Components:
Architectural Access Control

Architectural Access Control

ArchStudio supports editing, checking, and executing architectural access control policies described in Secure xADL.

Edit

You can use ArchEdit to edit the access control policy of Secure xADL. The policy itself is written in XACML.

The recommended way to edit the policy is to use the integrated XACML editor. The editor can be invoked through Archipelego, just right click on a secure component and select Add Policy. Using the editor is similar to using ArchEdit, and the editor understands XACML and Secure xADL.

Check

In ArchEdit, select one interface as the accessing interface, select another interface as the accessed interface, and select check to see whehter the arhictectural access control policies allow the accessing interface to access the accessed interface.

The same operation can also be pterformed through Archipelego.

Execute

You can excute an architecture described in Secure xADL if you launch ArchStudio with a secure architecture evolution manager. Just instantiate the architecture as usual. If any security exceptions occur during instantiation and connection, such as a component has insufficient credentials to instantiate or a connector rejects the connection of a component, these exceptions are reported to Tron.

After an architecture is launched, it executes by exchanging messages. The secure execution of the architecture can be controled through the messaging policies, combining the access control extension and the message rule extension of xADL 2.0.


That's it!

This provides a basic overview of how to interact with the architectural access control feature from a user's perspective. Any questions or comments on this page should be sent to Jie Ren.