Policy Federation: Dynamic Authorization & Real-time permission Orchestration

Policy Federation enables Seclore to dynamically inherit and enforce access permissions from the integrating enterprise application.

Instead of storing static permissions inside Seclore, authorization decisions remain within the application — ensuring a single source of truth for access control.

At runtime, Seclore Policy Server queries the application to determine effective rights before allowing access to a protected file.

Communication Flow

The diagram below illustrates the two-phase communication flow between the Integrating Application, Seclore Policy Server, Seclore Client, and the Rights Callback API.

Integrating App Policy Server PHASE 1 — File Protection (Server SDK/API) 1 Pass Application File Identifier while protecting using Seclore SDK/API 2 Seclore FileID + Encryption Key for protection Stores Application File ID & Seclore FileID Mapping Access policy already defined per Application File ID in app. Policy lives in app not in Seclore. Integrating App Policy Server End User File Recipient Seclore Client Policy Server Integrating App Rights Callback API PHASE 2 — File Open & Dynamic Rights Resolution 3 Open Protected File 4 Request Access 5 Callback: Application File ID + User ID/Email 6 Rights XML response - permission 7 Enforced rights 8 Render File End User File Recipient Seclore Client Policy Server Integrating App Rights Callback API