Deployment strategies

We can deploy an external authorization service in several ways.

• Any number of external authorization services can be registered with resource manager applications.

  Applications that can load external authorization services include the authorization server, other ISAM resource managers, and any other resource manager applications that we create.

• Remote-mode authorization API clients make requests to the authorization server for authorization decisions.

  These clients automatically use any external authorization service loaded by the authorization server.

• More than one external authorization service can be called for any single trigger condition.

  First, the result of each external authorization service is weighted. Then the results are combined with the result of the ISAM authorization service.

• Trigger conditions can be placed on objects with the use of a POP trigger.

  If a trigger condition is placed on an object, then any request to that object instigates a call to the appropriate external authorization services.

• Trigger conditions can also be placed on the operations requested by a user.

  For example, an external authorization service can be triggered only when a user requests a Write operation to a protected resource. In this case, the external authorization service is not triggered for any other operation. It is then possible to develop sets of operations for which one or more external authorization services are triggered according to the requested set of operations.

• The external authorization services are implemented as dynamically loadable library (dynamic link library (DLL) modules.

  This feature greatly simplifies the task of external authorization service development. There is no requirement to make remote requests to the external authorization service. The load of the call is equivalent to the load of a function call.

• The combination of the authorization API and an external authorization service provides an extensible solution for implementing a complex security policy.

Parent topic: External authorization capability