Access decision information
The data and attributes in rule conditions collectively are called access decision information (ADI). Authorization API attributes, which are name and value pairs, form the basis of all ADI that can be referenced in a rule or presented to the authorization engine.
- Sources for retrieving ADI
The authorization engine can gather ADI from several sources.- Volatile versus nonvolatile data
In general, the source for any particular piece of ADI depends largely on what the data is. The most important question is Whether the data is volatile. For example, is it possible for the data to change during the lifetime of the session of the user? Is it important to use the most up-to-date information when it does change? Volatile data must be retrieved with a dynamic ADI retrieval service unless the resource manager application can provide this data.
Parent topic: Authorization rules management