Next: Configuration
Up: Authorization Manager
Previous: Internal structure
The basic operation of the Authorization Manager is to respond to a query
like
``Is subject DN associated to any attribute?''
The answer will be the first attribute associated to subject
DN under the default policy, or the local-ID associated to this
attribute when a translation phase is configured for the default policy.
It is possible to perform more sophisticated interrogations, simply by
including in the request the following parameters:
- policy_name: selects which policy must be used to authorize the client.
The query becomes ``Is subject DN associated to any attribute under
the policy_name?''
- attribute_names: indicates a list of attributes the client requires to
be associated with. For each attribute_# in the list, the query
becomes ``Is subject DN associated to attribute_#?'' Only
attributes with positive match are returned by Authorization Manager.
- a combination of the above two parameters. For each attribute_#
in the list, the query becomes ``Is subject DN associated to
attribute_# under the policy_name?''
Example: the Authorization Manager receives the triplet (subjectDN=Mr.Smith,
policy=localDbAccess, attribute=DataGridMember) and replies back with
``ReadAccessOnTableX'', a value that the local application knows how to handle.
Next: Configuration
Up: Authorization Manager
Previous: Internal structure
2004-07-02