ABSTRACT
Chapter 15 mostly completes the enterprise attribute ecosystem that was begun in Figures 9.1 and 10.1. Note that all of the services are expected to meet the enterprise requirements for security, including bilateral PKI authentication and SAML authorization. ere is an exception for the STS and a few other utility services that use identity-based access control. e AE consists of a number of information services and stores as listed below:
◾ Services: 1. Authoritative content import service (multiples) 2. Manage import and aggregation web application 3. Manual entry web application for attributes 4. AE data import service (aggregation and mediation) 5. Enterprise service registry web application 6. Manage claims engine service 7. Claims engine application 8. Manage claims web application 9. Manage delegation web application and service 10. Claims exposure and editor web service 11. Provide claims web service 12. Delegation service and web application 13. Manage groups and roles web application 14. Auto registration web service 15. Write attribute list 16. Attribute query 17. Claims query 18. Special delegation service
◾ Stores: 1. Interim store 2. Service registry 3. Enterprise attribute store 4. Claims repository 5. Enterprise groups and roles store
e relationship between these services and stores is shown in Figure 16.1, and the attribute ecosystem is shown in Figure 16.2. is chapter discusses each of the services and stores, as well as several use cases for the AE. We start with use cases. Attack surfaces are kept to a minimum by having the attribute store with a minimum number of interfaces and only one write-authorized interface.
