The protected object space and system resource
The protected object space is a hierarchical representation of resources that belong to a secure domain. The system resource is the actual physical file or application. The authorization service, Web Portal Manager, and other ISAM management utilities use the protected object space. We attach policies to objects in the object space to protect resources. The authorization service makes authorization decisions based on these policies.
The combined installation of ISAM base and WebSEAL provides the following object space categories:
| Management objects | Activities performed through policy administration. The objects represent the tasks that define users and set security policy. ISAM supports delegation of management activities and can restrict an administrator's ability to set security policy to a subset of the object space. |
| Web objects | Any resource that can be addressed by an HTTP URL. These objects can include static web pages and dynamic URLs converted to database queries or some other type of application. The WebSEAL server is responsible for protecting web objects. |
| User-defined objects | Customer-defined tasks or network resources protected by applications that access the authorization service through the ISAM authorization API. |
Parent topic: Security concepts for a WebSEAL deployment