A policy domain is a group of objects that deal with a specific domain of resources. For example, a company may divide its network resources by business unit, creating one policy domain for marketing, another policy domain for engineering, etc. Policy domain objects are those objects that pertain to a specific policy domain. These objects include rules and policies for controlling access to resources.
Policy domain objects include:
A realm is a Policy Server object that identifies a group of resources. Realms typically define a directory or folder and possibly its subdirectories.
A rule is a Policy Server object that identifies a resource and the actions that will be allowed or denied for the resource. Rules can also include actions associated with specific events, such as what to do if a user fails to authenticate correctly when asked for their credentials.
A rule group is a Policy Server object that contains multiple rules. Rule groups are used to tie together different rules that will be used in a single policy.
A response is a Policy Server object that determines a reaction to a rule. Responses are included in policies, and take place when a rule is triggered.
A response group is a Policy Server object that contains a logical grouping of responses. Response groups are most often used when many responses will be included in a policy.
A policy is a Policy Server object that binds users, rules, responses, and optionally, time restrictions and IP address restrictions together. Policies establish entitlements for a SiteMinder protected entity. When a user attempts to access a resource, the policy is what SiteMinder ultimately uses to resolve the request.
A variable is an object that can be resolved to a value which you can incorporate into the authorization phase of a request. The value of a variable object is the result of dynamic data and is evaluated at runtime.
An affiliate object binds users, and optionally, time restrictions and IP address restrictions together. It also contains configuration data and a list of user entitlement attributes to be passed to an affiliate after a user is authenticated.
Note: More information on affiliates exists in the Federation Security Services Guide.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |