pygar.zoneable

In a highly secure installation of the software, the software should be split into applications running in several security zones. Security can be further enhanced if the installation limits the distribution of classes so that software capabilities are present on one host computer but not another. If each host in a zoned security environment has only the essential software components, then attacks that target the software applications can have only limited success.

In each zone, one layer of encryption is added to outgoing documents while the same layer of encryption is removed from incoming documents.

The transfer of documents between zones is accomplished differently in the inbound and outbound directions. Inbound documents are staged for transfer to a higher security zone and then pulled inward from that zone. Outbound documents are simply sent to the lower zone and immediately accepted there. In practice, the movement involves reading and writing to a data storage (pygar.documents.Store) and the rules for transfer are saying essentially that a high security zone can read and write in a low security zone but the low security zone has no such privileges in the high security zone.

The zone system defense is not implemented in the current set of pygar pages.

Interface Summary

Interface Description

InboundOperations
All work on this interface is TBD.

OutboundOperations
All work on this interface is TBD.

Interface Summary
Interface	Description
InboundOperations	All work on this interface is TBD.
OutboundOperations	All work on this interface is TBD.

Class Summary
Class	Description
ClientProfile	This subclass extends the Profile with encryption operations that are used only by the innermost zone of client applications and never in the blind-agent server.
EncryptedClearValue<ValueType>	This data type is used for values in a negotiation position and includes their unencrypted value, their fieldName in the XML schema, and the type with respect to the encryption system: ftype.
FieldCrypto	Perform the innermost encryption step: the encryption of fields but not the semantic tags of the statements.
FieldCryptoDemo1
FieldCryptoXmlTxt0	Perform the innermost encryption step: the encryption of fields but not the semantic tags of the statements.
KeyStoreAccessZone10FS	DONOT USE THIS CLASS - NEVER WORKED! The KeyStoreAccessZone10FS class implements the KeyStoreAccess abstract class keystore on a local file store in zone10.
KeyStoreFS	This class contains methods to read and write a secret key stored in a file in the file system.
NumberConceal
SessionKeyStoreImpl

Exception Summary

Exception Description

ItemNotFound
This exception raised when the name of an XML item cannot be found in any of the expected definitions.

Package pygar.zoneable