Instance of the ocap family

Each instance of the ocap family implements a capability-based access control model. The types of resources and the list of access rights to resources of each type are defined in the security configuration of the ocap family instance.

Family instance configuration

<family-configuration> ::= "{" <resource-cfg> {"," <resource-cfg>} "}"

<resource-cfg> ::= <resource-type> ":" "{"

["limits" ":" <limits> ","]

"typeid" ":" <typeid> ","

"rights" ":" "<rights>

"}"

<limits> ::= "{ capabilities:" <capabilities> ", resources:" <resources> "}"

<rights> ::= "{" <right> {"," <right>} "}"

<right> ::= <right-name> ":" <right-id>

Family instance configuration elements

<resource-cfg>	Resource type configuration. Contains the resource type ID and a list of access rights to this resource.
<resource-type>	Resource type. Textual identifier that is returned by the capType policy. This identifier is indicated as the resource type in the configuration of ocap family policies (except capType).
<typeid>	Numerical identifier of the resource type received by the capType policy. It must be unique within the family instance.
<capabilities>	Maximum number of capabilities.
<resources>	Maximum number of resources for which capabilities can be issued.
<rights>	JSON object with a list of access rights, where key is the textual name of the access right, and value is the numerical identifier of the access right.

Page top