Integration of FACPL in jRESP

In jRESP policies are used to regulate the interaction between the different internal parts of components and their mutual interactions. Indeed, when a method of an instance of the class Agent is invoked, its execution is delegated to the policy associated to the node where the agent is running. The policy can then control the execution of the action (for instance, by suspending a behaviour when some access rights are missing) and, possibly, define additional behaviours. Different kinds of policies can be easily integrated in jRESP by implementing the interface IPolicy. Currently, two implementations of this latter interface are included in \jresp{}: NodePolicy and PolicyAutomaton.

NodePolicy is the policy enforced by default in each node (it is an inner class of Node). It always allows any operations, thus directly delegating the execution of each action to the associated node. PolicyAutomaton implements instead a generic policy automaton. In this way, transitions caused by the execution of agent actions can trigger changes of the policies. In particular, a PolicyAutomaton consists of a set of policy states, each of which identifies the possible policies enforced in the node, and of a reference to the current state, which is used to evaluate agent actions with respect to the current policies.

The full integration of FACPL in jRESP can be now achieved by considering the class FacplPolicyState that, by extending IPolicyState, relies on the Java-translated FACPL policies. This Java code is automatically obtained by using the FACPL IDE available for the Eclipse platform.

When a PolicyAutomaton receives a request for the execution of a given action, first of all an AutorisationRequest is created. This is the object identifying the SCEL action the node wants to perform, thus it provides information about the kind of action performed, its argument, its target and the list of attributes currently published in the node interface. The created AutorisationRequest is then evaluated with respect to the current policy state via the (abstract) method evaluate(AutorisationRequest r) defined in the class IPolicyAutomatonState. In the class FacplPolicyState this method delegates the authorization to the referred FACPL policy. The method returns an instance of the class AuthorisationResponse, which contains a decision, i.e. permit or deny, and a set of obligations. The latter ones are rendered as a sequence of actions that must be performed just after the completion of the requested action. Hence, if the decision is permit, the requested action is completed as soon as the obligations are executed. Instead, if the decision is deny, the requested action cannot be performed. In this case, first the obligations possibly returned along with the decision must be executed, then a new AutorisationRequest is created and evaluated in order to establish executability of the requested action.