A handle to security policy settings and operations for the current ABL session. These settings and operations support session data cryptography, creating a session registry for trusted security domains, and user authentication and validation.
The LOAD-DOMAINS( ) method loads and locks a trusted domain registry for the session from the local domain registry of a single connected OpenEdge RDBMS. This type of registry supports domains for multi-tenant databases and is the most secure way to create a trusted domain registry for the session.
The REGISTER-DOMAIN( ) and LOCK-REGISTRATION( ) methods allow you to build and lock an application-defined trusted domain registry for the session. This type of registry requires the non-secure exposure of critical domain information as the domain registry is being built, and is therefore less secure than using the LOAD-DOMAINS( ) method. It also does not support domains for multi-tenant databases.
The SET-CLIENT( ) method can authenticate (or validate) and set the user identity for a security token represented by a client-principal object using a session trusted domain registry that you have previously loaded. This single method can set the user identity for both the session and existing database connections, depending on the user's domain definition and the design of your application authentication model. (Setting a database connection identity, alone, does not set the session identity.) The method can also set an auditable session identity.The GET-CLIENT( ) method retrieves the client-principal object previously used to set the current session identity using the SET-CLIENT( ) method. For more information on managing identity, domains, and domain registries, see OpenEdge Getting Started: Identity Management.