| Previous | Table of Contents | Next |
This section describes how policies, such as security policies, are associated with objects that are managed by an ORB. The
interfaces and operations that facilitate this aspect of management is described in this section together with the section
describing Policy objects.
4.10.1.1 Policy Domain
A policy domain is a set of objects to which the policies associated with that domain apply. These objects are the domain
members. The policies represent the rules and criteria that constrain activities of the objects which belong to the domain.
On object reference creation, the ORB implicitly associates the object reference with one or more policy domains. Policy domains
provide leverage for dealing with the problem of scale in policy management by allowing application of policy at a domain
granularity rather than at an individual object instance granularity.
4.10.1.2 Policy Domain Manager
A policy domain includes a unique object, one per policy domain, called the domain manager, which has associated with it the
policy objects for that domain. The domain manager also records the membership of the domain and provides the means to add
and remove members. The domain manager is itself a member of a domain, possibly the domain it manages.
4.10.1.3 Policy Objects
A policy object encapsulates a policy of a specific type. The policy encapsulated in a policy object is associated with the
domain by associating the policy object with the domain manager of the policy domain.
There may be several policies associated with a domain, with a policy object for each. There is at most one policy of each
type associated with a policy domain. The policy objects are thus shared between objects in the domain, rather than being
associated with individual objects. Consequently, if an object needs to have an individual policy, then it must be a singleton
member of a domain.
4.10.1.4 Object Membership of Policy Domains
Since the only way to access objects is through object references, associating object references with policy domains, implicitly
associates the domain policies with the object associated with the object reference. Care should be taken by the application
that is creating object references using POA operations to ensure that object references to the same object are not created
by the server of that object with different domain associations. Henceforth whenever the concept of “object membership? is
used, it actually means the membership of an object reference to the object in question.
An object can simultaneously be a member of more than one policy domain. In that case the object is governed by all policies
of its enclosing domains. The reference model allows an object to be a member of multiple domains, which may overlap for the
same type of policy (for example, be subject to overlapping access policies). This would require conflicts among policies
defined by the multiple overlapping domains to be resolved. The specification does not include explicit support for such overlapping
domains and, therefore, the use of policy composition rules required to resolve conflicts at policy enforcement time.
Policy domain managers and policy objects have two types of interfaces:
• The administrative interfaces used to set policies (e.g., specifying which events to audit or who can access objects of a specified type in this domain). The administrator sees and navigates the domain structure, so he is aware of the scope of what he is administering.
• The operational interfaces used when enforcing the policies. These are the interfaces used by the ORB during an object invocation. Some policy objects may also be used by applications, which enforce their own policies.
The caller asks for the policy of a particular type (e.g., the delegation policy), and then uses the policy object returned to enforce the policy. The caller finding a policy and then enforcing it does not see the domain manager objects and the domain structure.
Note: This specification does not include any explicit interfaces for managing the policy domains themselves: creating and
deleting them; moving objects between them; changing the domain structure and adding, changing, and removing policies applied
to the domains.
4.10.1.5 Domains Association at Object Reference Creation
When a new object reference is created, the ORB implicitly associates the object reference (and hence the object that it is
associated with) with the following elements forming its environment:
• One or more Policy Domains, defining all the policies to which the object associated with the object reference is subject.
•The Technology Domains, characterizing the particular variants of mechanisms (including security) available in the ORB.
The ORB will establish these associations when one of the object reference creation operations of the POA is called. Some
or all of these associations may subsequently be explicitly referenced and modified by administrative or application activity,
which might be specifically security-related but could also occur as a side-effect of some other activity, such as moving
an object to another host machine.
In some cases, when a new object reference is created, it needs to be associated with a new domain. Within a given domain
a construction policy can be associated with a specific object type thus causing a new domain; that is, a domain manager object
to be created whenever an object reference of that type is created and the newly created object reference associated with
the new domain manager. This construction policy is enforced at the same time as the domain membership; that is, by the POA
when it creates an object reference.
4.10.1.6 Implementor’s View of Object Creation
For policy domains, the construction policy of the application or factory creating the object proceeds as follows. The application
(which may be a generic factory) calls one of the object reference creation operations of the POA to create the new object
reference. The ORB obtains the construction policy associated with the creating object, or the default domain absent a creating
object.
By default, the new object reference that is created is made a member of the domain to which the parent belongs. Non-object
applications on the client side are associated with a default, per-ORB instance policy domain by the ORB.
Each domain manager has a construction policy associated with it, which controls whether, in addition to creating the specified
new object reference, a new domain manager is created with it. This object provides a single operation make_domain_manager
which can be invoked with the constr_policy parameter set to TRUE to indicate to the ORB that new object references of the
specified type are to be associated their own separate domains. Once such a construction policy is set, it can be reversed
by invoking make_domain_manager again with the constr_policy parameter set to FALSE.
When creating an object reference of the type specified in the make_domain_manager call with constr_policy set to TRUE, the
ORB must also create a new domain for the newly created object reference. If a new domain is needed, the ORB creates both
the requested object reference and a domain manager object. A reference to this domain manager can be found by calling get_domain_managers
on the newly created object reference.
While the management interface to the construction policy object is standardized, the interface from the ORB to the policy
object is assumed to be a private one, which may be optimized for different implementations.
If a new domain is created, the policies initially applicable to it are the policies of the enclosing domain. The ORB will
always arrange to provide a default enclosing domain with default ORB policies associated with it, in those cases where there
would be no such domain as in the case of a non-object client invoking object creation operations.
The calling application, or an administrative application later, can change the domains to which this object belongs, using
the domain management interfaces, which will be defined in the future.
Since the ORB has control only over domain associations with object references, it is the responsibility of the creator of
new object to ensure that the object references that are created to the new object are associated meaningfully with domains.