Verify Access authorization service overview

ISAM authorization service overview

We can integrate Security Verify Access into existing and emerging infrastructures to provide a secure, centralized policy management capability. The authorization service, together with resource managers, provides a standard authorization mechanism for business network systems.
The ISAM authorization service is illustrated in Figure 1.
Figure 1. Security Verify Access server components
policy server, user registry, master authorization database, authorization server, and replica authorization database.">

Existing applications can take advantage of the authorization service. An authorization policy is based on user or group roles. It can be applied to network servers, individual transactions, database requests, specific web-based information, management activities, and user-defined objects.
The authorization API allows existing applications to call the authorization service, which bases its decision on the corporate security policy. For information about the authorization API, see ISAM authorization API.
The ISAM authorization service is also extensible. It can be configured to call on other authorization services for additional processing using the external authorization service plug-in interface. The authorization service provides the following benefits:

The service is application independent.
The service uses a standard authorization coding style that is language independent (the authorization API).
The service is centrally managed and therefore easy to administer. The addition of a new employee, for example, requires modifying the privilege database in one central location, rather than across multiple systems.
The service addresses the application of security services in a heterogeneous cross-platform environment.
The service integrates existing non-ISAM authorization systems through an external authorization service capability.
The service has a scalable and flexible architecture that can be easily integrated with existing infrastructure.
The service enables multi-tiered authorization. A credentials packet can be passed through the multiple layers of an application process or transaction.
The service uses a common and effective auditing model.
The service is independent of any authentication mechanism.

Parent topic: Authorization: conceptual model