IBM United States
Software Announcement 201-272
September 25, 2001
Tivoli SecureWay Policy Director V3.8 Delivers a Security Management Solution for Large-Scale Secure e-commerce and Enterprise Deployments
At a Glance
Tivoli SecureWay Policy Director V3.8 delivers the following:
For ordering, contact:
Your IBM representative, an IBM Business Partner, or IBM Americas Call Centers at 800-IBM-CALL (Reference: YE001).
Tivoli® SecureWay® Policy Director Version 3 Release 8 (V3.8) is an end-to-end security solution that delivers:
Key Features and Benefits
Planned Availability Date
October 12, 2001
End of Support
Based on the Tivoli end of support policy, Tivoli support for V3.7 of Tivoli SecureWay Policy Director will be discontinued 12 months after planned availability of Release 8.
Tivoli SecureWay Policy Director V3.8 provides integrated policy-based security management for the extended enterprise that enables customers, Business Partners, employees, suppliers, and distributors to securely access enterprise portal resources in a trusted fashion.
In today's competitive environment, critical to the success of e-business is the extent to which business units integrate their business models within their extended business ecosystems. Security is a fundamental enabler of this "e-business ecosystem" that empowers businesses to deliver value functions to diverse end-user constituents, and Business Partners and affiliates.
On the Internet-facing side, business solutions may assume forms such as business portals, customer relationship management (CRM) systems, business-to-business exchanges, private, public, or vertical industry eMarketplaces, and business integration tools linking procurement systems or supply-chain integration or collaborative manufacturers. For example, business solutions in the business-to-consumer relationship may assume the form of consumer portals or employee portals, CRM systems, Internet banking, eMortgages, electronic bill payment, and ePay.
Integration with Internet-facing applications is just one part of the problem. Enterprise application integration with Web middleware (such as WebSphere and BEA WebLogic Server), messaging (such as MQSeries® and MQSeries Integrator), business processes, and Enterprise Resource Planning (ERP) are critical to deliver time-to-value to business units.
Tivoli SecureWay Policy Director V3.8 has the flexibility to:
In addition, Tivoli SecureWay Policy Manager V3.8 provides:
The new features available in this release are robust and help ensure one
of the most comprehensive security solutions for e-business and the
enterprise. In addition, Tivoli SecureWay Policy Director V3.8 offers
enhancements to help performance in session management, user
authentication, and authorizations per second.
e-business Platform and Solution Support
V3.8 of Tivoli SecureWay Policy Director adds features that help enable you to manage your e-business platform and adds support for e-business solutions from many Independent Software Vendors (ISVs).
Web Single Sign-On for WebSphere and Domino Applicators
Tivoli SecureWay Policy Director V3.8 adds Web Single Sign-On capability for the following applicators using Tivoli SecureWay Policy Director V3.8's WebSEAL:
Plug-in for WebSphere Edge Server Version 2
A new Tivoli SecureWay Policy Director V3.8 plug-in has been developed for use in conjunction with WebSphere Edge Server Version 2. The new plug-in can enable you to deploy secure, virtually-hosted Web proxy environments using Tivoli SecureWay Policy Director V3.8's authentication and authorization capabilities.
WebSphere Edge Server offers you:
By implementation and integrating Tivoli SecureWay Policy Director V3.8 and WebSphere Edge Server, you can benefit from the ease of working with a single object namespace representing the full set of security policy for the resources that you want to protect, as well as the benefits of Web Single Sign-On across your WebSphere and non-WebSphere resources.
Support for e-business Applications Using Java-Based Application Programming Interface
Tivoli SecureWay Policy Director V3.8 supports enhancements to its Java implementation of the Java 2 platform, and Java Authentication and Authorization Service (JAAS) specification. Application developers can leverage the familiar Java 2 security and JAAS interfaces within Java applications and Java application servers for authentication and fine-grained access control.
The PDPermission and PDPrincipal classes (100% pure Java implementation) ship as part of the Tivoli SecureWay Policy Director Application Developer Kit (ADK). ADK ships with Tivoli SecureWay Policy Director V3.8. These PDPermission and PDPrincipal classes provide authentication and authorization services to Java applications.
Enhancements to these class libraries include:
SSL Management APIs for Custom Management Applications
A new set of SSL-based Management APIs ("C" language-based) is included that can enable enterprises to integrate or build their own management for user administration, permission management, and application access provisioning.
Beta Component (J2EE Support) for WebSphere Application Server
Tivoli SecureWay Policy Director V3.8 provides a beta component for WebSphere Application Server on Tivoli SecureWay Policy Director supported server platforms. The beta component can enable you take advantage of the following features:
Note: The beta component is licensed under the International License Agreement for Early Release of Programs. Tivoli Support and PA Software Maintenance are not provided for the beta component.
Support for Siebel Customer Relationship Management (CRM) 2000
Tivoli SecureWay Policy Director V3.8 adds support for the Siebel CRM 2000 solution on Tivoli SecureWay Policy Director V3.8 supported server platforms. The support enables you to leverage Tivoli SecureWay Policy Director V3.8 for:
You can download the security module implementation and documentation for Siebel support from the following Tivoli Web site:
Support for mySAP.com Enterprise Resource Planning (ERP)
Tivoli SecureWay Policy Director V3.8 adds support for the mySAP.com e-business platform on Tivoli SecureWay Policy Director V3.8 supported server platforms. The support enables you to leverage Tivoli SecureWay Policy Director V3.8 for:
You can download the security module implementation and documentation for mySAP.com support from the following Tivoli Web site:
Beta Component (J2EE Support) for BEA WebLogic Server
Tivoli SecureWay Policy Director V3.8 provides a beta component for BEA WebLogic Server on Tivoli SecureWay Policy Director V3.8 supported server platforms. The beta component can enable you to take advantage of the following features:
Note: The beta component is licensed under the International License Agreement for Early Release of Programs. Tivoli Support and PA Software Maintenance are not provided for the beta component.
Support for BroadVision One-to-One Enterprise
Tivoli SecureWay Policy Director V3.8 adds support for BroadVision One-to-One Enterprise 6.0 on Tivoli SecureWay Policy Director V3.8 supported server platforms. The support enables you to take advantage of the following features:
You can download the documentation for BroadVision One-to-One support from the following Web site:
Support for Vignette Version 5
Tivoli SecureWay Policy Director V3.8 adds support for Vignette 5.0 on Tivoli SecureWay Policy Director V3.8 supported server platforms. The support enables you to take advantage of the following features:
You can download the documentation for Vignette 5.0 support from the following Tivoli Web site:
Support for Plumtree Corporate Portal
Tivoli SecureWay Policy Director V3.8 adds support for Plumtree Corporate Portal on Tivoli SecureWay Policy Director V3.8 supported server platforms. The support enables you to take advantage of the following feature:
You can download the documentation for Plumtree support from the following Tivoli Web site:.
Usability, Deployability, and Performance Enhancements
SSL-Based Communications Between Management Components
All server-to-server communications in Tivoli SecureWay Policy Director V3.8 use industry standard SSL for security. This helps assure the highest level of security in the product implementation and the deployment flexibility to support complex cross-enterprise business solutions that span Firewalls and Virtual Private Networks.
Cross Domain Web Single Sign-On Enhancements
Tivoli SecureWay Policy Director V3.8 adds new extensions to the Cross Domain Web Single Sign-On. The new enhancements to the Cross Domain Web Single Sign-On facility are made so that if the user chooses to pre-enroll in an eCommunity, the user will not have to visit remote domains via a redirect model. This means that, through pre-enrollment, users will be redirected to every domain that is part of the eCommunity and each domain will place a persistent cookie in the user's browser. If the user moves to a new desktop, an additional enrollment will be required. The contents of the domain cookie will be a hint to Tivoli SecureWay Policy Director's WebSEAL, upon receiving an unauthenticated request, about where to direct this user for login. If the user is already logged-in to the remote site, a redirect containing the users identity will send the user back to the originating WebSEAL and automatically login the user. This solution addresses the bookmark limitations of Cross Domain Web Single Sign-On in the previous release of Tivoli SecureWay Policy Director. The cross domain mapping facility ADK is available as part of the WebSEAL ADK package.
Web Portal Manager for Distributed Management and Delegation
Tivoli SecureWay Policy Director V3.8 introduces a new Web Portal Manager feature which is a management portal for management and administration of security across the enterprise portal. Web Portal Manager provides management and administration of users, groups, roles, permissions, policies, and application access provisioning. Web Portal Manager also includes a rich set of delegated management services that can enable a business to delegate user administration, group and role administration, security administration, and application access provisioning to participants (sub-domains or affiliates) in the business ecosystem such as trading partners, suppliers, distributors, dealers, branch offices, and so on. These sub-domains can further delegate management and administration to trusted sub-domains under their control, thereby supporting multi-level delegation and management hierarchy based on roles.
Extensible Markup Language- (XML)-Based Distributed Audit Sink
A new Distributed Audit Sink facility, based on XML, can enable distributed Tivoli SecureWay Policy Director V3.8 component logs to be centralized and reported upon. The centralized audit collection can enable flexible integration with third-party tools for security audits, decision support, and historical reporting.
Support for Secure Dynamic Entitlements
Enterprises and their value-chain partners within the ecosystem may have a need to securely share common entitlements in a business-to-business relationship or customer data in a business-to-customer relationship. These entitlements may be generic attributes that applications need to share such as customer account information or customer billing data; or security attributes that describe a user's assumable business roles, authorization limits, or business rules that define a trading partner agreement. This new feature provides a convenient mechanism to make these shared entitlements available to the Web applications via HTTP header elements in the request. Tivoli SecureWay Policy Director V3.8 will manage entitlement data in the LDAP directories and make these entitlements securely available for backend e-commerce applications. The customer entitlements (attributes) can be specified by name on a per junction basis and a corresponding HTTP header element can be created for each attribute.
Customizable Dynamic Entitlements Interface
In addition to providing user entitlement information in a http header, there is a new cross domain authentication service interface that, at authentication time, allows additional attributes (tag-value pairs) to be added to the user's credential from an external relational database or customer repository. This extended attribute facility allows one of the standard authenticators (user's social security number) to be used for authentication purposes and then the extended attributes are added prior to the authentication call completing.
Quick Install/Pre-configuration Option
A new pre-configuration quick install option enables you to quickly deploy Tivoli SecureWay Policy Director V3.8 into an end-to-end user or Business Partner environment. The silent mode install can enable enterprises and Application Service Providers to customize and automate Tivoli SecureWay Policy Director V3.8 deployment to suit various deployment modes.
Support for IBM SecureWay Directory
Tivoli SecureWay Policy Director V3.8 provides support for IBM SecureWay Directory V3.2.1 (with DB2® V6.1) as a native user registry.
Support for iPLANET Directory Server
Tivoli SecureWay Policy Director V3.8 provides support for iPLANET Directory Server 5.0 as a native registry. This support can enable enterprises to leverage Tivoli SecureWay Policy Director V3.8 in an iPLANET Directory environment as a native user registry for user and credential management.
Expanded platform coverage is offered with support for the Linux Red Hat platform runtime component.
Beta Component for Microsoft Active Directory
Tivoli SecureWay Policy Director V3.8 provides a beta component for the Microsoft Active Directory platform on Windows 2000.
Support for HTTP and HTTPS Failover Management
Tivoli SecureWay Policy Director V3.8 adds support for browser session-state refresh and failover management for HTTP and HTTPS protocols that helps enable end users to continue to leverage Web Single Sign-On to Web applications under failover conditions when the WebSEAL proxy, with which the user session is originally established, becomes unreachable.
Tivoli SecureWay Policy Director V3.8 can enhance performance for:
Support for Secure Mobile Transactions i-Mode
Support for Wireless i-Mode and Wireless Application Protocol (WAP)
Tivoli SecureWay Policy Director V3.8 broadens its support for secure mobile transactions by adding authentication and authorization support for native i-Mode x503I devices. Users can securely engage in mobile transactions (cookieless mode) with i-Mode sites using SSL session management with user authentication capability based on basic authentication. This release does not support any transcoding capability for i-Mode.
With i-Mode support added to our existing WAP support, Tivoli SecureWay
Policy Director V3.8 broadens its support for secure mobile transactions.
Business units can consistently enforce security policies across the
extended enterprise which can enable customers, Business Partners,
employees, and distributors to have secure access to their authorized
e-business applications via browsers from their private LANs; and
Internet and roaming anywhere access via their i-Mode and WAP enabled
Scalable Use Model
The number of TMPs required for Tivoli SecureWay Policy Director has changed. We are announcing a Scalable Use Model that reduces the number of TMPs required per user as the total number of users increases. Customers who have acquired Tivoli SecureWay Policy Director prior to this announcement should go to the Tivoli Management Point Calculator available at:
to determine the number of points required for their environment. A
support ID and password are required for access. If the number of TMPs
required has decreased, you are only required to renew the number of TMPs
required for your environment. TMPs not renewed will require the
Maintenance after License option in Passport Advantage at the then
current price to be reactivated as you grow. The maintenance after
license option currently is approximately four times the price of
renewal. Therefore, if you expect growth in less than four years,
renewing all of your points would be more financially attractive in most
Accessibility by People with Disabilities
For software offerings:
The following features support use by people with disabilities:
This program is not impacted by euro currency.
Tivoli SecureWay Policy Director V3.8 is a secure application platform for conducting secure e-business. Key attributes include:
Security Platform Support for WebSphere Solutions and Domino
The strength of Tivoli SecureWay Policy Director V3.8 enables it to provide common security services across the e-business and enterprise integration WebSphere solutions.
Tivoli SecureWay Policy Director V3.8 supports the following WebSphere offerings:
The common security and user model across many WebSphere solutions enables you, when using WebSphere, to deploy solutions based on Tivoli SecureWay Policy Director V3.8 in stages. You can begin to secure one or more e-commerce applications initially, establish early success, and then proceed to extend the Tivoli SecureWay Policy Director V3.8 implementation to secure your MQ applications. As another example, if you purchase WebSphere Business Integrator, you automatically receive a limited use version of IBM SecureWay Policy Director V3.7.1 that ships with WebSphere Business Integrator. WebSphere Business Integrator uses Tivoli SecureWay Policy Director's security to implement role-based access control to its applications. Since Tivoli SecureWay Policy Director is already deployed as part of the WebSphere Business Integrator deployment, you can easily extend Tivoli SecureWay Policy Director security to be used by many applications enterprise-wide by acquiring additional licenses of Tivoli SecureWay Policy Director V3.8.
Tivoli SecureWay Policy Director V3.8 supports Web Single Sign-On for Lotus Domino applications.
Training is available for many Tivoli® products. Education is offered through IBM Education and Training, and through Tivoli Systems. Worldwide information about education offerings is available on the IBM Education and Training home page at:
For current information on Tivoli Systems education, call 512-436-8000, or visit the Tivoli Systems home page at:
Product information will be available on day of announcement through Offering Information (OITOOL) at:
One copy of the following publication is supplied with the basic machine-readable material in English and translated languages:
Order Title Number Tivoli SecureWay(R) Policy Director V3.8 GI11-0807 README First
The following publications can be ordered in hardcopy for a fee after planned availability.
Order Title Number Language Tivoli SecureWay Policy GC32-0680 English Director V3.8 Base Administration Guide Tivoli SecureWay Policy GC32-0683 English Director V3.8 WebSEAL Installation Guide Tivoli SecureWay Policy GC32-0684 English Director V3.8 WebSEAL Administration Guide Tivoli SecureWay Policy GC32-0735 English Director V3.8 Base Installation Guide Tivoli SecureWay Policy GC32-0737 English Director V3.8 Web Portal Manager for Windows(R) Administration Guide Order Title Number Language Tivoli SecureWay Policy GC32-0739 English Director V3.8 Plug-in for Edge Server Administration Guide
You can register through the IBM Publications Center to create a publications profile of interest to you. You will automatically receive notifications by e-mail containing information on new or revised publications based on your profile. To register or to obtain publications, visit the IBM Publications Center Web site at:
The Publications Center is a worldwide central repository for IBM product publications and marketing materials with a catalog of 70,000 items. Extensive search facilities are provided, as well as payment options via credit card. Furthermore, a large number of publications are available online in various file formats, which can currently be downloaded free of charge.
The publications listed below will be available in softcopy from the following Web site after planned availability:
Order Title Number Language Tivoli SecureWay Policy GI11-0863 English Director V3.8 Release Notes Tivoli SecureWay Policy GI11-0807 English Director V3.8 and README First Translated Languages Tivoli SecureWay Policy GC32-0735 English Director V3.8 Base Installation Guide Tivoli SecureWay Policy GC32-0683 English Director V3.8 WebSEAL Installation Guide Tivoli SecureWay Policy GC32-0680 English Director V3.8 Base Administration Guide Tivoli SecureWay Policy GC32-0684 English Director V3.8 WebSEAL Administration Guide Tivoli SecureWay Policy GC32-0737 English Director V3.8 Web Portal Manager for Windows Administration Guide Tivoli SecureWay Policy GC32-0739 English Director V3.8 Plug-in for Edge Server Administration Guide
Specified Operating Environment
Tivoli SecureWay Policy Director V3.8 will support the following operating systems:
Tivoli SecureWay Policy Director V3.8 provides support for:
HP-UX will not support the IBM LDAP server function. HP-UX does not
provide native language support for all languages. There will not be a
Policy Director for Web Traffic Express (WTE) plug-in support on HP-UX.
Security, Auditability, and Control
Policy Director V3.8 uses the security and auditability features of the operating system software. The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.
Current licensees of Tivoli SecureWay Policy Director, with support in effect, will receive instructions on how to order this update.
Orders for new licenses will be accepted now.
Ordering Information for 5698-PDD
Ordering information for 5698-PDD will continue for a limited time to allow migration to the PA offering.
For ordering information on the base program number, 5698-PDD, refer to Software Announcement 200-017 , dated February 15, 2000.
Also, specify the desired distribution medium from the Basic Machine-Readable Material table below.
Basic Machine-Readable Material
Feature Distribution Language Number Medium English 5809 CD-ROM French 5819 CD-ROM Brazilian Portuguese 5839 CD-ROM Spanish 5859 CD-ROM
Ordering Information for PA
To order a media pack for PA, specify the applicable part number in the desired quantity from the following table:
Part Description Number Tivoli SecureWay Policy Director V3.8 BJ00BML Media Pack -- Multi-lingual
The quantity of the PA part numbers in the following table is based on the number of required Tivoli Management Points. To order for PA, specify the desired part number and quantity.
Part Description Number Tivoli SecureWay Policy Director License D57V4LL and Software Maintenance 1st Anniversary Tivoli SecureWay Policy Director License D57V5LL and Software Maintenance 2nd Anniversary Tivoli SecureWay Policy Director Software E17W1LL Maintenance Renewal to Anniversary Date Tivoli SecureWay Policy Director Software D57WTLL Maintenance after License to Anniversary Date
Withdrawal of PA Part Numbers
The following PA part number is withdrawn effective immediately:
Part Description Number Tivoli SecureWay Policy Director 3.7 Media BJ6R5ML Pack
End of Support
Based on the Tivoli end of support policy, Tivoli support for V3.7 of Tivoli SecureWay Policy Director will be discontinued 12 months after the planned availability of Release 8.
Terms and Conditions
For a limited time, during the migration period to PA, customers may acquire eligible programs and Tivoli Support under agreements outside of PA.
Terms and conditions for Tivoli Value-Based Pricing and IBM PA Advantage are as follows:
Agreement: For orders under 5698-PDD: IBM IPLA, IBM International Agreement for Acquisition of Programs and Support (IIAAPS) and the IBM Attachment for Support, IBM Agreement for Acquisition of Support (IAAS), IBM Addendum for Support for Tivoli Systems Products under Value-Based Pricing, and an Order Form.
For orders under PA: IBM IPLA, IBM International Passport Advantage Agreement (PAA), and an IBM International Passport Advantage Agreement Enrollment Form
Support Center applies: Yes Access is available through the IBM Support Center, 800-237-5511 Availability of Tivoli -- The first year of Tivoli Support: Support is available at no additional charge. The first year starts when the product is shipped to the customer. -- Subsequent years of Tivoli Support are available for a fee as part of the IAAS, IIAAPS, or any equivalent agreement. Availability of PA -- PA Software Software Maintenance: Maintenance is provided at no additional charge for each eligible program acquired during the initial term. -- PA Software Maintenance is provided at an additional charge for all eligible programs in the second and subsequent terms. Tivoli Support and PA -- Twelve months after Software Maintenance announcement of product are available until: discontinuance (that is, end-of-life (EOL)). Tivoli Support and PA -- The current release. Software Maintenance -- The immediate previous are applicable to: release for twelve months after the general availability of the current release. APAR Mailing Address: Tivoli Systems Inc. 11400 Burnet Road Austin, TX 78758 USA Attention: Product Development
Prices are unaffected by this announcement.
Customer Financing: IBM Global Financing offers attractive financing to credit-qualified commercial and government customers and Business Partners in more than 40 countries around the world. IBM Global Financing is provided by the IBM Credit Corporation in the United States. Offerings, rates, terms, and availability may vary by country. Contact your local IBM Global Financing organization. Country organizations are listed on the Web at:
For PA and prices, contact your IBM representative or your authorized IBM Business Partner. For additional information about the PA offering, visit the following Web site:
Use Priority/Reference Code: YE001 Phone: 800-IBM-CALL Fax: 800-2IBM-FAX Internet: firstname.lastname@example.org Mail: IBM Atlanta Sales Center Dept. YE001 P.O. Box 2690 Atlanta, GA 30301-2690
You can also contact your local IBM Business Partner or IBM representative. To identify them, call 800-IBM-4YOU.
Note: Shipments will begin after the planned availability date.