IAM as PIP
Airlock IAM as Policy Information Point (PIP)

Airlock IAM acts as Access Policy Information Point and partially Access Policy Decision Point, i.e. it provides information used by the Airlock Gateway (WAF) and takes access decisions (e.g. Step-Up).

Required information

To do so, IAM needs the following information:

  • Roles of users
    • to provide the information to the Airlock Gateway (WAF)
    • to take decisions (e.g. for Step-Up)
  • Target Applications:
    • for step-up authentication (and similar concepts)
    • for identity propagation (not part of the current access control).

Applied to the above example scenario, Airlock IAM roughly holds the following access policy user information:

User
Granted Roles
User1
-
User2
customer + admin
User3
customer
User4
admin

Information storage

The above information is stored in:

  • Roles: user directory (typically the IAM database)
  • Target applications: configuration

Please consult  Securing applications with the JSP-Loginapp for further information about configuration.