Policy Check Requests

This section describes how the client application requests are authorised by the User Prompt Service.

The network user prompt service framework enables the developers to invoke the user prompt in two ways.

  1. Using a TNoBearer request

  2. Using TPolicyCheckRequest

Piggy-back Request With TNoBearer

The piggy back using TNoBearer is used when an application attempts to write data into a socket for the first time without an existing bearer. The Piggy back request using TNoBearer method is recommended to be used by IP networking processes but can be used by other frameworks. This method is used when the TCP/IP stack calls a NoBearer() function or when a control provider (IP SCPR) sends a TNoBearer to the MCPR. The MCPR retrieves the attributes of the client from the UPS access point configuration extension, which is created by the node and the MCPR prior to a TNoBearer.

UPS Access Point Configuration Extension

The UPS access point configuration extension is used to provide the information necessary to send the UPS prompt request to the MCPR. The TNoBearer message does not contain enough attributes for the MCPR to forward the request to the UPS server, so the UPS access point configuration extension populates the required field in the TNoBearer message. The UPS access point configuration extension is created in either of the following situations :

The extension contains the details of the client which originated the above calls. The extension contains the details such as process id, thread id, result of the platform security check, destination address and a Boolean flag specifying if a particular process needs to be authenticated by UPS server.

Authorisation Request With TPolicyCheckRequest

TPolicyCheckRequest is used when an application attempts to write data into a socket with an existing bearer. When the application must be authenticated by the user, the framework implementers pass the user prompts request to the control providers. The node passes the client side request through a TPolicyCheckRequest. This mechanism is implemented in the core framework and is available to all the framework implementers. The mechanism requires TPolicyCheckRequest message to be sent from the node which requires UPS authorisation to its MCPR through an intermediate clients. A TPolicyCheckResponse is sent in the opposite direction once the response is received from the UPS server.

TPolicyCheckRequest contains client information such as the process id, the result of platform security check and, when available, the destination address field .