OSID - osid.authorization.AuthorizationSession Service Interface Definition

Interface	osid.authorization.AuthorizationSession
Implements	`osid.OsidSession`
Description	This is the basic session for verifying authorizations.
Method	getVaultId
Description	Gets the `Vault` `Id` associated with this session.
Return	`osid.id.Id`		the `Vault Id` associated with this session
Compliance	`mandatory`		This method must be implemented.
Method	getVault
Description	Gets the `Vault` associated with this session.
Return	`osid.authorization.Vault`		the `Vault` associated with this session
Errors	OPERATION_FAILED		unable to complete request
Errors	PERMISSION_DENIED		authorization failure
Compliance	`mandatory`		This method must be implemented.
Method	canAccessAuthorizations
Description	Tests if this user can perform authorization checks. A return of true does not guarantee successful authorization. A return of false indicates that it is known all methods in this session will result in a `PERMISSION_DENIED.` This is intended as a hint to an application that may opt not to offer lookup operations to unauthorized users.
Return	`boolean`		`false` if authorization methods are not authorized, `true` otherwise
Compliance	`mandatory`		This method must be implemented.
Method	isAuthorized
Description	Determines if the given agent is authorized. An agent is authorized if an active authorization exists whose `Agent,` `Function` and `Qualifier` matches the supplied parameters. Authorizations may be defined using groupings or hieratchical structures for both the `Agent` and the `Qualifier` but are queried in the de-nornmalized form. The `Agent` is generally determined through the use of an Authentication OSID. The `Function` and `Qualifier` are already known as they map to the desired authorization to validate.
Parameters	`osid.id.Id`	`agentId`	the `Id` of an `Agent`
	`osid.id.Id`	`functionId`	the `Id` of a `Function`
	`osid.id.Id`	`qualifierId`	the `Id` of a `Qualifier`
Return	`boolean`		`true` if the user is authorized, `false` othersise
Errors	NOT_FOUND		`functionId` is not found
	NULL_ARGUMENT		`agentId` , `functionId` or `qualifierId` is `null`
	OPERATION_FAILED		unable to complete request
	PERMISSION_DENIED		authorization failure making request
Compliance	`mandatory`		This method must be implemented.
Provider Notes	Authorizations may be stored in a normalized form with respect to various Resources and created using specific nodes in a `Function` or `Qualifer` hierarchy. The provider needs to maintain a de-normalized implicit authorization store or expand the applicable hierarchies on the fly to honor this query. Querying the authorization service may in itself require a separate authorization. A `PERMISSION_DENIED` is a result of this authorization failure. If no explicit or implicit authorization exists for the queried tuple, this method should return `false.`
Method	getAuthorizationCondition
Description	Gets the `AuthorizationCondition` for making conditional authorization checks.
Parameters	`osid.id.Id`	`functionId`	the `Id` of a `Function`
Return	`osid.authorization.AuthorizationCondition`		an authorization condition
Errors	NOT_FOUND		`functionId` is not found
	NULL_ARGUMENT		`functionId` is `null`
	OPERATION_FAILED		unable to complete request
	PERMISSION_DENIED		authorization failure making request
Compliance	`mandatory`		This method must be implemented.
Method	isAuthorizedOnCondition
Description	Determines if the given agent is authorized. An agent is authorized if an active authorization exists whose `Agent,` `Function` and `Qualifier` matches the supplied parameters. Authorizations may be defined using groupings or hieratchical structures for both the `Agent` and the `Qualifier` but are queried in the de-nornmalized form. The `Agent` is generally determined through the use of an Authentication OSID. The `Function` and `Qualifier` are already known as they map to the desired authorization to validate.
Parameters	`osid.id.Id`	`agentId`	the `Id` of an `Agent`
	`osid.id.Id`	`functionId`	the `Id` of a `Function`
	`osid.id.Id`	`qualifierId`	the `Id` of a `Qualifier`
	`osid.authorization.AuthorizationCondition`	`condition`	an authorization condition
Return	`boolean`		`true` if the user is authorized, `false` othersise
Errors	NOT_FOUND		`functionId` is not found
	NULL_ARGUMENT		`agentId` , `functionId, qualifierId` , or `condition` is `null`
	OPERATION_FAILED		unable to complete request
	PERMISSION_DENIED		authorization failure making request
	UNSUPPORTED		`condition` is not of this service
Compliance	`mandatory`		This method must be implemented.
Provider Notes	Authorizations may be stored in a normalized form with respect to various Resources and created using specific nodes in a `Function` or `Qualifer` hierarchy. The provider needs to maintain a de-normalized implicit authorization store or expand the applicable hierarchies on the fly to honor this query. Querying the authorization service may in itself require a separate authorization. A `PERMISSION_DENIED` is a result of this authorization failure. If no explicit or implicit authorization exists for the queried tuple, this method should return `false.`