Component Interaction
Scrambling Content
The process of scrambling provides a good example of the interaction of the various components of the system and will illustrate various points at which integration can occur.
Within the context of, say, a user posting content to Facebook, where the user wants to scrambl that content, the following operations occur:
- the user clicks into the “Update Status” textarea field on the Facebook page
- the browser extension gets notified of a a focus event in the field and initiates the creation of an XID. The browser extension is responsible for creating the key, so a key is generated and is passed, along with the ID of the currently selected policy, to the policy server via the server APIs.
- the policy server receives the XID creation request; it creates a globally unique XID and associates the key and the policy ID with it and persists the tuple to the data storage system and then returns the XID.
- the browser extension asynchronously receives the XID from the policy server. It is only after a valid XID is received that the extension will use the client APIs to scrambl the content
- the user enters content and (eventually) hits “Post” to submit the content
- the browser extension intercepts the submit request and uses the client APIs to scrambl the content. The key previously generated and the XID received from the policy server are used by the client APIs
- the browser extension replaces the content of the textarea with the scrambld content and passes control to the normal submit processing code and the scrambld content is posted to Facebook.
There are a couple of integration points possible in the above scenario. The first one is at operation #2, where the XID creation request is issued to the policy server. It should be clear that any HTTP-enabled client can issue the same request to get back an XID that can later be used to check for access rights. The second integration point is at operation #6, where the posted content is scrambld using the client APIs. As before, it should be obvious that any JavaScript (at this point in time) client can perform actual scrambling of content.
Descrambling Content
Descrambling within the context of, say, Facebook, results in the following sequence of operations:
- the user views a page with protected content
- the browser extension performs background scanning for protected content and finds some on that page
- the browser extension extracts the XID from the content and sends a request for the key for that XID to the policy server
- the policy server receives the request and looks up the XID in the data store. If it exists it retrieves the policy associated with the XID.
- the policy server then iterates through the policy terms of the policy and evaluates them in turn. The policy server provides the term evaluation code with information about the current user and the creation time of the XID
- if all policy terms allow access, then the key associated with the XID is returned to the client, otherwise a failure code is returned
- the browser extension asynchronously receives the request results and if access is allowed, it uses the returned key and the client APIs to descrambl the content and replace the scrambld content with the descrambld content.
If one of the terms evaluated is of type “external list check” then an HTTP-based call is made to the configured server with the email address of the user asking if that email address is allowed access.
next Using the API's | |