Sun Java System Access Manager 7 2005Q4 Federation and SAML Administration Guide


Before processing a request, the Liberty Personal Profile Service verifies the authorization of the WSC making the request. There are two levels of authorization verification:

Authorization occurs through a plug-in to the Liberty Personal Profile Service, an implementation of the interface. Although a new implementation can be developed, Access Manager provides the default class, This plug-in defines four policy action values for the query and modify operations:

The resource values for the rules are similar to x-path expressions defined by the Liberty Personal Profile Service. For example, a rule can be defined like this:

/PP/CommonName/AnalyzedName/FN    Query   Interact for consent
/PP/CommonName/*                  Modify  Interact for value
/PP/InformalName                  Query   Deny

Authorization can be turned off by deselecting one or both of the following attributes, which are also defined in the Liberty Personal Profile Service: