Monday, September 21, 2015

What is Credential Transformation in Datapower? (106/285 technotes for 2015)

Since WebService requests have to travel multiple security domains, the credentials used in the inbound to a boundary server, often require transformation, before reaching the recipient.

Types of Transformation:


  • Technology
    • changing a credential from one type to another
    • eg: sender might use Digital Signatures, while the receiver might use Username token.
  • Naming
    • the name that represents a user might change, similar to Relationship in Process Server.
    • eg: your identity to IBM can be your serial number, but to bank it can be bank account number. 
To Resolve this - 

    1. Custom developed ad-hoc code - 
      1. Datapower can perform complex transformations - using built in functions as well as custom transformations.
    2. Leverage a product like TFIM (Tivoli Federated Identity Manager)
      1. Datapower can also connect to products like TFIM.

Rule of THUMB:
  • Use Datapower - for simple credential transformation
  • User TFIM - 
    • for complex credential transformation
    • when transformation occurs in multiple places like Datapower and WAS.



No comments: