iWay Service Manager is targeted to highly secure applications. A part of its security capabilities is Runtime Security. Runtime security refers to the logon of user ID and password, and the use of security tokens to restrict execution based on the logged on users authority.
Note: In some systems, the list of tokens is called the Access Control List (ACL).
Protocol-based logons are applicable only to certain types of channels, although runtime security can be implemented within iSMO in any protocol. Logon security is available in those protocols that inherently offer logon: nHTTP, FTP server and the telnet command channel. In these protocols, clients enter a user ID and password (or other security token) and the server validates that userid/password pair in a process known as authentication. As part of the authentication process the user is assigned one or more security tokens, which denote the user capabilities in the system.
The user information, including the assigned tokens, is stored in a structure called a Principal. A principal is something that has an identity. A principal can be an individual, a group or a logon ID. Once established, the principal is available for the duration of the transaction or session.
In addition to the creation of principals by logon, a process service is available to define and assign a principal to the current transaction. If the transaction already has one or more associated principals, the new principal overshadows those principals. This is called impersonation in many systems, and is supported by iSMO. Additionally, a process that uses its own logic to identify a user can create the principal for use in the remainder of the flow.
The four main components of iSMO runtime security are:
| iWay Software |