We are developing a system using OpenAM as STS and OpenDJ Directory Service as storage. We have extended the schema for some more data about users and groups, which by changing OpenAM settings, it can easily work with them. We have also used OpenAM Policy for Action (Uri+Verb) privilege for groups (and users).
I know I can export policy list into xml and import in another OpenAM, but actually I wanna know where OpenAM persists the policy under the hood? Within the underlying directory service?
We have a new issue to limit some users/groups for using some actions by quota. For example, a user may buy quota to use uri x + verb GET 200 times and we have to hold this data somewhere. I am in doubt if storing this data within Directory Service is a good pattern.