Defining a custom application for policy attachments
There are two types of Access Control Resources, Reverse Proxy or Application.
A Reverse Proxy resource defines a server instance with a protected object space, and a specific resource in that protected object space. An application resource describes an application server and resource that to protect that is not in a Reverse Proxy object space. Ensure the application ID is unique. The application ID is case-sensitive; for example "ClaimApplication" and "claimapplication" are considered to be unique names. Avoid control characters, leading and trailing blanks, and special characters such as ! @ # $ % ^ & * [ ] ; , < >
Application IDs and resources are used as either URL paths or URI scheme names and therefore must consist of a sequence of any combination of lowercase letters, numbers, or any of the following special characters: plus ("+"), period ("."), or hyphen ("-").
If a URL path is used, the ID must begin with a forward slash ("/"). If a URI scheme name is used, the ID must being with a lowercase letter.
For an application resource with an Application ID /myapp and Resource ID /myresource, the corresponding XACML JSON would be:
{ "Request": { "Action": { "Attribute": [ { "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id", "DataType": "string", "Value": "GET" } ] }, "Resource": { "Attribute": [ { "AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id", "DataType": "string", "Value": "/myresource" } ] }, "Environment": { "Attribute": [ { "AttributeId": "ApplicationId", "DataType": "string", "Value": "/myapp", "Issuer": "http://security.tivoli.ibm.com/policy/distribution", } ] } } }
Parent topic: Access control policies