Store Web Service Proxy

The Store Web Service Proxy (WSP) is the primary gateway of the application domain. It receives a request with an LTPA token attached.

When requested, the processing rule for the request completes the following actions:
  1. Validates the request, as requested by the Validation policy. For more information, see Overview of WSRR artifacts in the sample.
  2. Routes the request to the alternate endpoint if the service level agreement (SLA) is Gold.
  3. Authenticates, completes authorization, and accounting (AAA) on the request. This includes the following actions:
    1. Authenticates the user with an LTPA token.
    2. Maps the credentials against the LDAP server that provides information as to which groups the customer belongs. These groups include Manager, Clerk, and Customer.
    3. Transforms the provided inputs into a request object that the XACML policy decision point (PDP) can understand.
    4. Completes authorization using an XACML PDP on the DataPower® box, with an XACML policy document that can be created in IBM® Tivoli® Security Policy Manager. The criteria of the policy is that the user must be a Manager, Customer, or Clerk. For the findInventory operation, the returns require either Manager or Clerk, and purchases can be performed by customers.
  4. Sets the ConsumerID value using an XSL script.
  5. Removes the entire HTTP Security Header from the request.
  6. Calls the Store service back end.
When the request is processed, the response processing rule completes the following actions:
  1. Calls the StoreXACMLFW gateway, that acts as the PDP in the scenario.
  2. Based on the response, the price info field is redacted (zeroed out) depending on if the user has the Manager role or not.

Concept Concept

Feedback

Timestamp icon Last updated: Thursday, 3 July 2014
http://publib.boulder.ibm.com/infocenter/prodconn/v1r0m0/topic/com.ibm.scenarios.soawdpwsrr.doc/topics/csoa2_sample_storewsp.htm