Policy Server Guides › Policy Design Guide › CA Arcot Integration › CA Arcot WebFort and RiskFort › Confidence Levels and SiteMinder Authorization

Confidence Levels and SiteMinder Authorization

The Policy Server maintains authorization services in an integrated environment and can apply the risk score to authorization decisions. The risk score is created during the authentication process.

The Policy Server applies the risk score as a SiteMinder confidence level (confidence level). A confidence level is based on a risk score, and as such, is also an integer that represents the likelihood that the transaction is safe.

The following example workflow details the relationship between both values and explains how the Policy Server applies a confidence level to authorization decisions:

1. After the user is successfully authenticated, the Adapter converts the risk score to a confidence level using the following algebraic formula:

   (100-risk score) * 10 = confidence level
   

2. The Adapter inserts the confidence level into the SiteMinder session ticket.
3. As the user requests protected resources, the Policy Server compares the confidence level in the session to ticket to the confidence level configured in the policy.
4. The following can occur:
   • If the policy rule is configured to allow access and the user’s confidence level is equal to or greater than the confidence level configured in the policy, the policy rule is triggered.

     Note: If the user’s confidence level is less than the confidence level configured in the policy, SiteMinder denies access.

   • If the policy rule is configured to reject access and the confidence level is less than the value configured in the policy, the policy rule is triggered.

More information:

Add a Confidence Level to a Policy