Integrated Security Services
Integrated Security Services includes:
- Enterprise Identity Mapping (EIM)
- EIM is an architecture that serves as a security technology to make it easier to manage users in a cross-platform environment.
- Network Authentication Service
- Network Authentication Service, which is based on Kerberos Version 5, provides Kerberos security services without requiring that you purchase or use a middleware product such as Distributed Computing Environment (DCE). These services include native Kerberos application programming interface (API) functions, including the Generic Security Service application programming interface (GSS-API) functions defined in Internet RFC 2078, Generic Security Service Application Program Interface, Version 2 and Internet RFC 2744, Generic Security Service API Version 2: C-bindings. Network Authentication Service performs authentication as a trusted third-party authentication service by using conventional shared secret-key cryptography. Network Authentication Service provides a means of verifying the identities of principals, without relying on authentication by the host operating system, without basing trust on host addresses, without requiring physical security of all the hosts on the network, and under the assumption that packets traveling along the network can be read, modified, and inserted at will.
- Open Cryptographic Services Facility (OCSF)
- Open Cryptographic Services Facility (OCSF) is a derivative of the IBM® Keyworks technology, which is an implementation of the Common Data Security Architecture (CDSA) for applications running in the UNIX Services environment. It is an extensible architecture that provides mechanisms to manage service provider security modules, which use cryptography as a computational base to build security protocols and security systems. Figure 1 shows the four basic layers of the OCSF: Application Domains, System Security Services, OCSF Framework, and Service Providers. The OCSF Framework is the core of this architecture. It provides a means for applications to directly access security services through the OCSF security application programming interface (API), or to indirectly access security services by way of layered security services and tools that are implemented over the OCSF API. The OCSF Framework manages the service provider security modules and directs application calls through the OCSF API to the selected service provider module that services the request. The OCSF API defines the interface for accessing security services. The OCSF service provider interface (OCSF SPI) defines the interface for service providers who develop plug-able security service products.