ISAM authorization API
The ISAM authorization API is the interface between the resource manager requesting the authorization check and the authorization service itself.
The authorization API allows Security Verify Access applications and other applications to query the authorization service to make authorization decisions. At the same time, the authorization API shields the application from the complexities of the actual decision-making process, including issues of management, storage, caching, replication, credential formats, and authentication methods.
The authorization API provides a standard programming model for coding authorization requests and decisions. We can use the authorization API to make standardized calls to the centrally managed authorization service from any existing or newly developed application. The authorization API can be used in one of the following modes:
- Remote cache mode
- The API is initialized to call the remote authorization server to do authorization decisions on behalf of the application. The authorization server maintains its own cache of the replica authorization policy database. This mode is best suited for handling authorization requests from application clients.
- Local cache mode
- The API is initialized to download and maintain a local replica of the authorization database for the application. Local cache mode provides better performance because the application does all authorization decisions locally instead of across a network. However, the processor usage of database replication and the security implications of using this mode make it best suited for use by trusted application servers.
The authorization API also works independently from the underlying security infrastructure, the credential format, and the evaluating mechanism. The authorization API makes it possible to request an authorization check and get a simple yes or no recommendation in return. The details of the authorization check mechanism are invisible to the user.
Parent topic: Security Verify Access overview