Define the Security Policy for a Web Application in an Application Object

Application objects provide an access management model that lets you protect business applications without an in-depth knowledge of -specific concepts and components. This model is also known as Enterprise Policy Management (EPM).
sm1252sp1
Application objects provide an access management model that lets you protect business applications without an in-depth knowledge of 
CA Single Sign-On
-specific concepts and components. This model is also known as Enterprise Policy Management (EPM).
Advantages of Securing Your Resources Using Application Objects
Application objects present policy configuration in the context of securing an application. To protect an application, you create an 
Application 
object and are only required to provide data for configuration settings that do not have defaults. Modifying other settings is optional. Application objects therefore make policy configuration more straightforward. You can manipulate other settings that allow you to define more fine-grained protection of an application; however, such manipulation is not required.
For the administrator already familiar with domain-based policies, there is a relationship between the application-oriented concepts and the underlying policy objects. This relationship is reflected in the Administrative UI and is shown in the following table:
Application Dialogs and Group Boxes
Underlying
 
CA Single Sign-On
 Component
General settings
Defines the policy domain
Components
Defines the realm
Resource
Specifies the rule
Application Roles
Define the policy users
Application roles define the set of users who have access to a resource or group of resources that are defined in an Application object. Roles can have the following properties:
  • Roles can Include all users in configured user directories.
  • Roles can be limited to selected groups, organizations, and users with matching user attributes.
  • Roles can be specified using a named or unnamed expression.
Application objects offer the following benefits:
  • Application-centric approach
    The focus on applications relates closely to the view of access management by most businesses.
  • Consistent security enforcement model
    The security enforcement model for application objects is no different than implemented by the more domain-centric model. However, the domain-specific components are hidden from configuration.
  • Simplified security
    Securing resources is simplified—you name the application, the application resources that need protecting, and the application roles that are permitted access. You are not required to examine or modify every aspect of a component to establish a security policy.
  • Enhanced delegation
    An administrator can grant access to an application without expert knowledge of 
    CA Single Sign-On
    . This ability enables a senior security administrator to delegate access management responsibilities to other administrators.
More information: