OSID Logo
OSID Specifications
authorization package
Version 3.0.0
Release Candidate Preview
Interfaceosid.authorization.AuthorizationSession
Implementsosid.OsidSession
Description

This is the basic session for verifying authorizations.

MethodgetVaultId
Description

Gets the Vault Id associated with this session.

Returnosid.id.Idthe Vault Id associated with this session
CompliancemandatoryThis method must be implemented.
MethodgetVault
Description

Gets the Vault associated with this session.

Returnosid.authorization.Vaultthe Vault associated with this session
ErrorsOPERATION_FAILEDunable to complete request
PERMISSION_DENIEDauthorization failure
CompliancemandatoryThis method must be implemented.
MethodcanAccessAuthorizations
Description

Tests if this user can perform authorization checks. A return of true does not guarantee successful authorization. A return of false indicates that it is known all methods in this session will result in a PERMISSION_DENIED. This is intended as a hint to an application that may opt not to offer lookup operations to unauthorized users.

Returnboolean false if authorization methods are not authorized, true otherwise
CompliancemandatoryThis method must be implemented.
MethodisAuthorized
Description

Determines if the given agent is authorized. An agent is authorized if an active authorization exists whose Agent, Function and Qualifier matches the supplied parameters. Authorizations may be defined using groupings or hieratchical structures for both the Agent and the Qualifier but are queried in the de-nornmalized form.

The Agent is generally determined through the use of an Authentication OSID. The Function and Qualifier are already known as they map to the desired authorization to validate.

Parametersosid.id.IdagentIdthe Id of an Agent
osid.id.IdfunctionIdthe Id of a Function
osid.id.IdqualifierIdthe Id of a Qualifier
Returnboolean true if the user is authorized, false othersise
ErrorsNOT_FOUND functionId is not found
NULL_ARGUMENT agentId , functionId or qualifierId is null
OPERATION_FAILEDunable to complete request
PERMISSION_DENIEDauthorization failure making request
CompliancemandatoryThis method must be implemented.
Provider Notes

Authorizations may be stored in a normalized form with respect to various Resources and created using specific nodes in a Function or Qualifer hierarchy. The provider needs to maintain a de-normalized implicit authorization store or expand the applicable hierarchies on the fly to honor this query.

Querying the authorization service may in itself require a separate authorization. A PERMISSION_DENIED is a result of this authorization failure. If no explicit or implicit authorization exists for the queried tuple, this method should return false.

MethodgetAuthorizationCondition
Description

Gets the AuthorizationCondition for making conditional authorization checks.

Parametersosid.id.IdfunctionIdthe Id of a Function
Returnosid.authorization.AuthorizationConditionan authorization condition
ErrorsNOT_FOUND functionId is not found
NULL_ARGUMENT functionId is null
OPERATION_FAILEDunable to complete request
PERMISSION_DENIEDauthorization failure making request
CompliancemandatoryThis method must be implemented.
MethodisAuthorizedOnCondition
Description

Determines if the given agent is authorized. An agent is authorized if an active authorization exists whose Agent, Function and Qualifier matches the supplied parameters. Authorizations may be defined using groupings or hieratchical structures for both the Agent and the Qualifier but are queried in the de-nornmalized form.

The Agent is generally determined through the use of an Authentication OSID. The Function and Qualifier are already known as they map to the desired authorization to validate.

Parametersosid.id.IdagentIdthe Id of an Agent
osid.id.IdfunctionIdthe Id of a Function
osid.id.IdqualifierIdthe Id of a Qualifier
osid.authorization.AuthorizationConditionconditionan authorization condition
Returnboolean true if the user is authorized, false othersise
ErrorsNOT_FOUND functionId is not found
NULL_ARGUMENT agentId , functionId, qualifierId , or condition is null
OPERATION_FAILEDunable to complete request
PERMISSION_DENIEDauthorization failure making request
UNSUPPORTED condition is not of this service
CompliancemandatoryThis method must be implemented.
Provider Notes

Authorizations may be stored in a normalized form with respect to various Resources and created using specific nodes in a Function or Qualifer hierarchy. The provider needs to maintain a de-normalized implicit authorization store or expand the applicable hierarchies on the fly to honor this query.

Querying the authorization service may in itself require a separate authorization. A PERMISSION_DENIED is a result of this authorization failure. If no explicit or implicit authorization exists for the queried tuple, this method should return false.