Identity (or user identity) is the means by which a user can be securely known to a software system and is typically represented in the software by a security token. A security token is an object that contains both user credentials and additional information about the user's roles and capabilities. User credentials (sometimes referred to as login credentials) consist of the information required to authenticate the user against a secure user account system known to the authentication system or application. The user account system manages a repository of user accounts and verifies that the login credentials asserted by the security token match valid account in the repository. A security token supports the authentication process by transporting a set of user credentials to be authenticated. Upon successful authentication, the security token becomes a read-only (sealed) container for transporting and asserting the authenticated user's identity to access authorized resources. Once it is sealed, the security token also represents a login session, which is a period of time during which the security token represents a valid user identity.
The security token information about roles and capabilities authorizes the user to access specific resources of the software system. This resource authorization is supported by access control lists, which grant or deny access to particular resources for authenticated user identities.
All assertions of identity in OpenEdge are represented by a security token instance, and OpenEdge exposes security token objects to an ABL application in a manner that supports flexibility in the design and implementation of its authentication model. For authentication processes managed by OpenEdge and its installed components, the security token is hidden.
