TEC Workbook - IBM
TEC Workbook - IBM
TEC Workbook - IBM
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Lab 4 Access Control Framework<br />
Prerequisites: This lab requires the completion of labs 1 through 3.<br />
<strong>IBM</strong> Software<br />
Up until now, you’ve seen how WebSphere DataPower can protect XML Web traffic using built-in XML<br />
threat protection, digital signatures, and encryption. This lab will introduce the access control framework<br />
which provides authentication, authorization, and audit services. Collectively, this is referred to as AAA.<br />
An AAA policy identifies a set of resources and procedures used to determine whether or not a<br />
requesting client is granted access to a specific service, file, or document. AAA policies are thus filters in<br />
that they accept or deny a specific client request. Basic AAA processing is depicted in the figure below.<br />
4.1 Extract identity & extract resource<br />
The first action that occurs is to extract the claimed identity of the service requester and the requested<br />
resource from an incoming message and its protocol envelope. WebSphere DataPower appliances<br />
provide an extensive list of predefined identity and resource extraction methods. For example, the<br />
identity can be based on IP address, account name/password, SAML assertion, or other criteria, while<br />
the requested resource can be specified by (among others) an HTTP URL, a namespace, or a WSDL<br />
method.<br />
4.2 Authenticate<br />
If the identity is successfully extracted from the message, it will then be authenticated. Authentication is<br />
most commonly accomplished via an external service such as Tivoli Access Manager or LDAP. If the<br />
authentication is successful, the process enters the resource and credential mapping phase.<br />
Lab 4 - Access Control Framework Page 69