Todo: Please make me understandable by normal human beings
The diagrams show, that we require both the ADF interface for decision and notification requests and the data structure interface to access attributes.
Requests made to the ADF have to include the request type, identification for subject and object, and, for administration requests, the attribute type and value. Also, some requests supply additional information with special attribute types and values, e.g. the new owner for CHANGE_OWNER.
Notification calls to ADF for all request types, that create new objects, must contain an additional identification of the new object.
Only the interfaces to ADF and to the general data structures can be standardised by the framework. For the later, calls are needed to get and set attribute values, and to remove attributes for deleted objects. Creation of attribute objects can be handled automatically, when an attribute value is set for the first time.
Table of Contents: RSBAC Handbook
Previous: Data Structure Components (ACI)
Next: Logging Facility