The IBM® Security Access Manager for Mobile appliance uses attributes to provide information about users and devices that try to access a protected resource. The appliance also includes a set of commonly used attributes called predefined attributes.
Category | Category description |
---|---|
Action | Indicates the user action. |
Environment | Indicates when and how the user is trying to access the resource. |
Resource | Gives information about what the user is trying to access. |
Subject | Indicates who is trying to access the resource. |
Type | Type description |
---|---|
Access policy | The administrator uses policy attributes to create policies. |
Risk profile | The administrator uses risk attributes to create risk profiles. |
Data type | Data type description |
---|---|
Boolean | Condition that refers to two possible values:
|
Date | Date of the request. |
Integer | Number that can be written without a fractional or decimal component. |
String | Sequence of characters. |
Time | Time of the request. |
X500Name | Values with distinguished names. |
Source type | Source type description |
---|---|
Active | Collected by the attribute collection service. The administrator must add JavaScript to the application so that active attributes can be collected. For example: system fonts. |
Derived | Generated by a policy information point (PIP). For example: risk score. |
Passive | Collected from the browser by the external authorization service (EAS) and placed into an XACML request. Attributes with this source type are collected by the policy enforcement point (PEP) without installing more software or challenging the client to provide more details. For example: user-agent HTTP header and client IP address. |
Source | Source description |
---|---|
Attribute collection service | Collects information about the user device such as browser information, the operating system of the device, and the language of the device. |
Consent external authentication interface | Asks the user for a device registration decision. |
Device fingerprint count PIP | Counts the number of devices that are associated with the user. |
Geolocation PIP | Looks up the location of the user that is based on the IP address. |
HTTP headers | Provides information about the request. |
IP reputation PIP | Generates the IP reputation. See IP reputation for more information about IP reputation. |
POST data | Collects information about the user and sends it to the external authorization service (EAS) as POST data. The EAS inserts this POST data into the decision request. |
Risk engine | Generates the risk score. See Risk score calculation for more information about risk score calculation. |
System time | Keeps the time of the system. |
Security Access Manager credential | Collects information about the user from Security Access Manager. |
Worklight® JavaScript PIP | Parses the POST data from a Worklight adapter invocation and returns custom attributes that are created from the data that is contained within the POST from the parameters element. |