Entitlement Services

Basic Elements
Built intoDNAOSresource management, theDNAOSentitlement services process information from :

• user profile, defining each user's rights
• requested access level, ex: view, create, edit, update
• resource access rights, combining resource type metadata and all access rights defined for the resource and its internal components
• resource relations can be defined between resources, each with its own access level. These relations are resources themselves. This allows for secure distributed compound network structured resources as well as virtual profiles to be defined and used
• resource metadata

Direct and Proxy
DNAOSresources are either directly available toDNAOSor are proxies of external resources, like data in legacy SQL databases, or a mix of the two. A resource proxy also holds link, connect, and query information to retrieve the proxied resource when required.

Application Interface
Applications that useDNAOSentitlement to secure their resources simply invoke corresponding resource management services, passing user profile, required access level, and target resource query. Only authorized and valid resources are accessed or returned.

Separate Process
Security checking can be offloaded to separate processes and servers, freeing application logic from dependency on security configuration, allowing them both to evolve as required without having to modify, test, and re-deploy applications anytime security configuration changes, increasing flexibility and security, while reducing costs and maintenance.

More on DNAOS Entitlement
Additional information onDNAOSentitlement is available inSOA EntitlementandDNAOS Context.