Entrust Secure Transaction Platform
Entitlements Service
After the originator of a Web services transaction (typically in the form of a SOAP message) has been identified — and a determination made as to whether or not to trust them — a decision must be made as to whether or not the requested action should be performed.
The purpose of the Entrust Entitlements Service is to confirm that the entity trying to access a Web service (and other types of resources, also) has the right to do so. Like the Identification Service, the Entitlements Service makes it possible for Web services applications to focus on business logic and rely on fundamental security operations occurring centrally in the Foundation Security Services by “outsourcing” the entitlements decision.
Because Web services applications will drive automated business process, organizations running these services need to know that entities attempting to access their Web services are entitled to do so … and that specification of these entitlements policies can be done in an easy-to-manage, centrally controlled administrative system.
Today, the Entrust GetAccess™ product portfolio provides entitlements capabilities for Web portal applications exactly in this manner. Through a centralized administrative capability, organizations administer the resources (for example, Web pages and applications) that identities can access through single sign-on to the portal. Entitlements are verified in a way that is transparent to the Web portal application. This solution makes it possible for application developers to focus on business logic rather than worrying about security.
The Entitlements Service leverages and extends the capabilities that Entrust GetAccess provides today to Web services environments.
As a further demonstration of Entrust’s commitment to implementing standards for Web services, Entrust is building the Entitlements service using the SAML (Security Assertion Markup Language) standard for authorization assertions.
BACK
