The resolvers apply in the order listed. You can reorder the resolver types by dragging and dropping them to the appropriate position.

The following table describe the various resolver types.

Resolver type Description
Request

This resolver type looks inside the authorization request itself to determine whether the attribute has been provided by the caller. Specify the full name of the attribute, including any parents, in the request.

Constant

This resolver setting takes a constant value defined on the resolver itself. The type and value of the constant are required.

Note:

As with all other resolved values, constants undergo any value processing defined on the attribute. To define a constant that does not undergo value processing, consider using a Default value.

Service

This resolver setting uses a Trust Framework > Services endpoint to invoke the service at runtime to resolve the attribute. The service might rely on other attributes being supplied to invoke the service.

The PDP handles this process automatically.

Attribute

PingAuthorize Server can also resolve attributes from other attributes. This ability is useful when you have attributes that contain multiple pieces of information and you want to create nested or child attributes as subset extracts from them.

For example, the Customer.Name attribute might return the following JSON representation.

{ "firstname": "Joe", "middlename": "Bod", "surname": "Bloggs" }

In this example, you could create the Customer.Name.Surname attribute to resolve against the Customer.Name attribute and could use a JSON parser to extract only the Surname property of the JSON.

System

The PingAuthorize Policy Editor provides many of out-of-the-box System attributes that you can use without additional configuration. For example, the CurrentDateTime returns the current system datetime according to the Type defined for the attribute..

Configuration Key

The policy engine can resolve attribute values using policy configuration keys.

When using external PDP mode, you can declare local file-based trust stores and key stores by providing an options file during setup. See Specifying custom configuration with an options file.

When using embedded PDP mode, you do this by creating Policy Configuration Keys in the Policy Decision Service. See Use policies in a production environment.