Quality of protection POP

The protected object policy (POP) has an attribute for quality of protection that allows us to specify what level of data protection is required when performing an operation on an object. The quality of protection attribute is used to determine whether access will be granted to a requested resource. When an ACL check for a resource succeeds, the quality of protection POP is checked. If a quality of protection POP exists, and the resource manager (WebSEAL) cannot guarantee the required level of protection, the request is denied.

To set:

pdadmin> pop modify pop-name set qop {none|integrity|privacy}

When the QOP level is set to either integrity or privacy, WebSEAL requires data encryption through the use of SSL. For example:

pdadmin> pop modify test set qop privacy

Parent topic: WebSEAL-specific ACL policies