string[0..] nonUnique |
-
targetType
-
Lists the target types of the ME for Target Based Access Control (TBAC).
This attribute is optional for Authentication Methods that require TBAC configuration. Authentication Methods use TBAC to determine the following: whether a user can be authorized in the ME, and which authorization profiles apply to the user in the ME, based on the target types specified in this attribute.
This attribute can contain any classifier string for the ME such as geographical, for example: 'stockholm', network, for example 'ims', or functional identifiers, for example 'cscf', and any combination of these.
The generic behavior of TBAC for authorization is as follows:
TBAC is LOCKED in the ME: authorization is performed without TBAC.
TBAC is UNLOCKED in the ME: authorization is performed if the targets that the user is provided with exactly match at least one string of configured target types. Otherwise, authorization fails.
Determining the authorization profiles of the user is specific per Authentication Method.
The LOCKED and UNLOCKED states of TBAC in the ME are controlled by the Authentication Methods.
Example value: 'cscf.ims.stockholm'.
|