Policy evaluation

PDRL does not define the policy evaluation algorithm. Since PDRL can be used in multiple policy evaluation systems, it is the responsibility of the system to define the evaluation rules.

For Rights Management ES, the following policy evaluation algorithm is implemented.

boolean evaluateValidityPeriod(ValidityPeriod vp, 
											Date evalTime, 
											Date publishTime) {

	if (vp.isAbsolute)

	return whether evalTime is within the absolute range of vp

	if (!vp.isAbsolute && publishTime != null ) 
	return whether evalTime is within range relative to publishTime

	return false; 

}

// returns a set of permissions

Set evaluate(Principal userToEvaluate, 
					Policy policy, 
					Date evalTime, 
					Date publishTime){

	// publishtime can be null if evaluating a policy without a license

	Set relevantPrincipals = getGroupsForUser(user) union user;

	Set returnedPermissions = null;

	if ( evalTime not within policy.getValidity() )

		throw Exception("Policy expired.");

	foreach policyEntry in policy {

		if (!(Date.now() within policyEntry.getValidity())) continue;

		Set policyEntryPrincipals = policyEntry.getPrincipals();

		if (isEmpty(policyEntryPrincipals intersect relevantPrincipals))

			continue;

		foreach permission in policyEntry.getPermissions {

			/* "permission" has name of the right and whether it is  
				granted or denied */

			add permission to returnedPermissions;

		}

	}

	foreach granted permission in returnedPermissions{

		/* If a permission has been both granted and denied, it is denied. */

		if(denied permission in returnedPermissions)			remove permission from returnedPermissions;

	}

	return returnedPermissions;

}

 

Send me an e-mail when comments are added to this page | Comment Report

Current page: http://livedocs.adobe.com/livecycle/es/sdkHelp/programmer/sdkHelp/pdrlConcepts.171.5.html

Add Comment