This
interface, once implemented, can be used by each Liberty-based web
service component for access control.
Note –
The com.sun.identity.liberty.ws.disco.plugins.DefaultDiscoAuthorizer class is the implementation of this interface for the Discovery Service.
The com.sun.identity.liberty.ws.idpp.plugin.IDPPAuthorizer class
is the implementation for the Liberty Personal Profile Service.
The Authorizer interface enables
a web service to check whether a web service consumer (WSC) is allowed
to access the requested resource. When a WSC contacts a web service
provider (WSP), the WSC conveys a sender identity and an invocation
identity. Note that the invocation identity is
always the subject of the SAML assertion. These conveyances enable
the WSP to make an authorization decision based on one or both identities.
The OpenSSO Enterprise Policy Service performs the authorization based on defined
policies.
|