The protected object space and system resource

The protected object space is a hierarchical representation of resources that belong to a Verify Identity Access secure domain. The system resource is the actual physical file or application.

The authorization service, Web Portal Manager, and other Verify Identity Access management utilities use the protected object space.

You can attach policies to objects in the object space so that resources are protected. The authorization service makes authorization decisions that are based on these policies.

The combined installation of Verify Identity Access base and WebSEAL provides the following object space categories:

Web objects

Represent any resource that can be addressed by an HTTP URL. These objects can include static web pages and dynamic URLs that are converted to database queries or some other type of application. The WebSEAL server is responsible for protecting web objects.

Management objects

Represent the management activities that administrators can perform through policy administration. The objects represent the tasks that define users and set security policy. Verify Identity Access supports delegation of management activities and can restrict an administrator's ability to set security policy to a subset of the object space.

User-defined objects

Represent customer-defined tasks or network resources that are protected by applications that access the authorization service through the Verify Identity Access authorization API.