IBM Security Solutions: Difference between revisions
No edit summary |
|||
Line 9: | Line 9: | ||
The authentication framework supports built-in authenticators and supports external authenticators. | The authentication framework supports built-in authenticators and supports external authenticators. | ||
=WebSEAL= | |||
A high-performance, multi-threaded Web server that applies fine-grained security policy to the Tivoli Access Manager-protected Web object space. | A high-performance, multi-threaded Web server that applies fine-grained security policy to the Tivoli Access Manager-protected Web object space. | ||
Line 15: | Line 15: | ||
WebSEAL can provide single sign-on solutions and incorporate back end Web application server resources into its security policy. WebSEAL acts as a reverse proxy, receiving HTTP/HTTPs requests from browsers and delivering content from its own web servers. Requests passing through WebSEAL are evaluated by the Tivoli Access Manager authorization service to determine whether the user is [[#User_Authentication|authenticated]] and authorized to access the requested resource. | WebSEAL can provide single sign-on solutions and incorporate back end Web application server resources into its security policy. WebSEAL acts as a reverse proxy, receiving HTTP/HTTPs requests from browsers and delivering content from its own web servers. Requests passing through WebSEAL are evaluated by the Tivoli Access Manager authorization service to determine whether the user is [[#User_Authentication|authenticated]] and authorized to access the requested resource. | ||
==User Authentication== | |||
The process of authentication proves the identity of a user to WebSEAL. Only users with an entry in the [[#User_Registry|user registry]] can become authenticated users. | The process of authentication proves the identity of a user to WebSEAL. Only users with an entry in the [[#User_Registry|user registry]] can become authenticated users. | ||
==Credential== | |||
When a user successfully authenticates to WebSEAL, a set of identification information known as ''credential'' is created for that user. The credential contains the user identity, group membership and any special ("extended") security attributes. | When a user successfully authenticates to WebSEAL, a set of identification information known as ''credential'' is created for that user. The credential contains the user identity, group membership and any special ("extended") security attributes. |
Revision as of 22:24, 19 February 2017
External
- IBM Tivoli Access Manager WebSEAL overview https://publib.boulder.ibm.com/tividd/td/ITAME/SC32-1359-00/en_US/HTML/am51_webseal_guide10.htm
IBM Tivoli Access Manager
A complete, centralized authorization and network security policy solution solution for distributed applications. It provides security policy management, an authentication framework, an authorization framework, data security and centralized resource management capabilities.
The authentication framework supports built-in authenticators and supports external authenticators.
WebSEAL
A high-performance, multi-threaded Web server that applies fine-grained security policy to the Tivoli Access Manager-protected Web object space.
WebSEAL can provide single sign-on solutions and incorporate back end Web application server resources into its security policy. WebSEAL acts as a reverse proxy, receiving HTTP/HTTPs requests from browsers and delivering content from its own web servers. Requests passing through WebSEAL are evaluated by the Tivoli Access Manager authorization service to determine whether the user is authenticated and authorized to access the requested resource.
User Authentication
The process of authentication proves the identity of a user to WebSEAL. Only users with an entry in the user registry can become authenticated users.
Credential
When a user successfully authenticates to WebSEAL, a set of identification information known as credential is created for that user. The credential contains the user identity, group membership and any special ("extended") security attributes.
User Registry
The user registry is the user authentication information repository. TAM supports LDAP, Lotus Domino, Microsoft Active Directory. The user registry plays a role in the user authentication process.
Master Authorization Database
The master authorization database contains a representation of all resources in the domain (the protected object space). The security administrator can dictate any level of security by applying rules known as ACL (access control list) policies and protected object policies (POP).