AAA - stands for
- Authentication
- Authorization
- Auditing
Datapower makes clear separation of processing of all three in a loosely coupled way.
The steps for AAA are:
- Extract identity (EI) claim - such as username /password from HTTP basic authentication.
- Extract resource (ER) - such as Web services URL being accessed.
- Authenticates (AU) the extracted identity - with either an on-board / off-board identity server - LDAP
- Map Credentials (MC)- using rewrite rules
- Map Resource (MR) - mapped using rewrite rules
- Authorize (AU)- submit to a policy server for authorization.
- Post Processing (PP) - audit
References:
Datapower Architectural Design Patterns -Integrating and Securing Services Across Domains - http://www.redbooks.ibm.com/abstracts/sg247620.html?Open
No comments:
Post a Comment