OSLC security

Authentication and authorization support for OSLC services is provided by IBM® TRIRIGA® security.

Native authentication

The consumer request can provide the user:password values that are base64 encoded and are in the OSLC HTTP header property.

Explicit login and logout

If the consumer application needs to run explicit login commands, you use the following request:
GET http://yourserver/oslc/login?USERNAME=username&PASSWORD=password 
If the consumer application needs to run explicit logout commands, you use the following request:
GET http://yourserver/oslc/logout

Authorization

Authorization control is provided at the business object level of the resource. The security processing of the resource data is then based on both the configuration of security of the application and the user group of the user who made the request. When OSLC resources are processed, any object attribute that is configured as hidden through security is not included in the response to an OSLC request.