Forge Cogs Forge Bar Title Forge Research Forge Bar Title
Forge Research Products
 
home
products
contact chronicle
authorize
ESM
ramoss
map intelligence
protekt encryption
protekt proxy tunnel
licence manager
freeware products
services
press room
white papers
contact us
about us
employment

copyright
privacy

Authorize Architecture

Authorize is built upon a proven architecture that can scale from complete deployment on a single server to multi tier deployment with different components deployed on many federated servers. It contains the following components, which can be deployed in a configuration to suit your needs.

Broker

The Policy Enforcement Point (or PEP). This is a client convenience component that submits Authorisation Requests specific to the client's application. If Authorize is being integrated directly with an application, then this component written in the language of choice is used to interact with Authorize. Authorize comes with some pre-built brokers. In the case where Authorize is being plugged into an application server for example as a JAAS plug in, then the broker is not required. In this case Authorize can provide a superset of JAAS functionality without any source code changes.

Agent

The Policy Decision Point (or PDP). This is mainly a rules-based engine that processes each Authorisation Request against the Actor's Authorisation Attribute Certificate (AAC). That certificate is either included in the Authorisation Request (PUSH model) or issued by the Issuer subsequent to a request submitted by the Agent. Certificates are cached on the agent to enable very fast response times.

Attribute Certificate Server (ACS)

This is an AAC cache. It is optional, and if present, is aimed at reducing the workload on the Repository (and its Issuers). Even though each Agent has its own cache, this component ensures multiple Agent requests for the same certificate are honoured quickly.

Repository (and its Issuer(s))

This is where the authorisation-related information is stored. Requests to issue AACs are received by the Issuer(s), while data manipulation of the authorisation-related information is done through Console(s).

Administration Console

One or many Consoles are used to create and manage authorisation policies. In addition to the Console, existing policy information such as that stored in a JAAS policy file can be imported resulting in automatic creation of users, roles, permissions etc.

 

More Info

How does Authorize work?

Authorize White Paper

Authorize Brochure

 

Access Mechanisms

CORBA

XML-RPC

RMI

WSDL / SOAP (Web services)

JAAS Plug-In

EJB and J2EE
ESM Graphic

 

Policies can be constructed from any combination of:

Users

Roles

Systems

Targets

Permissions

Labels (e.g. Top Secret)

Regulations

Rules

Conditions (including time)
ESM Graphic