A handle to security policy settings and operations
for the current ABL session. These settings and operations support
session data cryptography, creating a session registry for trusted
security domains, and user authentication and validation.
The
LOAD-DOMAINS( ) method loads and locks a trusted domain
registry for the session from the local domain registry of a single connected
OpenEdge RDBMS. This type of registry supports domains for multi-tenant
databases and is the most secure way to create a trusted domain
registry for the session.
The REGISTER-DOMAIN( ) and LOCK-REGISTRATION( ) methods
allow you to build and lock an application-defined trusted domain
registry for the session. This type of registry requires the non-secure
exposure of critical domain information as the domain registry is
being built, and is therefore less secure than using the LOAD-DOMAINS( )
method. It also does not support domains for multi-tenant databases.
The SET-CLIENT( ) method can authenticate (or validate)
and set the user identity for a security token represented by a
client-principal object using a session trusted domain registry
that you have previously loaded. This single method can set the
user identity for both the session and existing database connections,
depending on the user's domain definition and the design of your
application authentication model. (Setting a database connection
identity, alone, does not set the session identity.) The method
can also set an auditable session identity.The GET-CLIENT( ) method
retrieves the client-principal object previously used to set the current
session identity using the SET-CLIENT( ) method. For more information
on managing identity, domains, and domain registries, see OpenEdge
Getting Started: Identity Management.