Record interface segmentation - Object Mapping

To add object protection to ZXAF the Reference monitor requires protectable objects to provide interfaces, namely IControlledObject for a DBentity.

To store the data that is required (on record on all protected items) is:

  • Protection INT
  • Owner INT
  • Group INT

To implement this we will add fields to each record corresponding to the above, when these records are present (detected by DbEntity) it will effectively provide low-level object protection via the reference monitor.

This I’m calling record interface segmentation – where a record in the DB has extra fields that relate to the interface that the implementing object implements, and the presence of these fields means that the interface is implemented

The ISubject requires a UserID, GroupID and list of permissions, which is implemented by adding the the following fields

  • Group INT
  • Privileges varchar(255) – comma seperated list of permission names

The net result was a quick and easy way to add interfaces in an extensible way to an existing object – and the existence of the fields can be used to determine if the interface is applicable. Which in this case is used to determine if a DB table (record) is protected and needs to have permission checking via the reference monitor performed

References