Access Control Pipeline
The WAM server pluggable request processing pipeline with each security domain.
Access Control List
Identifies the users who may access a resource, and the type of access to that resource, that a user is permitted to have. Once a user is authenticated the ACL controls what they are permitted to do.
Access Control Policy
Defines the resources being protected and the rules that control access to them.
Access Control Request
Information about a request by a user to get access to a resource including a type, a resource id, and an action.
Access Control Response
The information return by the WAM server to an agent regard and access control request.
Access Control Service
A WAM server service that grant or denies access to resources based on an access control policy.
Access Control Rule
The implementation or expression of the business logic for controlling access to protected resources.
Access Control Rule Library
Manages access control rule types and instances.
Access Control Value
A WAM server individual processing node within an access control pipeline. By default, the first access control valve configured in WAM logs the request and the last valve (also referred to as the basic valve) uses the security domain-specific access control policy to grant or deny access.
The centralized or unified implementation and management of user authentication and entitlement to a site’s secure resources.
WAM software components that delegate security requests to a WAM server. Also known as a pluggin. Agents are specific to the application (application agent), web server (web agent), or J2EE server (application server agent) that host them.
An examination of records and activities to ensure compliance with established security controls, policies, and procedures.
Identifies an individual or application through the use of username/password, profiles, digital certificates or other means.
The WAM server pluggable authentication processing pipeline with each security domain.
The engine within the WAM server that makes authentication decisions based on a security domain’s login configuration.
A WAM server service that verifies the user identity and establishes a session that exists until the user logs out or the session times out due to inactivity.
A user that has presented valid and accepted login credentials to a resource controller.
A WAM server individual processing node within an authentication pipeline. By default, the first authentication valve logs the authentication request and the last valve (also referred to as the basic valve) attempts authentication based on information contained in an authentication request.
Develops rules or policies relating to what information users are allowed to view and manipulate (also know as Access Control).
Internet browser managed base64-encoding the username and password and transmitting the result to the server.
Enables underlying security services to interact with a calling application to retrieve specific authentication data such as usernames and passwords, or to display certain information, such as error and warning messages. See Callback.
Application component that passes authentication credentials from the application to a login module. See CallbackHandler.
Values (such as a username or password) or tokens (such as a digital certificate) owned by a user and presented to an authentication controller for validation of the user’s identity.
Enables a WAM server to host security domain services.
A category of users, classified by common traits to facilitate administration.
Lightweight Directory Access Protocol. A client-server protocol for accessing a directory service. It runs over TCP and can be used to access a stand-alone LDAP directory service or to access a directory service back-ended by X.509.
Specifies authentication requirements for a given security domain including login configuration entries, callback handlers, and login parameters.
Login Configuration Entry
Specifies the login modules you will use with WAM. Because LoginModules are pluggable, you can implement them without modification to WAM. Because they are stackable, you can specify how authentication to one or more LoginModules is required to access any resource.
The WAM mechanism by which callers prove that they are acting on behalf of specific users or systems. See LoginModule.
The three Boolean operators AND, OR, and NOT that gather or separate things into neat piles depending on how you use them. WAM uses logical operators between, and in some cases preceding, access control rules.
Network Adapter Layer
Enables a WAM server to offer services on different TCP/IP ports and to support network clients that speak different protocols.
Associates a set of resources (defined using a resource pattern) with one of two possible actions: an access control rule that will be evaluated to grant or deny access to the resource, or a security domain to which access control will be delegated.
The components within the WAM server that make access control decisions based on rules and and permissions defined in security domains.
Any entity such as an individual user, a login id, or groups to which a user belongs.
The IP address of the computer on which the browser or client application is running.
The fully qualified DNS hostname of the computer on which the browser or client application is running.
Content including web pages, files, datasources, Enterprise Java Beans, and more that are network accessible.
A working description of a user assigned to a user or group at application deployment time. Roles provide users access to application resources or enable programmatic decisions.
Enables access management to be partitioned according to organizational or physical boundaries, different security domains may be securely configured and managed by different individuals, departments, and companies.
Security Domain Registry
Maintains basic information about each security domain known to WAM, including the name and location of configuration metadata.
Service Manager Service
A WAM server service that enables custom security domain-specific services to be used/reused via programmer’s APIs.
The WAM server metadata assigned to a currently authenticated user.
Session Access Service
A WAM server service that provides information about authenticated users to agents.
Session Control Service
A WAM server service that enables modification and explicit closure (logout) of user sessions.
The process of capturing and changing metadata about an authenticated user throughout the login.
Session Manager Service
A WAM server service that manages an authenticated user’s session and expires it if inactive for a configurable period.
The programmatic object where a user’s session metadata is persisted.
Service Provider Layer
Enables a WAM server to provide security services like authentication and access control.
Enables a user to authenticate on one web server and access resources hosted on other web servers (or other virtual hosts within the same web server) without having to re-authenticate.
The container that holds authentication information about the user or service being authenticated, including relevant principals and credentials.
A centralized, security domain specific component that logs information about the startup, shutdown, warnings, and errors of it’s services.
Accounts that usually represents a person (but could be a system).
A LDAP server, a database, or file containing users, passwords, groups, and roles.