You also learned:
  • Gateway API Endpoint names in the PingAuthorize Server configuration must match Trust Framework Service names in the Policy Editor.
  • Policies can pinpoint different API services and HTTP verbs.
  • Policies can PERMIT or DENY transactions based on any combination of attributes.
  • Mock access tokens make testing very easy.
  • Trust Framework attributes obtain their values using resolvers and transform their values using processors.
  • PingAuthorize Server supplies Attributes for HTTP metadata, request data, and OAuth 2 access token attributes.
  • You can test policies directly from the Policy Editor.
  • The Policy Editor's Decision Visualiser gives you a detailed view of recent policy decisions.