Web Agent Guides › Web Agent Configuration Guide › Web Agents › How Web Agents Secure Resources › How Web Agents and the Policy Server Work Together

How Web Agents and the Policy Server Work Together

To enforce access control, the Web Agent interacts with the Policy Server, where all authentication and authorization decisions are made.

The Web Agent intercepts user requests for resources and checks with the Policy Server to see if the requested resource is protected. If the resource is unprotected, the access request proceeds directly to the web server. If the resource is protected, the following occurs:

1. The Web Agent checks which authentication method is required for this resource. Typical credentials are a name and password, but other credentials, such as a certificate or a token card PIN, may be required.
2. The Web Agent challenges the user for credentials.

   The user responds with the appropriate credentials.

3. The Web Agent passes the credentials to the Policy Server, which determines if the credentials are correct.
4. If the user passes the authentication phase, the Policy Server determines if the user is authorized to access the resource. Once the Policy Server grants access, the Web Agent allows the request to proceed to the web server.

The Web Agent also receives user-specific attributes, in the form of a response, to enable Web content personalization and session management. A response is a personalized message or other user-specific information returned to the Web Agent from the Policy Server after authorizing the user. It consists of name-value attribute pairs that are added to HTTP headers by the Web Agent for use with Web applications. Examples of responses include the following:

• After authorizing a user to access a Web application, the Web Agent could also send information to the Web application dictating how long the user session can last.
• If the user is returning to a site where he or she previously registered, the Web Agent could return information about that user's buying preferences.

The following diagram shows the communication between the Web Agent and the Policy Server: