Obligations

Obligations are used in policies to inform the enforcement point that more actions are required before access is granted or denied to a protected resource. Obligations are either of the following types:

• Actions that require the user to perform an operation.
• Actions that occur on the server without user involvement.

Predefined obligations are available by default. See Predefined obligations.

We can create, modify, or delete obligations.

When you create a policy, we can add an obligation. If the obligation has parameters, define the parameter details when creating the policy.

We can use the same obligation for different policies. Parameters customize the obligation for each policy. Parameter details are defined in the policy, not the obligation.

Obligations are saved in the local configuration database.

We can also map an obligation to a URL by defining it in the WebSEAL configuration file.

• Manage obligations
  Obligations are used for authoring policies. We can view, add, modify, and delete obligations.
• Obligation properties
  When we add or modify an obligation, we specify properties that make that attribute unique.
• Predefined obligations
  Predefined obligations are provided for your use in policy authoring.
• Map obligations to a URL
  We can define the mapping between the obligation the policy decision point (PDP) returns and the URL that attempts to satisfy the obligation.

Parent topic: Advanced Access Control administration