|
|
|
An application is a Policy Server object that defines a complete security policy for one or more related web services. Applications associate users or roles with entitlements (rules) to determine what user accounts can access what web service application resources.
Application objects provide a simplified enterprise policy management model that does not require an in-depth knowledge of SOA Security Manager-specific concepts and object types.
A policy domain is a group of objects that deal with a specific domain of resources. For example, an organization may divide its web service resources by business unit, creating a policy domain for marketing, a separate policy domain for engineering, and so on. Domain objects are those objects that pertain to a specific policy domain. These objects include rules and policies for controlling access to resources.
Policy domains objects are the basis of the traditional SOA Security Manager policy model. They are also the container for the following domain objects that define the security policy for the resources within the domain:
A realm is a Policy Server object that identifies a group of resources. Realms typically define a directory or folder and possibly its subdirectories.
A rule is a Policy Server object that identifies a resource and the actions that will be allowed or denied for the resource. Rules can also include actions associated with specific events, such as what to do if a user fails to authenticate correctly when asked for their credentials.
A rule group is a Policy Server object that contains multiple rules. Rule groups are used to tie together different rules that will be used in a single policy.
A response is a Policy Server object that determines a reaction to a rule. Responses are included in policies, and take place when a rule is triggered.
A response group is a Policy Server object that contains a logical grouping of responses. Response groups are most often used when many responses will be included in a policy.
A policy is a Policy Server object that binds users, rules, responses, and optionally, time restrictions and IP address restrictions together. Policies establish entitlements for a SOA Security Manager protected entity. When a user attempts to access a resource, the policy is what SOA Security Manager ultimately uses to resolve the request.
A variable is an object that can be resolved to a value which you can incorporate into the authorization phase of a request. The value of a variable object is the result of dynamic data and is evaluated at runtime.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |