PaaSword Annotation Interpretation Mechanism
Three annotation types have been defined that serve a specific functional purpose under the PaaSword framework. These are:
- @PaaSwordPEP annotation – It refers to access control policies enforcement. It is both a class- and a method-level annotation i.e. it can decorate any Java class or method in the cloud application code. Based on this type of annotation the PaaSword framework undertakes the evaluation and enforcement of the corresponding rules, policies and policy sets.
- @PaaSwordDDE annotation – It refers to data fragmentation, distribution and encryption. It is a class-level annotation i.e. it can decorate any Java class. Based on this type of annotation the PaaSword framework undertakes the responsibility of configuring the DB-Proxy mechanism regarding fragmentation and encryption.
- @PaaSwordEntity annotation – It is a class-level annotation and its main use is to annotate Entity classes. Therefore, any class that is annotated, as PaaSwordEntity will be handled as an Entity in order to feed the Database Proxy Mechanism for database bootstrapping purposes.
A dedicated Annotations Interpretation Mechanism is currently being developed for efficiently interpreting annotations into XACML-based enforceable Access Control Policies. More specifically, this mechanism delivers the following main kinds of functionality:
- Introspects the source code of a PaaSword-enabled application.
- Feeds the Production Memory of the Expert System with the appropriate inference engine rules.
- Informs which attribute values are needed by the working memory of the Expert System.
- Feeds the Working Memory of the Expert System with the appropriate facts that will allow the successful evaluation of policy sets.