Commit 69536a8e authored by Patricia Kelbert's avatar Patricia Kelbert
Browse files

Release 3.2.69

parent 1a64b68e
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
<parent> <parent>
<groupId>de.fraunhofer.iese.ind2uce</groupId> <groupId>de.fraunhofer.iese.ind2uce</groupId>
<artifactId>parent</artifactId> <artifactId>parent</artifactId>
<version>3.2.65</version> <version>3.2.69</version>
</parent> </parent>
<artifactId>core</artifactId> <artifactId>core</artifactId>
...@@ -21,6 +21,7 @@ ...@@ -21,6 +21,7 @@
<dependency> <dependency>
<groupId>org.slf4j</groupId> <groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId> <artifactId>slf4j-api</artifactId>
<optional>true</optional>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.slf4j</groupId> <groupId>org.slf4j</groupId>
...@@ -44,7 +45,6 @@ ...@@ -44,7 +45,6 @@
<groupId>org.reflections</groupId> <groupId>org.reflections</groupId>
<artifactId>reflections</artifactId> <artifactId>reflections</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.hamcrest</groupId> <groupId>org.hamcrest</groupId>
<artifactId>hamcrest-all</artifactId> <artifactId>hamcrest-all</artifactId>
...@@ -56,7 +56,6 @@ ...@@ -56,7 +56,6 @@
<artifactId>junit</artifactId> <artifactId>junit</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.hibernate</groupId> <groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId> <artifactId>hibernate-entitymanager</artifactId>
...@@ -69,6 +68,7 @@ ...@@ -69,6 +68,7 @@
<dependency> <dependency>
<groupId>com.rabbitmq</groupId> <groupId>com.rabbitmq</groupId>
<artifactId>amqp-client</artifactId> <artifactId>amqp-client</artifactId>
<optional>true</optional>
</dependency> </dependency>
<dependency> <dependency>
<groupId>xerces</groupId> <groupId>xerces</groupId>
...@@ -83,9 +83,6 @@ ...@@ -83,9 +83,6 @@
<groupId>com.google.code.findbugs</groupId> <groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId> <artifactId>jsr305</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.junit.jupiter</groupId> <groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-api</artifactId> <artifactId>junit-jupiter-api</artifactId>
...@@ -98,7 +95,6 @@ ...@@ -98,7 +95,6 @@
</dependency> </dependency>
</dependencies> </dependencies>
<build> <build>
<plugins> <plugins>
<plugin> <plugin>
...@@ -111,11 +107,11 @@ ...@@ -111,11 +107,11 @@
<plugin> <plugin>
<groupId>org.asciidoctor</groupId> <groupId>org.asciidoctor</groupId>
<artifactId>asciidoctor-maven-plugin</artifactId> <artifactId>asciidoctor-maven-plugin</artifactId>
<configuration> <configuration>
<attributes> <attributes>
<project-version>${project.version}</project-version> <project-version>${project.version}</project-version>
</attributes> </attributes>
</configuration> </configuration>
<executions> <executions>
<execution> <execution>
<id>generate-docs</id> <id>generate-docs</id>
...@@ -176,32 +172,26 @@ ...@@ -176,32 +172,26 @@
</plugins> </plugins>
</build> </build>
<distributionManagement> <distributionManagement>
<repository> <repository>
<id>deployment</id> <id>deployment</id>
<name>Internal Releases</name> <name>Internal Releases</name>
<url>http://ind2uce-nexus.iese.de/nexus/content/repositories/releases/</url> <url>http://ind2uce-nexus.iese.de/nexus/content/repositories/releases/</url>
</repository> </repository>
<snapshotRepository> <snapshotRepository>
<id>deployment</id> <id>deployment</id>
<name>Internal Snapshots</name> <name>Internal Snapshots</name>
<url>http://ind2uce-nexus.iese.de/nexus/content/repositories/snapshots/</url> <url>http://ind2uce-nexus.iese.de/nexus/content/repositories/snapshots/</url>
</snapshotRepository> </snapshotRepository>
</distributionManagement> </distributionManagement>
<scm> <scm>
<url>https://git.iese.fraunhofer.de/ind2uce/core</url>
<connection>scm:git:http://ind2uce-git.iese.de/ind2uce/dev/ind2uce.git</connection> <connection>scm:git:http://ind2uce-git.iese.de/ind2uce/dev/ind2uce.git</connection>
<developerConnection>scm:git:http://ind2uce-git.iese.de/ind2uce/dev/ind2uce.git</developerConnection> <developerConnection>scm:git:http://ind2uce-git.iese.de/ind2uce/dev/ind2uce.git</developerConnection>
<tag>3.2.65</tag> <tag>3.2.66-SNAPSHOT</tag>
</scm> </scm>
<licenses> <licenses>
<license> <license>
<name>The Apache License, Version 2.0</name> <name>The Apache License, Version 2.0</name>
...@@ -216,17 +206,5 @@ ...@@ -216,17 +206,5 @@
<organization>Fraunhofer IESE</organization> <organization>Fraunhofer IESE</organization>
<organizationUrl>https://www.iese.fraunhofer.de/</organizationUrl> <organizationUrl>https://www.iese.fraunhofer.de/</organizationUrl>
</developer> </developer>
<developer>
<name>Andreas Eitel</name>
<email>andreas.eitel@iese.fraunhofer.de</email>
<organization>Fraunhofer IESE</organization>
<organizationUrl>https://www.iese.fraunhofer.de/</organizationUrl>
</developer>
<developer>
<name>Raj Shah</name>
<email>raj.shah@iese.fraunhofer.de</email>
<organization>Fraunhofer IESE</organization>
<organizationUrl>https://www.iese.fraunhofer.de/</organizationUrl>
</developer>
</developers> </developers>
</project> </project>
\ No newline at end of file
<div id="footer-text"> <div id="footer-text">
<a href="https://ind2uce.de/imprint.html" style="color:rgba(255,255,255,.8)">Imprint</a> <a href="https://www.mydata-control.de/imprint.html" style="color:rgba(255,255,255,.8)">Imprint</a>
<br/> <br/>
<a href="https://www.iese.fraunhofer.de/en/data_protection.html" style="color:rgba(255,255,255,.8)">Privacy Policy</a> <a href="https://www.iese.fraunhofer.de/en/data_protection.html" style="color:rgba(255,255,255,.8)">Privacy Policy</a>
</div> </div>
\ No newline at end of file
= IND^2^UCE Policy Language Documentation = MYDATA Policy Language Documentation
Fraunhofer IESE Fraunhofer IESE
:revnumber: {project-version} :revnumber: {project-version}
:doctype: book :doctype: book
...@@ -24,12 +24,12 @@ Fraunhofer IESE ...@@ -24,12 +24,12 @@ Fraunhofer IESE
++++ ++++
* Policy: <<policy,<policy>>>, <<mechanism,<mechanism>>>, <<working-with-variables,<variableDeclaration>>> * Policy: <<policy,<policy>>>, <<mechanism,<mechanism>>>, <<working-with-variables,<variableDeclaration>>>
* Conditions: <<if_elseif,<if>>>, <<if_elseif,<elseif>>> * Conditions: <<if_elseif,<if>>>, <<if_elseif,<elseif>>>
* Decisions: <<then_else,<then>>>, <<then_else,<else>>>, <<allow,<allow>>>, <<inhibit,<allow>>>, <<modify,<modify>>>, <<execute,<execute>>> * Decisions: <<then_else,<then>>>, <<then_else,<else>>>, <<then_else,<allow>>>, <<then_else,<allow>>>, <<modify,<modify>>>, <<execute,<execute>>>
* Variables: <<working-with-variables,<variable:boolean>>>, <<working-with-variables,<variable:number>>>, <<working-with-variables,<variable:string>>>, <<working-with-variables,<variable:object>>>, <<working-with-variables,<variable:list>>> * Variables: <<working-with-variables,<variable:boolean>>>, <<working-with-variables,<variable:number>>>, <<working-with-variables,<variable:string>>>, <<working-with-variables,<variable:object>>>, <<working-with-variables,<variable:list>>>
* Parameters: <<parameter-group,<parameter:boolean>>>, <<parameter-group,<parameter:number>>>, <<parameter-group,<parameter:string>>>, <<parameter-group,<parameter:object>>>, <<parameter-group,<parameter:list>>> * Parameters: <<parameter-group,<parameter:boolean>>>, <<parameter-group,<parameter:number>>>, <<parameter-group,<parameter:string>>>, <<parameter-group,<parameter:object>>>, <<parameter-group,<parameter:list>>>
* Event References: <<event-group,<event:boolean>>>, <<event-group,<event:number>>>, <<event-group,<event:string>>>, <<event-group,<event:object>>>, <<pevent-group,<event:list>>>, <<eventHasParameter, <eventHasParameter>>> * Event References: <<event-group,<event:boolean>>>, <<event-group,<event:number>>>, <<event-group,<event:string>>>, <<event-group,<event:object>>>, <<event-group,<event:list>>>, <<eventHasParameter, <eventHasParameter>>>
* Constants: <<constant-group,<constant:boolean>>>, <<constant-group,<constant:number>>>, <<constant-group,<constant:string>>>, <<constant-group,<constant:object>>>, <<constant-group,<constant:list>>> * Constants: <<constant-group,<constant:boolean>>>, <<constant-group,<constant:number>>>, <<constant-group,<constant:string>>>, <<constant-group,<constant:object>>>, <<constant-group,<constant:list>>>
* PIPs: <<constant-group,<pip:boolean>>>, <<constant-group,<pip:number>>>, <<constant-group,<pip:string>>>, <<constant-group,<pip:object>>>, <<constant-group,<pip:list>>> * PIPs: <<pip-group,<pip:boolean>>>, <<pip-group,<pip:number>>>, <<pip-group,<pip:string>>>, <<pip-group,<pip:object>>>, <<pip-group,<pip:list>>>
* Arithmetic Functions: <<arithmetic-functions,<plus>>>, <<arithmetic-functions,<minus>>>, <<arithmetic-functions,<multiply>>>, <<arithmetic-functions,<divide>>>, <<arithmetic-functions,<size>>> * Arithmetic Functions: <<arithmetic-functions,<plus>>>, <<arithmetic-functions,<minus>>>, <<arithmetic-functions,<multiply>>>, <<arithmetic-functions,<divide>>>, <<arithmetic-functions,<size>>>
* Boolean Functions: <<basic-boolean-functions,<and>>>, <<basic-boolean-functions,<or>>>, <<basic-boolean-functions,<xor>>>, <<basic-boolean-functions,<not>>>, <<basic-boolean-functions,<implies>>>, <<contains, <contains>>>, <<regex,<regex>>> * Boolean Functions: <<basic-boolean-functions,<and>>>, <<basic-boolean-functions,<or>>>, <<basic-boolean-functions,<xor>>>, <<basic-boolean-functions,<not>>>, <<basic-boolean-functions,<implies>>>, <<contains, <contains>>>, <<regex,<regex>>>
* Comparison Functions: <<comparison-functions,<less>>>, <<comparison-functions,<lessEqual>>>, <<comparison-functions,<equals>>>, <<comparison-functions,<greaterEqual>>>, <<comparison-functions,<greater>>> * Comparison Functions: <<comparison-functions,<less>>>, <<comparison-functions,<lessEqual>>>, <<comparison-functions,<equals>>>, <<comparison-functions,<greaterEqual>>>, <<comparison-functions,<greater>>>
...@@ -48,8 +48,8 @@ $('#short-links').toggle() ...@@ -48,8 +48,8 @@ $('#short-links').toggle()
[[introduction]] [[introduction]]
== Introduction == Introduction
This documentation is about the specification of *privacy policies with the IND^2^UCE policy language* regulating security-relevant system events. This documentation is about the specification of *privacy policies with the MYDATA policy language* regulating security-relevant system events.
The IND^2^UCE policy language is designed to express restrictions on data usage. The MYDATA policy language is designed to express restrictions on data usage.
It is an XML-based language, based on *boolean logic, arithmetics, temporal information based on an event history*. It is an XML-based language, based on *boolean logic, arithmetics, temporal information based on an event history*.
Furthermore, it allows for evaluations based on push (event-triggered) or pull (timer-triggered). Furthermore, it allows for evaluations based on push (event-triggered) or pull (timer-triggered).
Connection to external systems for information retrieval is fully supported. Connection to external systems for information retrieval is fully supported.
...@@ -58,11 +58,11 @@ Enforcement decisions can be specified by means of *event inhibition, data modif ...@@ -58,11 +58,11 @@ Enforcement decisions can be specified by means of *event inhibition, data modif
[[eca]] [[eca]]
== The Event-Condition-Action Schema == The Event-Condition-Action Schema
IND^2^UCE defines policies based security-relevant link:../api-core/de/fraunhofer/iese/ind2uce/api/policy/Event.html[*events*] that are occurring at a certain time in a system and are intercepted by *"Policy Enforcement Point" (PEP)*. MYDATA defines policies based security-relevant link:../api-core/de/fraunhofer/iese/ind2uce/api/policy/Event.html[*events*] that are occurring at a certain time in a system and are intercepted by *"Policy Enforcement Point" (PEP)*.
These events are sent to a *"Policy Decision Point" (PDP)*, which evaluates the policies and returns an link:../api-core/de/fraunhofer/iese/ind2uce/api/policy/AuthorizationDecision.html[*Authorization Decision*] based on the policies. These events are sent to a *"Policy Decision Point" (PDP)*, which evaluates the policies and returns an link:../api-core/de/fraunhofer/iese/ind2uce/api/policy/AuthorizationDecision.html[*Authorization Decision*] based on the policies.
This decision is then enforced by the PEP. This decision is then enforced by the PEP.
.Basic IND^2^UCE flow .Basic MYDATA flow
image::PEP.png[cwidth="75%"] image::PEP.png[cwidth="75%"]
Depending on the system and PEP type, events can highly differ. Depending on the system and PEP type, events can highly differ.
...@@ -87,15 +87,15 @@ Parameters: ...@@ -87,15 +87,15 @@ Parameters:
IND^2^UCE policies are based on the *Event-Condition-Action* (ECA). MYDATA policies are based on the *Event-Condition-Action* (ECA).
If a system *event E* (see above) is fetched and a *condition C* is satisfied, then *action A* (authorization decision) is performed. If a system *event E* (see above) is fetched and a *condition C* is satisfied, then *action A* (authorization decision) is performed.
IND^2^UCE follows a blacklisting approach. MYDATA follows a blacklisting approach.
Events that are not covered by policies are allowed by default. Events that are not covered by policies are allowed by default.
The following policy shows a simple example. The following policy shows a simple example.
It translates to: "*Inhibit* the event *urn:action:banking-demo:get-transactions* if it is *after 3pm* (i.e., if the external information source getCurrentHour returns a value below or equal to 15)" It translates to: "*Inhibit* the event *urn:action:banking-demo:get-transactions* if it is *after 3pm* (i.e., if the external information source getCurrentHour returns a value below or equal to 15)"
.Example IND^2^UCE security policy .Example MYDATA security policy
[source,xml] [source,xml]
---- ----
<policy id='urn:policy:banking-demo:getTransactions'> <policy id='urn:policy:banking-demo:getTransactions'>
...@@ -117,13 +117,13 @@ It translates to: "*Inhibit* the event *urn:action:banking-demo:get-transactions ...@@ -117,13 +117,13 @@ It translates to: "*Inhibit* the event *urn:action:banking-demo:get-transactions
== Policy Structure == Policy Structure
A *<<policy,policy>>* consists of one or more *<<mechanism,mechanisms>>* that are based on the *Event-Condition-Action* (ECA) schema. A *<<policy,policy>>* consists of one or more *<<mechanism,mechanisms>>* that are based on the *Event-Condition-Action* (ECA) schema.
IND^2^UCE follows a blacklisting approach. MYDATA follows a blacklisting approach.
Events that are not covered by policies are allowed by default. Events that are not covered by policies are allowed by default.
[[policy]] [[policy]]
=== Policy === Policy
The *<policy>* tag is the root element of an IND^2^UCE security policy. It has the following attributes: The *<policy>* tag is the root element of an MYDATA security policy. It has the following attributes:
.Policy attributes .Policy attributes
[width="100%",cols="2,2,2,10",options="header"] [width="100%",cols="2,2,2,10",options="header"]
...@@ -134,7 +134,7 @@ The *<policy>* tag is the root element of an IND^2^UCE security policy. It has t ...@@ -134,7 +134,7 @@ The *<policy>* tag is the root element of an IND^2^UCE security policy. It has t
|description |String |optional |A more detailed natural language description of the security policy. |description |String |optional |A more detailed natural language description of the security policy.
|====================================================================================================================================== |======================================================================================================================================
The *<policy>* tag must have at least one *<<mechanism,mechanism>>* child and can optionally contain *<<variableDeclaration-group,variableDeclarations>>*. The *<policy>* tag must have at least one *<<mechanism,mechanism>>* child and can optionally contain *<<working-with-variables,variableDeclarations>>*.
[[mechanism]] [[mechanism]]
=== Mechanisms === Mechanisms
...@@ -168,9 +168,9 @@ Thus, a *<mechanism>* tag can have the following children: ...@@ -168,9 +168,9 @@ Thus, a *<mechanism>* tag can have the following children:
.Policy Specification Rules .Policy Specification Rules
[CAUTION] [CAUTION]
=============================== ===============================
* The child element <<if,<if>>> is mandatory and only allowed to be used once within a <<mechanism,<mechanism>>>. * The child element <<if_elseif,<if>>> is mandatory and only allowed to be used once within a <<mechanism,<mechanism>>>.
* The child element <<else,<else>>> is optional but only allowed to be used once within a <<mechanism,<mechanism>>> also. * The child element <<then_else,<else>>> is optional but only allowed to be used once within a <<mechanism,<mechanism>>> also.
* The child elements <<elseif,<elseif>>> and <<execute,<execute>>> may be used multiple times. * The child elements <<if_elseif,<elseif>>> and <<execute,<execute>>> may be used multiple times.
=============================== ===============================
.Policy Evaluation Rules .Policy Evaluation Rules
...@@ -217,7 +217,7 @@ The *<if>* and the *<elseif>* elements declare the condition that is evaluated e ...@@ -217,7 +217,7 @@ The *<if>* and the *<elseif>* elements declare the condition that is evaluated e
A condition must have the following child elements: A condition must have the following child elements:
* A <<boolean-functions,boolean-function>> that defines the condition * A <<boolean-functions,boolean-function>> that defines the condition
* A <<decision, <then>>> that defines an authorization decision that the mechanism enforces if the condition matches * A <<then_else, <then>>> that defines an authorization decision that the mechanism enforces if the condition matches
.Policy Specification Rules .Policy Specification Rules
...@@ -285,16 +285,16 @@ A condition must have the following child elements: ...@@ -285,16 +285,16 @@ A condition must have the following child elements:
Decisions are defined inside a *<then>* element inside a <<if_elseif,condition>> (<if> or <elseif>), or in an *<else>* element, which is used if no condition is fulfilled. Decisions are defined inside a *<then>* element inside a <<if_elseif,condition>> (<if> or <elseif>), or in an *<else>* element, which is used if no condition is fulfilled.
These two elements can have the following child elements: These two elements can have the following child elements:
* <<allow,<allow>>>: The event will be allowed * <<then_else,<allow>>>: The event will be allowed
* <<modify,<modify>>>: The event is allowed, but modified before further execution * <<modify,<modify>>>: The event is allowed, but modified before further execution
* <<inhibit,<inhibit>>>: The event will be inhibited * <<then_else,<inhibit>>>: The event will be inhibited
* <<execute,<execute>>>: Additional actions are executed, independent of the event allowance * <<execute,<execute>>>: Additional actions are executed, independent of the event allowance
.Policy Specification Rules .Policy Specification Rules
[CAUTION] [CAUTION]
=============================== ===============================
* The <then> and the <else> elements must have at either * The <then> and the <else> elements must have at either
** exactly one <<allow,binary decision>> (<allow>, <inhibit>), or ** exactly one <<then_else,binary decision>> (<allow>, <inhibit>), or
** at least one <<modify, event modification>> (<modify>), and ** at least one <<modify, event modification>> (<modify>), and
** multiple <<execute,executes>>, which are executed in the specified order. ** multiple <<execute,executes>>, which are executed in the specified order.
=============================== ===============================
...@@ -369,7 +369,7 @@ A reason can be added to both elements: ...@@ -369,7 +369,7 @@ A reason can be added to both elements:
[[modify]] [[modify]]
==== Complex Decisions with Event Modifications ==== Complex Decisions with Event Modifications
In addition to basic access control mechanisms, IND^2^UCE allows the modification of the intercepted event. In addition to basic access control mechanisms, MYDATA allows the modification of the intercepted event.
The *<modify>* element is used to specify event modifications that the PEP must enforce before releasing the intercepted event. The *<modify>* element is used to specify event modifications that the PEP must enforce before releasing the intercepted event.
It has the following attributes: It has the following attributes:
...@@ -385,7 +385,7 @@ It has the following attributes: ...@@ -385,7 +385,7 @@ It has the following attributes:
Some modification methods ("modifiers") require additional parameters. Some modification methods ("modifiers") require additional parameters.
For example, the "replace" modifier gives you the option to replace a certain string (either the event parameter or part of a complex object) with another String. For example, the "replace" modifier gives you the option to replace a certain string (either the event parameter or part of a complex object) with another String.
This String has to be provided as a <<parameter, parameter>>, as the following example shows. This String has to be provided as a <<parameter-group, parameter>>, as the following example shows.
Our editor will automatically add stubs for all required parameters. Our editor will automatically add stubs for all required parameters.
.Example: Replace the bank code number before showing it .Example: Replace the bank code number before showing it
...@@ -410,7 +410,7 @@ Our editor will automatically add stubs for all required parameters. ...@@ -410,7 +410,7 @@ Our editor will automatically add stubs for all required parameters.
=============================== ===============================
JSONPath is an instrument to query JSON structures, similar to XPath for XML. JSONPath is an instrument to query JSON structures, similar to XPath for XML.
JSONPath uses special notation to represent nodes and their connections to adjacent nodes in a JsonPath path. JSONPath uses special notation to represent nodes and their connections to adjacent nodes in a JsonPath path.
Plese refer to http://goessner.net/articles/JsonPath/ for a full documentation on JsonPath. Plese refer to https://github.com/json-path/JsonPath for a full documentation on JsonPath.
=============================== ===============================
.Policy Evaluation Rules .Policy Evaluation Rules
...@@ -432,7 +432,7 @@ See chapter <<working-with-variables, Working with Variables>>. ...@@ -432,7 +432,7 @@ See chapter <<working-with-variables, Working with Variables>>.
[[data-types]] [[data-types]]
== Data Types == Data Types
IND^2^CE works with five data types: *String, Number, Boolean, Object and List*. MYDATA works with five data types: *String, Number, Boolean, Object and List*.
All operators can be combined only depending on their type. All operators can be combined only depending on their type.
For example, if you have a boolean <and> operator, any kind of boolean children can be attached (e.g., <variable:boolean>, <constant:boolean>, <event:boolen>, <not>, <execute>). For example, if you have a boolean <and> operator, any kind of boolean children can be attached (e.g., <variable:boolean>, <constant:boolean>, <event:boolen>, <not>, <execute>).
...@@ -441,7 +441,7 @@ For example, if you have a boolean <and> operator, any kind of boolean children ...@@ -441,7 +441,7 @@ For example, if you have a boolean <and> operator, any kind of boolean children
=== Basic Operators === Basic Operators
For each of the five <<data-types, data types>>, IND^2^UCE provides five basic operators: *Constants, Variables, Event References, Parameters, and PIPs*. For each of the five <<data-types, data types>>, MYDATA provides five basic operators: *Constants, Variables, Event References, Parameters, and PIPs*.
These operators will be explained in the following. These operators will be explained in the following.
[[constant-group]] [[constant-group]]
...@@ -513,7 +513,7 @@ The elements have the following attributes: ...@@ -513,7 +513,7 @@ The elements have the following attributes:
|Attribute |Type |Required |Meaning |Attribute |Type |Required |Meaning
|eventParameter |String |required |The name of an event parameter. |eventParameter |String |required |The name of an event parameter.
|default |same as the event parameter type (string, number, boolean) |required |The value that is returned if the parameter does not exist in the event. |default |same as the event parameter type (string, number, boolean) |required |The value that is returned if the parameter does not exist in the event.
|jsonPathQuery |String |optional |The JSONPath expression to be executed on the parameter value, if the value is a complex object. Please refer to http://goessner.net/articles/JsonPath/ for more information about JsonPath. |jsonPathQuery |String |optional |The JSONPath expression to be executed on the parameter value, if the value is a complex object. Please refer to https://github.com/json-path/JsonPath for more information about JsonPath.
|====================================================================================================================================== |======================================================================================================================================
Remember our example event: Remember our example event:
...@@ -693,7 +693,7 @@ Number operators are all operators that have a number as return value. ...@@ -693,7 +693,7 @@ Number operators are all operators that have a number as return value.
[[basic-number-operators]] [[basic-number-operators]]
==== Basic Number Operators ==== Basic Number Operators
The basic number operators are <<variable-group,<variable:number>>>, <<constant-group,<constant:number>>>, <<parameter-group,<parameter:number>>>, <<event-group,<event:number>>>, and <<pip-group,<pip:number>>>. The basic number operators are <<working-with-variables,<variable:number>>>, <<constant-group,<constant:number>>>, <<parameter-group,<parameter:number>>>, <<event-group,<event:number>>>, and <<pip-group,<pip:number>>>.
[[arithmetic-functions]] [[arithmetic-functions]]
==== Arithmetic functions ==== Arithmetic functions
...@@ -746,7 +746,7 @@ Further boolean functions are: ...@@ -746,7 +746,7 @@ Further boolean functions are:
[[basic-boolean-operators]] [[basic-boolean-operators]]
==== Basic Boolean Operators ==== Basic Boolean Operators
The basic number operators are <<variable-group,<variable:boolean>>>, <<constant-group,<constant:boolean>>>, <<parameter-group,<parameter:boolean>>>, <<event-group,<event:boolean>>>, and <<pip-group,<pip:boolean>>>. The basic number operators are <<working-with-variables,<variable:boolean>>>, <<constant-group,<constant:boolean>>>, <<parameter-group,<parameter:boolean>>>, <<event-group,<event:boolean>>>, and <<pip-group,<pip:boolean>>>.
[[basic-boolean-functions]] [[basic-boolean-functions]]
==== Basic Boolean Functions ==== Basic Boolean Functions
...@@ -798,7 +798,7 @@ Child elements can be all elements with boolean return value (e.g. <constant:tru ...@@ -798,7 +798,7 @@ Child elements can be all elements with boolean return value (e.g. <constant:tru
==== Comparison Functions ==== Comparison Functions
The functions *<less>, <lessEqual>, <greater>* and *<greaterEqual>* are used to compare different numbers. The functions *<less>, <lessEqual>, <greater>* and *<greaterEqual>* are used to compare different numbers.
For instance if you want to compare the number of usages with a constant number ("must not be used more than 3 times"). For instance if you want to compare the number of usages with a constant number ("must not be used more than 3 times").
These functions don't have attributes and child elements can be elements with a number return value (like <<pip:number, <pip:number>>>) These functions don't have attributes and child elements can be elements with a number return value (like <<pip-group, <pip:number>>>)
and the <<number-functions, number-functions>>. and the <<number-functions, number-functions>>.
The function *<equals>* is different, because besides numbers other values can be compared with each other. For example, it is possible to compare strings like a constant string and a user name. The function *<equals>* is different, because besides numbers other values can be compared with each other. For example, it is possible to compare strings like a constant string and a user name.
...@@ -1128,7 +1128,7 @@ Because <eventHasParameter> refers to a name of an event parameter, it can only ...@@ -1128,7 +1128,7 @@ Because <eventHasParameter> refers to a name of an event parameter, it can only
[[basic-string-operators]] [[basic-string-operators]]
==== Basic String Operators ==== Basic String Operators
The basic string operators are <<variable-group,<variable:string>>>, <<constant-group,<constant:string>>>, <<parameter-group,<parameter:string>>>, <<event-group,<event:string>>>, and <<pip-group,<pip:string>>>. The basic string operators are <<working-with-variables,<variable:string>>>, <<constant-group,<constant:string>>>, <<parameter-group,<parameter:string>>>, <<event-group,<event:string>>>, and <<pip-group,<pip:string>>>.
[[concat]] [[concat]]
...@@ -1183,7 +1183,7 @@ To work with complex objects, you can use link:http://goessner.net/articles/Json ...@@ -1183,7 +1183,7 @@ To work with complex objects, you can use link:http://goessner.net/articles/Json
To simplify the handling of these objects, our policy editor supports auto completion to navigate the Json structure. To simplify the handling of these objects, our policy editor supports auto completion to navigate the Json structure.
Direct comparison can be done using <equals>. Direct comparison can be done using <equals>.
The object operators are <<variable-group,<variable:object>>>, <<constant-group,<constant:object>>>, <<parameter-group,<parameter:object>>>, <<event-group,<event:object>>>, and <<pip-group,<pip:object>>>. The object operators are <<working-with-variables,<variable:object>>>, <<constant-group,<constant:object>>>, <<parameter-group,<parameter:object>>>, <<event-group,<event:object>>>, and <<pip-group,<pip:object>>>.
[[list-functions]] [[list-functions]]
=== List Operators === List Operators
...@@ -1194,7 +1194,7 @@ Furthermore, you can use the <<contains, <contains>>> function to check if a lis ...@@ -1194,7 +1194,7 @@ Furthermore, you can use the <<contains, <contains>>> function to check if a lis
The list operators are <<variable-group,<variable:list>>>, <<constant-group,<constant:list>>>, <<parameter-group,<parameter:list>>>, <<event-group,<event:list>>>, and <<pip-group,<pip:list>>>. The list operators are <<working-with-variables,<variable:list>>>, <<constant-group,<constant:list>>>, <<parameter-group,<parameter:list>>>, <<event-group,<event:list>>>, and <<pip-group,<pip:list>>>.
[[working-with-variables]] [[working-with-variables]]
...@@ -1250,7 +1250,7 @@ This is especially important if you are using <<pip-group,PIPs>> or <<execute,PX ...@@ -1250,7 +1250,7 @@ This is especially important if you are using <<pip-group,PIPs>> or <<execute,PX
This means for example: If a policy contains 5 mechanisms referencing a variable based on a PIP, this PIP is only queried once and the result is used by all mechanisms. This means for example: If a policy contains 5 mechanisms referencing a variable based on a PIP, this PIP is only queried once and the result is used by all mechanisms.
=============================== ===============================
To reference a variable value inside a <<if_else, condition>> or <<parameter-group, parameter>>, the following variables can be used: To reference a variable value inside a <<if_elseif, condition>> or <<parameter-group, parameter>>, the following variables can be used:
* <variable:string> * <variable:string>
* <variable:number> * <variable:number>
...@@ -1264,7 +1264,7 @@ Every element has the reference attribute: ...@@ -1264,7 +1264,7 @@ Every element has the reference attribute:
[width="100%",cols="2,2,2,10",options="header"] [width="100%",cols="2,2,2,10",options="header"]
|====================================================================================================================================== |======================================================================================================================================
|Attribute |Type |Required |Meaning |Attribute |Type |Required |Meaning
|reference |String |required |The reference name to a <<variableDeclaration-group,variableDeclaration>>. |reference |String |required |The reference name to a <<working-with-variables,variableDeclaration>>.
|====================================================================================================================================== |======================================================================================================================================
.Example: Variable used to reference a PIP value .Example: Variable used to reference a PIP value
...@@ -1418,7 +1418,7 @@ The following valueChanged elements are available: ...@@ -1418,7 +1418,7 @@ The following valueChanged elements are available:
|id |String (UUID) |required | Defines a UUID for the valueChanged block within the current policy. Automatically generated by our editor. |id |String (UUID) |required | Defines a UUID for the valueChanged block within the current policy. Automatically generated by our editor.
|====================================================================================================================================== |======================================================================================================================================
Child elements can be all elements with matching return value (e.g. <constant:true>, <event:boolean> for valueChanged:boolean, <constant:string>, <event:string> for valueChanged:string) or elements of the <<boolean-functions>,boolean-functions>>, <<string-functions>,string-functions>>, <<number-functions,number-functions>>. Child elements can be all elements with matching return value (e.g. <constant:true>, <event:boolean> for valueChanged:boolean, <constant:string>, <event:string> for valueChanged:string) or elements of the <<boolean-functions,<boolean-functions>>, <<string-functions,<string-functions>>, <<number-functions,number-functions>>.
.Policy Specification Rules .Policy Specification Rules
[CAUTION] [CAUTION]
......
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
<parameter:string name="ID" value="180080e" /> <parameter:string name="ID" value="180080e" />
<parameter:string name="data" value="30" /> <parameter:string name="data" value="30" />
</eventOccurrence> </eventOccurrence>
<when fixedTime=''> <when >
<start time="*.*.* *:*:-7" /> <start time="*.*.* *:*:-7" />
</when> </when>
</count> </count>
...@@ -85,7 +85,7 @@ ...@@ -85,7 +85,7 @@
<parameter:string name="ID" value="180080e" /> <parameter:string name="ID" value="180080e" />
<parameter:string name="data" value="30" /> <parameter:string name="data" value="30" />
</eventOccurrence> </eventOccurrence>
<when fixedTime=''> <when >
<start time="*.*.* *:-8:*" /> <start time="*.*.* *:-8:*" />
<end time="*.*.* *:-8:*" /> <end time="*.*.* *:-8:*" />
</when> </when>
......
...@@ -405,7 +405,7 @@ ...@@ -405,7 +405,7 @@
<simpleType name="FixedTime"> <simpleType name="FixedTime">
<restriction base="string"> <restriction base="string">
<enumeration value=""></enumeration> <enumeration value="always" />
<enumeration value="thisMinute" /> <enumeration value="thisMinute" />
<enumeration value="lastMinute" /> <enumeration value="lastMinute" />
<enumeration value="thisHour" /> <enumeration value="thisHour" />
...@@ -420,7 +420,7 @@ ...@@ -420,7 +420,7 @@
<enumeration value="lastMonth" /> <enumeration value="lastMonth" />
<enumeration value="thisYear" /> <enumeration value="thisYear" />
<enumeration value="lastYear" /> <enumeration value="lastYear" />
<enumeration value="always" />
</restriction> </restriction>
</simpleType> </simpleType>