IBM Tivoli Access Manager
From Wikipedia, the free encyclopedia
This article does not cite any references or sources. (February 2008) Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed. |
The IBM Tivoli Access Manager is part of the IBM Tivoli Framework and enables the integration of Access Manager applications that provide a wide range of authorization and management solutions. It is sold as an integrated solution, this is one of many IBM products that provide an access control management solution that centralizes network and application security policy for e-business applications. This product can be used on various operating system platforms such as Unix (AIX, Solaris, HP-UX), Linux, and Microsoft Windows.
Access control management plays a very significant role in any security architecture and implementation. The purpose of access control in an overall IT security architecture is to enforce security policies by granting access to, and execution of, processes and services within a computing solution via identification, authentication, and authorization processes, along with security mechanisms that use credentials and attributes. In security systems, authentication is distinct from authorization. Authentication is the process of identifying an individual who is attempting to log in to a secure domain. It gives the answer on the question: “Who are you?”. Authorization is the act of determining what resources an authenticated user can access. To put it simply, authorization provides you with a yes or no answer to the question: “Are you authorized (do you have permission) to access/manipulate the requested object?”. Part of the authentication process involves the creation of a credential that describes the identity of the user. Authorization decisions made by an authorization service are based on user credentials.
Access control information, which generally evolves around authentication and authorization mechanisms, is handled by IBM Tivoli Access Manager. IBM Tivoli Access Manager is an authentication and authorization solution for corporate Web, client/server, and existing applications. Tivoli Access Manager allows you to control user access to protected information and resources. By providing a centralized, flexible, and scalable access control solution, Tivoli Access Manager allows you to build secure and easy-to-manage network-based applications and e-business infrastructure. Tivoli Access Manager supports authentication, authorization, data security, and resource management capabilities. Tivoli Access Manager is used in conjunction with standard Internet-based applications to build highly secure and well-managed intranets. The following products make up the IBM Tivoli Access Manager family:
- IBM Tivoli Access Manager for e-business (ITAMeb)
- IBM Tivoli Access Manager for Business Integration (ITAMBI)
- IBM Tivoli Access Manager for Operating Systems (ITAMOS)
IBM Tivoli Access Manager for e-business provides robust, policy-based security to a corporate Web environment. Authentication of users, control of access privileges, auditing, single sign-on, high availability, and logging are all essential elements of any security management solution and are provided by Access Manager for e-business.
[edit] Core Components
Access Manager for e-business is based on two core components:
- A user registry.
- An authorization service consisting of an authorization database and an authorization engine that performs the decision-making action on the request.
A user registry and an authorization service are the fundamental building blocks upon which Access Manager provides its security service capabilities. All other Access Manager services and components are built upon this base foundation.
Another component that is very close to the base components is called a resource manager. It is responsible for applying security policy to resources. The policy enforcer component directs the request to the authorization service for evaluation. Based on the authorization service result (approval or denial) the resource manager allows or denies access to the protected resources. Access Manager authorization decisions are based upon the Privilege Attribute Certificate (PAC), which is created for each user authenticated in an Access Manager environment, regardless of the authentication mechanism used.
[edit] See also
- IBM Tivoli Framework
- IBM Tivoli Identity Manager
- CA Access Control