Security policy planning and implementation
A corporate security policy for web resources identifies the web resources that require protection and the level of protection. You can implement the security policy by applying the appropriate security mechanisms to the objects requiring protection.
Verify Identity Access uses a virtual representation of these web resources, called the protected object space. The protected object space contains objects that represent actual physical resources in your network.
- Access control list (ACL) policies
ACL policies identify user types that can be considered for access and specify the operations permitted on the object.
- Protected object policies (POPs)
A POP specifies additional conditions governing the access to the protected object, such as privacy, integrity, auditing, and time-of-day access.
- Extended attributes
Extended attributes are additional values placed on an object, ACL, or POP that can be read and interpreted by third-party applications (such as an external authorization service).
The core component of Verify Identity Access is the Verify Identity Access authorization service. This service permits or denies access to protected objects (resources) based on the user's credentials and the access controls placed on the objects.
To successfully implement the security policy, you must logically organize the different content types (as described in Content types and levels of protection) and apply the appropriate ACL and POP policies. Access control management can be very complex and is made much easier by careful categorization of the content types.