_AUTH_TIME = "auth_time";
/**
* Context parameter for authentication day of week, the parameter string is
* "auth_day". A value should be one of the days of the
* week, in the environment's current locale.
*/
String CONTEXT_AUTH_DAY = "auth_day";
/**
* Context parameter for current date, the parameter string is
* "date". A value should be on the format
* yyyy-MM-dd.
*/
String CONTEXT_DATE = "date";
/**
* Context parameter for current time, the parameter string is
* "time". A value should be on the format
* HH:mm:ss, that is 24-hour with minutes and seconds.
*/
String CONTEXT_TIME = "time";
/**
* Context parameter for current day of week, the parameter string is
* "day". A value should be one of the days of the week, in
* the environment's current locale.
*/
String CONTEXT_DAY = "day";
/**
* Context parameter for authentication level, the parameter string is
* "auth_lvl". Authentication level is a quality measurement
* of the authentication method that was used. For example, authentication
* with a PIN code should probably have a lower auth_lvl than
* authentication with a finger print. The value is an integer between 0
* (lowest) and 3 (highest). For example: (auth_lvl>=2).
*/
String CONTEXT_AUTH_LEVEL = "auth_lvl";
/**
* Context parameter for confidentiality level, the parameter string is
* "conf_lvl". Confidentiality level is a quality
* measurement of the input path when the user was authenticated. How
* difficult is it for some other party to eavesdrop? For example, a session
* using HTTPS should have a higher conf_lvl than an ordinary
* http session. The value is an integer between 0 (lowest) and 3 (highest).
*/
String CONTEXT_CONF_LEVEL = "conf_lvl";
/**
* Context parameter for integrity level, the parameter string is
* "integr_lvl". Integrity level is a quality measurement of
* the input path when the user was authenticated. Can data be trusted not
* to be falsified? For example, a connection from a terminal in the local
* home network should perhaps result in a higher integr_lvl
* than a connection from a public terminal on the internet. The value is an
* integer between 0 (lowest) and 3 (highest).
*/
String CONTEXT_INTEGR_LEVEL = "integr_lvl";
/**
* Returns the authentication context for this authorization object. The
* returned Dictionary can be modified to update the context.
*
* @return the context
*/
Dictionary getContext();
/**
* Set context parameter using IPAM. The supplied authentication method and
* input path strings are translated to a set of context parameters.
*
* @param authMethod
* authentication method
* @param inputPath
* input path
* @see org.knopflerfish.service.um.ipam.IPAMValuationService
*/
void setIPAMContext(String authMethod, String inputPath);
}