Volatile versus nonvolatile data

In general, the source for any particular piece of ADI depends largely on what the data is. The most important question is Whether the data is volatile. For example, is it possible for the data to change during the lifetime of the session of the user? Is it important to use the most up-to-date information when it does change? Volatile data must be retrieved with a dynamic ADI retrieval service unless the resource manager application can provide this data.

Application-specific data that is nonvolatile and not user-specific is provided by the resource manager application. Data that is nonvolatile and user-specific is loaded into the user credential when the user is authenticated. The data is kept with the credential for the lifetime of the user session.

The set of data provided by the authorization engine, including the target protected object and permissions, is fixed and cannot be changed.

Parent topic: Access decision information