Dynamic ADI retrieval entitlement services
The final source for retrieving ADI is the dynamic ADI retrieval entitlements service. This class of authorization entitlement services is designed to retrieve ADI from an external source.
These services can be developed to retrieve ADI from an enterprise database that contains employee, customer, partner, or inventory information. The dynamic ADI retrieval service is called to retrieve ADI when the access decision is being made. Calling both at the same time has the benefit of being able to retrieve volatile data, such as quotas, at a time when its value is most current.
The Security Verify Access Attribute Retrieval Service (AMWebARS, now deprecated) is an example of a service that can retrieve ADI from external sources.
A replacement example uses the Web Service Description Language (WSDL) file in the ISAM Application Development Kit to create and deploy a custom attribute retrieval service. See the IBM Security Verify Access for Web: Installation guide for more information about setting up the IBM Security Verify Access for Web custom attribute retrieval service. Also see the IBM Security Verify Access for Web: WebSEAL Administration Guide for more information about using the WSDL file.
Now deprecated, AMWebARS was the official package name for an ISAM J2EE web service that implements a dynamic ADI retrieval service. To facilitate communication between the resource manager, which is starting the rules engine, and AMWebARS, which is done with SOAP over HTTP, the ISAM runtime environment (pdrte package) provides an authorization entitlement service called azn_ent_amwebars.
See the Authorization C API Developer Reference for more information about developing with dynamic ADI retrieval entitlement services to fetch ADI when the rule is evaluated. See the Administration C API Developer Reference for an in-depth discussion of attribute lists, their formats, and the authorization APIs used to manipulate them. See Format and constraints of rules.
Parent topic: Sources for retrieving ADI