454 lines
17 KiB
HTML
454 lines
17 KiB
HTML
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<title>EIM Mapping Lookup Algorithm</title>
|
||
|
<!-- Begin header records -->
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Change History: -->
|
||
|
<!-- YYMMDD USERID Change description -->
|
||
|
<!-- Created by Carol Budnik on 17 July 2001 -->
|
||
|
<!-- Edited by Kersten Jan 02 -->
|
||
|
<!-- End Header Records -->
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</head>
|
||
|
<body>
|
||
|
<!--Java sync-link-->
|
||
|
<script type="text/javascript" language="javascript" src="../rzahg/synch.js">
|
||
|
</script>
|
||
|
|
||
|
<a name="Top_Of_Page"></a>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<img src="delta.gif" alt="Start of change">
|
||
|
|
||
|
<h2>EIM Mapping Lookup Algorithm</h2>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- D E S C R I P T I O N -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<p>The following algorithm is used when doing a mapping lookup
|
||
|
using either Get EIM Target Identities from the Source
|
||
|
(eimGetTargetFromSource) or Get EIM Target Identities and Credentials
|
||
|
from the Source (eimGetTargetCredsFromSource) API.</p>
|
||
|
|
||
|
<ol>
|
||
|
<!-- Step 1 -->
|
||
|
<li>Check if both the source and target registries support mapping lookup operations.
|
||
|
If not, return no data.
|
||
|
</li>
|
||
|
<!-- Step 2 -->
|
||
|
<li>Specific source association to target association
|
||
|
<ul>
|
||
|
<li>Check for source associations to EIM identifier(s) using the specified
|
||
|
source registry user name and source registry. If none is found, go to step 3.
|
||
|
</li>
|
||
|
<li>Check for target associations to the EIM identifier(s) using the specified
|
||
|
target registry. If none are found, go to step 3.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to step 3.
|
||
|
</li>
|
||
|
<li>Return the target identity(ies) for the specified target registry.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 3 -->
|
||
|
<li>Specific source association to target association using source group registries
|
||
|
<ul>
|
||
|
<li>Check if the specified source registry is a member of any
|
||
|
group registries. If not, go to step 4.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each group registry:
|
||
|
<ul>
|
||
|
<li>Check if the group registry supports mapping lookup operations.
|
||
|
If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for source associations to EIM identifier(s) using the specified
|
||
|
source registry user name and the group registry name. If none are found,
|
||
|
go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for target associations to the EIM identifier(s) using the specified
|
||
|
target registry. If none are found, go to next group registry.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Add the target identity(ies) for the specified target registry to the return list.
|
||
|
</li>
|
||
|
</ul>
|
||
|
<li>If entries were added to the list, then return.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 4 -->
|
||
|
<li>Specific source association to target association using target group registries
|
||
|
<ul>
|
||
|
<li>Check if the specified target registry is a member of any
|
||
|
group registries. If not, go to step 5.
|
||
|
</li>
|
||
|
<li>Check for source associations to EIM identifier(s) using the specified
|
||
|
source registry user name and source registry. If none are found, go to step 5.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each group registry:
|
||
|
<ul>
|
||
|
<li>Check if the group registry supports mapping lookup operations.
|
||
|
If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for target associations to the EIM identifier(s) using the
|
||
|
group registry name. If none are found, go to next group registry.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Add the target identity(ies) for the group registry name to the return list.
|
||
|
</li>
|
||
|
</ul>
|
||
|
<li>If entries were added to the list, then return.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 5 -->
|
||
|
<li>Specific source association to target association using source and target group registries
|
||
|
<ul>
|
||
|
<li>Check if the specified source registry is a member of any
|
||
|
group registries. If not, go to step 6.
|
||
|
</li>
|
||
|
<li>Check if the specified target registry is a member of any
|
||
|
group registries. If not, go to step 6.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each source group registry:
|
||
|
<ul>
|
||
|
<li>Check if the source group registry supports mapping lookup operations.
|
||
|
If not, go to next source group registry.
|
||
|
</li>
|
||
|
<li>Check for source associations to EIM identifier(s) using the specified
|
||
|
source registry user name and source group registry name. If none are found,
|
||
|
go to next source group registry.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each target group registry:
|
||
|
<ul>
|
||
|
<li>Check if the target group registry supports mapping lookup operations.
|
||
|
If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for target associations to the EIM identifier(s) using the
|
||
|
target group registry name. If none are found, go to next target group registry.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to next target group registry.
|
||
|
</li>
|
||
|
<li>Add the target identity(ies) for the target group registry name to the return list.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li>If entries were added to the list, then return.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 6 -->
|
||
|
<li>Check if the domain supports policy associations. If not, return no data.
|
||
|
</li>
|
||
|
<!-- Step 7 -->
|
||
|
<li>Check if the target registry supports policy associations. If not, return no data.
|
||
|
</li>
|
||
|
<!-- Step 8 -->
|
||
|
<li>Certificate filter policy associations
|
||
|
<ul>
|
||
|
<li>Check if the source registry is an X.509 registry. If not, go to step 10.
|
||
|
</li>
|
||
|
<li>Check if there is a certificate policy filter value that matches the source identity.
|
||
|
If not, go to step 10.
|
||
|
</li>
|
||
|
<li>Check for certificate filter policy associations for the certificate filter
|
||
|
policy value to the target registry. If none are found, go to step 9.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to step 9.
|
||
|
</li>
|
||
|
<li>Return the target identity(ies) for the specified target registry.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 9 -->
|
||
|
<li>Certificate filter policy associations using target group registries
|
||
|
<ul>
|
||
|
<li>Check if specified target registry is a member of any group registries.
|
||
|
If not, go to step 10.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each target group registry:
|
||
|
<ul>
|
||
|
<li>Check if the target group registry supports policy associations.
|
||
|
If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for certificate filter policy associations for the certificate filter
|
||
|
policy value to the group registry. If none are found, go to next group registry.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Add the target identity(ies) for the group registry name to the return list.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li>If entries were added to the list, then return.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 10 -->
|
||
|
<li>Default registry policy associations
|
||
|
<ul>
|
||
|
<li>Check for default registry policy associations for the source registry
|
||
|
to the target registry. If none are found, go to step 11.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to step 11.
|
||
|
</li>
|
||
|
<li>Return the target identity(ies) for the specified target registry.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 11 -->
|
||
|
<li>Default registry policy associations using source group registries
|
||
|
<ul>
|
||
|
<li>Check if the specified source registry is a member of any
|
||
|
group registries. If not, go to step 12.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each group registry:
|
||
|
<ul>
|
||
|
<li>Check if the group registry supports policy associations.
|
||
|
If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for default registry policy associations for the group registry
|
||
|
to the target registry. If none are found, go to next group registry.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Add the target identity(ies) for the specified target registry to the return list.
|
||
|
</li>
|
||
|
</ul>
|
||
|
<li>If entries were added to the list, then return.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 12 -->
|
||
|
<li>Default registry policy associations using target group registries
|
||
|
<ul>
|
||
|
<li>Check if the specified target registry is a member of any
|
||
|
group registries. If not, go to step 13.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each group registry:
|
||
|
<ul>
|
||
|
<li>Check if the group registry supports policy associations.
|
||
|
If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for default registry policy associations for the source registry
|
||
|
to the group registry. If none are found, go to next group registry.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Add the target identity(ies) for the group registry name to the return list.
|
||
|
</li>
|
||
|
</ul>
|
||
|
<li>If entries were added to the list, then return.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 13 -->
|
||
|
<li>Default registry policy associations using source and target group registries
|
||
|
<ul>
|
||
|
<li>Check if the specified source registry is a member of any
|
||
|
group registries. If not, go to step 14.
|
||
|
</li>
|
||
|
<li>Check if the specified target registry is a member of any
|
||
|
group registries. If not, go to step 14.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each source group registry:
|
||
|
<ul>
|
||
|
<li>Check if the source group registry supports policy associations.
|
||
|
If not, go to next source group registry.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each target group registry:
|
||
|
<ul>
|
||
|
<li>Check if the target group registry supports policy associations.
|
||
|
If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for default registry policy associations for the source group registry
|
||
|
to the target group registry. If none are found, go to next target group registry.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to next target group registry.
|
||
|
</li>
|
||
|
<li>Add the target identity(ies) for the target group registry name to the return list.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li>If entries were added to the list, then return.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 14 -->
|
||
|
<li>Default domain policy associations
|
||
|
<ul>
|
||
|
<li>Check for default domain policy associations to the target registry.
|
||
|
If none are found, go to step 15.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to step 15.
|
||
|
</li>
|
||
|
<li>Return the target identity(ies) for the specified target registry.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 15 -->
|
||
|
<li>Default domain policy associations using target group registries
|
||
|
<ul>
|
||
|
<li>Check if the specified target registry is a member of any
|
||
|
group registries. If not, return no data.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each group registry:
|
||
|
<ul>
|
||
|
<li>Check if the group registry supports policy associations.
|
||
|
If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for default domain policy associations
|
||
|
to the group registry. If none are found, go to next group registry.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Add the target identity(ies) for the group registry name to the return list.
|
||
|
</li>
|
||
|
</ul>
|
||
|
<li>Return to caller.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
</ol>
|
||
|
<br>
|
||
|
<br>
|
||
|
|
||
|
<p>The following algorithm is used when doing a mapping lookup
|
||
|
using either Get EIM Target Identities from the Identifier
|
||
|
(eimGetTargetFromIdentifier) or Get EIM Target Identities and Credentials
|
||
|
from the Identifier (eimGetTgtCredsFromIdentifier) API.</p>
|
||
|
|
||
|
<ol>
|
||
|
<!-- Step 1 -->
|
||
|
<li>Check if the target registry supports mapping lookup operations.
|
||
|
If not, return no data.
|
||
|
</li>
|
||
|
<!-- Step 2 -->
|
||
|
<li>Specific target association to the identifier
|
||
|
<ul>
|
||
|
<li>Check for target associations to the EIM identifier using the specified
|
||
|
target registry. If none are found, go to step 3.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to step 3.
|
||
|
</li>
|
||
|
<li>Return the target identity(ies) for the specified target registry.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 3 -->
|
||
|
<li>Specific target association to the identifier using target group registries
|
||
|
<ul>
|
||
|
<li>Check if the specified target registry is a member of any
|
||
|
group registries. If not, go to step 4.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each group registry:
|
||
|
<ul>
|
||
|
<li>Check if the group registry supports mapping lookup operations.
|
||
|
If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for target associations to the EIM identifier using the group
|
||
|
registry. If none are found, go to next group registry.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Add the target identity(ies) for the specified target registry to the return list.
|
||
|
</li>
|
||
|
</ul>
|
||
|
<li>If entries were added to the list, then return.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 4 -->
|
||
|
<li>Check if the domain supports policy associations. If not, return no data.
|
||
|
</li>
|
||
|
<!-- Step 5 -->
|
||
|
<li>Check if the target registry supports policy associations. If not, return no data.
|
||
|
</li>
|
||
|
<!-- Step 6 -->
|
||
|
<li>Default domain policy associations
|
||
|
<ul>
|
||
|
<li>Check for default domain policy associations to the target registry.
|
||
|
If none are found, go to step 7..
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to step 7.
|
||
|
</li>
|
||
|
<li>Return the target identity(ies) for the specified target registry.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<!-- Step 7 -->
|
||
|
<li>Default domain policy associations using target group registries
|
||
|
<ul>
|
||
|
<li>Check if the specified target registry is a member of any
|
||
|
group registries. If not, return no data.
|
||
|
</li>
|
||
|
<li>Repeat these steps for each group registry:
|
||
|
<ul>
|
||
|
<li>Check if the group registry supports policy associations.
|
||
|
If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Check for default domain policy associations
|
||
|
to the group registry. If none are found, go to next group registry.
|
||
|
</li>
|
||
|
<li>If additional information is specified, check if any of the target identities
|
||
|
have the same additional information. If not, go to next group registry.
|
||
|
</li>
|
||
|
<li>Add the target identity(ies) for the group registry name to the return list.
|
||
|
</li>
|
||
|
</ul>
|
||
|
<li>Return to caller.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
</ol>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- F O O T E R -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
|
||
|
<hr>
|
||
|
<center>
|
||
|
<table cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
||
|
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
<img src="deltaend.gif" alt="End of change">
|
||
|
</body>
|
||
|
</html>
|
||
|
|