($and/ <== DO NOT REMOVE - switch for preventing MathML interpretation of dollar signs on this page)

About

This proposal is to define declarative policy expressions in XDI so they can be used wherever policies need to be applied, e.g., in XDI link contract evaluation or XDI message evaluation.

Change Log

Motivations/Requirements

Use of Policy Expressions

In order to evaluate policy expressions, two elements are needed to set the evaluation context:

  1. The XDI graph that is the target of an XDI message (called the object graph).

  2. An XDI message that is meant to be be executed against the object graph (called the input message).

An XDI link contract policy is part of the object graph. It provides a way for an XDI endpoint to determine if the input message is authorized.

An XDI message policy is part of the input message. It provides a way for an XDI client to request execution of the input message only if certain conditions are met.

In both cases, the policy is evaluated by the XDI endpoint that hosts the target graph and receives the input message.

Policy Expression Pattern Rules

A policy MUST consist of one or more XDI statements in the following pattern: A link contract MUST consist of a set XDI statements in one of the two following patterns:

Policy Singleton Pattern

<--policy-context-->$do$if<--boolean-context-->/<--operator-->/<--condition-->

Policy Collection Pattern

<--policy-context-->[$do]<--instance-id-->$if<--boolean-context-->/<--operator-->/<--condition-->

Where:

Policy Expression Dictionary Rules

The following reserved words are proposed for policy expression.

$if

<--boolean-context-->

$and

$or

$not

<--operator-->

$true

$false

<--operation-->

<--condition-->

{$from} Variable

{$msg} Variable

$is

$equals

$matches

$greater

$lesser

<--statement-->

Examples

These examples are written in XDI Display Format. See JSON Serialization Rules for the over-the-wire format.

Link contract policy that checks that the secret token in the message matches the secret token in the graph:

$secret<$token>&/&/"s3cr3t"
$do$if/$true/({$msg}$secret<$token>/$equals/$secret<$token>)

Link contract policy that checks that the message timestamp comes before a certain time:

$do$if/$true/({$msg}<$t>/$lesser/...$do#expiration<$t>)
$do#expiration<$t>&/&/"2012-12-12"

Link contract policy that checks that the message comes from one of the approved senders:

$do$if/$true/({$from}/$is/[=]!2222)
$do$if/$true/({$from}/$is/[=]!3333)
$do$if/$true/({$from}/$is/[=]!4444)

Link contract policy that excludes a certain sender:

$do$if/$false/({$from}/$is/[=]!1111)

Link contract policy that excludes a certain sender (other way of doing it):

$do$if$not/$true/({$from}/$is/[=]!1111)

Link contract for "root access" to an authority's own graph:

$secret<$token>&/&/"s3cr3t"
$do$if$and/$true/({$from}/$is/[=]!1111)
$do$if$and/$true/({$msg}$secret<$token>/$equals/$secret<$token>)
$do/$all/()

Link contract for the "public branch" of an XDI graph:

$public$do/$get/$public

Link contract to allow Bob access to Alice's phone number:

=alice/$ref/[=]!1111
=bob/$ref/[=]!2222
[=]!1111$<#tel>&/&/"#1-123-567-8900"
$do$if/$true/({$from}/$is/[=]!2222)
$do/$get/[=]!1111<#tel>

Link contract policy that checks that the message comes either from myself ([=]!1111) or from one of my friends:

$do$if$or/$true/([=]!1111/$is/{$from})
$do$if$or/$true/([=]!1111/#friend/{$from})

Link contract that allows a $do$signal operation only on certain statements (with variables):

$do/$do$signal/[=]!1111[#channel]!23[#event]
$do$if$and/$do$signal/([=]!1111[#channel]!23[#event]{1}/#domain/#cloudos)
$do$if$and$or/$do$signal/([=]!1111[#channel]!23[#event]{1}/#type/#notification)
$do$if$and$or/$do$signal/([=]!1111[#channel]!23[#event]{1}/#type/#subscription)
$do$if$and$or/$do$signal/([=]!1111[#channel]!23[#event]{1}/#type/#deletion)

Combination of the previous two examples:

[=]!1111/#friend/[=]!2222
$do/$do$signal/[=]!1111[#channel]!23[#event]
$do$if$and[$or]!2/$true/([=]!1111/$is/{$from})
$do$if$and[$or]!2/$true/([=]!1111/#friend/{$from})
$do$if$and/$do$signal/([=]!1111[#channel]!23[#event]{1}/#domain/#cloudos)
$do$if$and[$or]!1/$do$signal/([=]!1111[#channel]!23[#event]{1}/#type/#notification)
$do$if$and[$or]!1/$do$signal/([=]!1111[#channel]!23[#event]{1}/#type/#subscription)
$do$if$and[$or]!1/$do$signal/([=]!1111[#channel]!23[#event]{1}/#type/#deletion)

Link contract policy that allows the message if it is not sent on Friday 13th, and it is not sent by =drummond or =markus. (Note that the weekday and day-of-month definitions still need to be defined in the XDI $ Dictionary.)

$do$if$and[$not]!1$and/$true/[weekday_is_friday]
$do$if$and[$not]!1$and/$true/[day_is_13th]
$do$if$and[$not]!2$or/$true/(=drummond/$is/{$from})
$do$if$and[$not]!2$or/$true/(=markus/$is/{$from})


CategoryProposal CategoryLinkContracts CategoryHighPriority

XdiPolicyExpression (last edited 2014-03-27 14:34:12 by dan.blum)