Access Manager Information Tree (Sun Java System Access Manager 7 2005Q4 Technical Overview)

Sun Java System Access Manager 7 2005Q4 Technical Overview

Access Manager Information Tree

Access Manager creates a special and proprietary branch in a data store such as an LDAP directory for storing realm configurations, authentication properties, and authorization policies. This directory can be different from the directory hosting the Access Manager Identity Repository. Together the realms form the Access Manager information tree. The Access Manager information tree is separate from the user branch in the Identity Repository.

Figure 4–2 Access Manager Information Tree Within an Identity Repository

This figure compares a directory information tree (DIT) with
a DIT that includes the Access Manager information tree.

Access Manager components and plug-ins access the data stored in the Access Manager information tree, and use data for various purposes. The following are some examples:

Policy runtime accesses policy data for policy evaluation.
Identity Repository plug-in finds configuration information for data stores.
Authentication Service finds authentication configuration information.