Runtime security services external authorization service

The runtime security services external authorization service (EAS) provides the policy enforcement point function for context-based access.

You can configure the runtime security services EAS to include context-based access decisions as part of the standard authorization on WebSEAL requests. WebSEAL becomes the authorization enforcement point for access to resources that context-based access protects.

The runtime security services EAS constructs a request that it sends to the policy decision point (PDP). Based on the policy decision that is received from the PDP, the EAS takes one of the actions listed in the following table.

Table 1. Runtime security services EAS access decisions
Action	Description
Permit	Grants access to the protected resource.
Deny	Denies access to the protected resource.
Permit with Authentication	Grants access to the protected resource, after a specific authentication action successfully takes place.
Permit with Obligation	Grants access to the protected resource, after the user successfully authenticates with a secondary challenge.
Deny with Obligation	Denies access to the protected resource, after the user unsuccessfully responds to a secondary challenge.

The following steps set up the initial integration with IBM Security Access Manager for Mobile:

Run the isamcfg tool to automatically update the WebSEAL configuration file and to complete other configuration setup.
Review the client certificate authentication considerations.
(Optional) Update the WebSEAL configuration file to:

See the IBM Security Access Manager for Web information center for information about WebSEAL at http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.isam.doc_80/webseal.html.