Chapter 2. Planning 55
define application-specific administration tasks, and to return commands that
perform those tasks.
The administration service plug-in is accessed by a calling application that sends
Tivoli Access Manager administration API calls. The calling application can be
either an administrative utility such as the Tivoli Access Manager pdadmin
command or the Tivoli Access Manager Web Portal Manager, or it can be a
custom-built application. The administration service maps the administration API
calls to the corresponding administration service API calls, and carries out the
requested action.
External authorization service
An external authorization service plug-in is an optional extension of the Tivoli
Access Manager authorization service that allows you to impose additional
authorization controls and conditions. You can use an external authorization
service plug-in to force authorization decisions to be made based on
application-specific criteria that are not known to the Tivoli Access Manager
authorization service.
2.5.2 Administration API
Also known as the administration API, the Management API provides C
language bindings and Java admin classes to the same functions supported by
the pdadmin command line utility. It can be used by custom applications to
perform various Access Manager administrative functions.
Do not confuse the Tivoli Access Manager administration API with the Tivoli
Access Manager authorization administration service described in
“Administration service” on page 54.
The administration API provides a series of programmatic interfaces that a
calling application can use to send requests to the Tivoli Access Manager policy
server. In most cases, applications can use the administration API independent
of any use of the authorization administration service. However, application
developers can use the authorization administration service plug-in to provide
“back-end” authorization functions that can leverage administration API functions
to execute application-specific administrative commands.
Most of the Tivoli Access Manager administration C API functions provide
programmatic equivalents to each of the pdadmin command line interfaces. The
names of the administration API functions begin with the ivadmin_ prefix.
Since Java is an object-oriented programming language, each Tivoli Access
Manager administration object that can be manipulated directly from a Java
application is represented by a corresponding Java class. The objects supported

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.