iWay Service Manager (iSM) offers runtime security capabilities for highly secure applications. Runtime security includes authentication, often a logon process that validates a user's credentials, and authorization, in which execution depends on the permissions granted to the user.
Protocol based logon may involve a scheme, that is, a standardized method by which a server requests credentials and a client offers them. In iSM, the validation of credentials is handled by authentication realms. If a user is authenticated, the realm returns a principal, a structure that holds the user's credentials along with a list of the security roles assigned to the user. Once established, the principal is available for the duration of the transaction or session.
In addition to the creation of principals by logon, iSM provides services to define and assign a principal to the current transaction. If the transaction already has one or more associated principals, the new principal masks these. This is sometimes called impersonation. Additionally, a process that uses its own logic to identify a user can create a principal for use in the remainder of the transaction or session.
An application determines whether a particular action is authorized by checking to see whether the current principal has a role that has been granted the permission required for that action. The mapping of roles to permissions is sometimes called an Access Control List, or ACL.
The main components of iSM runtime security are:
| iWay Software |