Figure 1P-18 - Simple PolicyCondition

A PolicyCondition is an abstract base class that represents how to form the condition clause of a PolicyRule. This class can be used to represent rule-specific or reusable policy conditions, which are discussed in the sub-section titled Reusable vs. Ad-Hoc Policy Entities later in this section.<br/>Policy conditions are of the form:<br/>    {variable, operator, value}<br/>where the operator is usually the MATCH operator, but could be another type (e.g., compare) of operator. This gives the semantics of “IF the condition is TRUE (or FALSE)”.<br/>The subclasses of PolicyCondition, along with its recursive aggregation, enable simple and compound (e.g., nested) PolicyConditions to be supported by the same structure.<br/>The ContainedPolicyConditions aggregation is used for two distinct purposes. First, it is used to gather together discrete PolicyConditions to form a PolicyCondition clause. In this usage, a set of individual PolicyConditionAtomic objects are aggregated by one or more PolicyConditionComposite objects.<br/>The second use is to form compound PolicyConditions. In this case, the PolicyConditionAtomic object aggregates PolicyConditionAtomic and/or PolicyConditionComposite objects. The former provides a simple nested PolicyCondition, while the latter provides structure for grouping the sub-conditions. The reason that these two types of entities exist is to provide different evaluation semantics for different types of conditions. This is beyond the scope of this Addendum, but is covered in the system view of the policy model.<br/><i>Note that the composite pattern was explicitly not used, so as to enable these rich semantics.</i><br/><b>PolicyConditionAtomic</b><br/>A PolicyConditionAtomic object is the base class for all simple policy conditions. A simple policy condition consists of a single Boolean clause, which is used to test a single condition. This consists of a single occurrence of a PolicyStatement.<br/>This design relies on the PolicyStatement to supply the actual terms to make up the condition clause. Thus, since everything is normalized to a condition clause, no subclasses of PolicyConditionAtomic are needed. Instead, subclasses of the appropriate PolicyStatement classes are provided.<br/>This class has three attributes. The first, conditionSequenceNumber, is a non-negative integer and represents the particular sequence in which this element is parsed as part of the overall policy structure. This will allow a policy engine to reference externally supplied arguments to this object as it is evaluated.<br/>The hasEvaluated attribute is an enumerated integer that is set by a policy application to define the state of evaluation of this policyCondition. This is crucial for realizing the semantics of the finite state machine.<br/>Finally, the hasSubConditions is a Boolean attribute that, if TRUE, signifies that this PolicyCondition has one or more sub-conditions. Sub-conditions are used to enforce a hierarchical nesting of conditions, so that parent conditions may control the evaluation and other semantics of the sub-conditions that they contain.<br/><b>PolicyConditionComposite</b><br/>A PolicyConditionComposite entity consists of one or more PolicyConditions contained inside a higher-level PolicyConditionComposite entity. This is also called a compound PolicyCondition.<br/>Conceptually, this is a stand-alone object that consists of one PolicyCondition that provides an overall context for either a nested or a group of subordinate PolicyConditions to be evaluated.<br/>The PolicyConditionComposite class is designed to be an intelligent container. The PolicyConditionComposite class is the base class for all complex policy conditions. A complex policy condition consists of an aggregation of PolicyConditionAtomic and/or PolicyConditionComposite objects, which in turn form a complex Boolean statement. It is important to note that such an object still evaluates to a single Boolean TRUE or FALSE value.<br/>The conditionIsCNF attribute is used to define the overall structure of the PolicyCondition. If this attribute is TRUE, then the structure is defined to be conjunctive normal form (i.e., an AND of Ors). Otherwise, it is disjunctive normal form (an OR of ANDs).<br/>The PolicyConditionRuleDetails class is used to implement the semantics needed for the PolicyConditionInPolicyRule aggregation. This aggregation defines the set of PolicyConditions that are contained in this PolicyRule. In other words, this class describes how the overall condition clause appears to the PolicyRule.<br/>In contrast, the ContainedPolicyConditionDetails class is used to implement the semantics needed for the ContainedPolicyConditions aggregation. This aggregation defines the set of PolicyConditions that are contained in this PolicyCondition.<br/>Note that the ContainedPolicyConditionDetails class and the PolicyConditionRuleDetails class have conceptually the same attributes. This is because they both provide semantics to form a condition expression. The difference lies in their placement relative to the PolicyRule class. That is, the ContainedPolicyConditionDetails class is used to combine individual expressions within a condition clause, whereas the PolicyConditionRuleDetails class is used to describe how the completed condition clause appears to the PolicyRule. These attributes are described in the Data Dictionary section of this Addendum.<br/><br/>