By Topic

The Authorization Service of Tivoli Policy Director

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Karjoth, G. ; Zurich Res. Lab., IBM Res., Zurich, Switzerland

This paper presents the Authorization Service provided by Tivoli Policy Director (PD) and its use by PD family members as well as third-party applications. Policies are defined over an object namespace and stored in a database, which is managed via a management console and accessed through an Authorization API. The object namespace abstracts from heterogeneous systems and thus enables the definition of consistent policies and their centralized management. ACL inheritance and delegated management allow these policies to be managed efficiently. The Authorization API allows applications with their own access control requirements to decouple authorization logic from application logic. By intercepting the traffic over well-defined communication protocols (TCP/IP HTTP IIOP and others), PD family members establish a single entry point to enforce enterprise policies that regulate access to corporate data.

Published in:

Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual

Date of Conference:

10-14 Dec. 2001