Implicit application independent authorization steps are performed in tas3_sso() SSO, tas3_call() Service Requester, tas3_wsp_validate(), and tas3_wsp_decorate() APIs. To activate them, you need to supply appropriate configuration options. Specifics of this configuration are implementation dependent.
The tas3_az() function is the main work horse for requesting authorization decisions from the PDPs. It allows programmer to make Application Dependent authorization calls, supplying some or all of the attributes needed in a XACML request. tas3_az() can also use attributes from the session, if configured. Specifics of this configuration are implementation dependent.
the configuration string or object
if supplied, any CGI variables are imported to session environment as attributes according to configuration. Format is CGI Query String.
attributes are obtained from the session, if supplied (see also CGI). Session ID can be supplied as a string or a session object can be passed.
0 if deny (for any reason, e.g. indeterminate), or string representation of
Example Pseudocode
cf = tas3_new_conf();
ses = tas3_alloc_ses(cf);
ret = tas3_simple_cf_ses(cf, 0, $QUERY_STRING, ses, 0, 0x1800);
if (ret =~ /^d/) {
perr "SSO ok, now checking authorization";
if (tas3_az_cf_ses(cf, "Action=SHOW&BusinessProcess=register:emp", ses))
perr "Permit, add code to deliver application content";
else
perr "Deny, send back an error";
}