Authentication is the process by which an application verifies the identity of users. Authorization is the process that determines the permissions of an authenticated user within the application. In iWay Service Manager (iSM), these closely related functions are performed using security realms. A security realm is a database of user information that can be used to validate the credentials of a user. Realms also include the list of security roles that have been assigned to each user. Thus, authorization is a matter of checking to see whether a user has the role required to access a resource or perform an action.

iSM listeners implementing protocols with standard authentication mechanisms, such as NHTTP, NAS2, and TelnetD, are tightly integrated with security realms. However, authentication and authorization can be added to any channel using the Authenticate/Impersonate service and the _hasrole() iFL function. For more information, see Configuring Runtime Security Using Access Control.