Sciweavers

ACSAC
2001
IEEE

The Authorization Service of Tivoli Policy Director

13 years 7 months ago
The Authorization Service of Tivoli Policy Director
This paper presents the Authorization Service provided by Tivoli Policy Director (PD) and its use by PD family members as well as third-party applications. Policies are defined over an object namespace and stored in a database, which is managed via a management console and accessed through rization API. The object namespace abstracts from heterogeneous systems and thus enables the definition of consistent policies and their centralized management. ACL inheritance and delegated management allow these policies to be managed efficiently. The Authorization API allows applications with their own access control requirements to decouple authorization logic from application logic. By intercepting the traffic over well-defined communication protocols (TCP/IP, HTTP, IIOP, and others), PD familiy members establish a single entry point to enforce enterprise policies that regulate access to corporate data.
Günter Karjoth
Added 23 Aug 2010
Updated 23 Aug 2010
Type Conference
Year 2001
Where ACSAC
Authors Günter Karjoth
Comments (0)