When troubleshooting IBM® Tivoli® Access Manager for e-business it is often necessary to obtain and analyze the traces of HTTP connections. In this IBM Redpaper™ document you will learn how to obtain such traces, and how to interpret them. This paper can help implementors and system administrators who need to solve problems with Tivoli Access Manager for e-business.

IBM® Tivoli® Access Manager for e-business can manage and enforce access control to Web-based resources located on Web servers or Web application servers. It uses "junctions" to identify and address those servers. When a user wants to access those resources, the browser uses a set of URL links that have to be translated because the back-end Web server uses different links. In this paper we explain how Tivoli Access Manager WebSEAL processes URLs from the back-end server and the client. This IBM Redpaper™ document is intended to help implementors and system administrators who need to configure Tivoli Access Manager WebSEAL to protect back-end Web servers.

In this IBM® Redguide™ publication, we first explore some of the concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. We then identify a number of business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations. We describe how security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. In the past decades, industry groups and standards bodies have developed frameworks that serve as a baseline for some aspects of security. We discuss two common frameworks: CoBiT and ISO27002. Security for information technology can be complex and confounding. Therefore, IBM has created a pair of complementary views to bridge the communication gap between the business and the technical perspectives of security to enable convergence in thought and process. The IBM Security Framework addresses the business view, and the IBM Security Blueprint addresses the technical view. The IBM Security Framework was developed to describe security in terms of the business resources that need to be protected, and looks at the different resource domains from a business point of view. It divides IT security into the following six resource domains: - People and Identity - Data and Information - Application and Process - Network, Server, and Endpoint - Physical Infrastructure - Security Governance, Risk Management, and Comp

You can use IBM® Tivoli® Security products to build open, flexible, and scalable solutions to address business requirements in the areas of: -- Identity and access management -- Security information and event management One of the many strengths of the IBM Tivoli Security offerings is that they are designed and implemented as cross-platform solutions. This design enables broad adoption of the solutions across the range of disparate platforms typically found in an enterprise. IBM Tivoli Security solutions are, therefore, an excellent choice as organizations move further towards service-oriented architecture (SOA) and the security integration challenges present in SOA. In many enterprises, software solutions from Microsoft® are important components of the IT strategy. In this IBM Redpaper publication, we consider the use of IBM Tivoli Security solutions in Microsoft environments from a number of perspectives. In this paper, we discuss: Architectures and standards that are common to IBM Tivoli Security and Microsoft software. IBM Tivoli Security solutions running on Microsoft operating systems utilizing Microsoft middleware. How to secure a Microsoft software environment with IBM Tivoli Security solutions. IBM Tivoli Security solutions providing improved security and security management for Microsoft operating systems, middleware, and applications through integration.

Customers implement an integrated Identity and Access Management (IAM) solution to address many business requirements. The overall driving requirement is to provide a combination of business processes and technologies to manage and secure access to the information and resources within the organization. Towards addressing this overall goal, the IAM solution first needs to provide a method of granting users access to applications and systems across the enterprise that they need to perform their jobs. Second, it needs the capability to authorize proper access levels to resources based on business policies. Third, for Web-accessed resources, the solution needs to provide a means of authenticating people and only require a single sign-on (SSO) to access resources to which they have been granted access. Finally, there needs to be an audit trail to ensure proper operation of the IAM system. In this Redpaper, we describe several common business use cases for an integrated IAM solution. We then describe how the IBM Tivoli Identity Manager and IBM Tivoli Access Manager products integrate in a typical deployment to address these business use cases.

This IBM Redpaper discusses the IBM Tivoli software strategy and roadmap for a consistent, unified, and evolutionary approach to securing cross-enterprise e-business solutions. Built on open security standards, with tight integration to Web middleware (Java 2 Platform Enterprise Edition (J2EE) and Microsoft .NET), Tivoli security solutions allow you to increase the reach of your business. They build on existing Web security investments that can quickly evolve to take advantage of web services and federation standards.

IBM® WebSphere® DataPower® SOA Appliances represent an important element in the holistic approach of IBM to service-oriented architecture (SOA). IBM SOA appliances are purpose-built, easy-to-deploy network devices that simplify, secure, and accelerate your XML and Web services deployments while extending your SOA infrastructure. These appliances offer an innovative, pragmatic approach to harness the power of SOA. By using them, you can simultaneously use the value of your existing application, security, and networking infrastructure investments. This series of IBM Redbooks publications is written for architects and administrators who need to understand the implemented architecture in WebSphere DataPower appliances to successfully deploy it as a secure and efficient enterprise service bus (ESB) product. These papers give a broad understanding of the new architecture and traditional deployment scenarios. They cover details about the implementation to help you identify the circumstances under which you should deploy DataPower appliances. They also provide a sample implementation and architectural best practices for an SOA message-oriented architecture in an existing production ESB environment. Part 2 of the series, this part, provides information about ways to integrate the DataPower appliance with other products such as IBM Tivoli® Access Manager and Tivoli Directory Server. The entire IBM WebSphere DataPower SOA Appliances series includes the following papers: "IBM WebSphere DataPower SOA Appliances Part I:

This IBM Redpaper is a summary of the coverage of our products (Tivoli Security products) on the mainframe, or System z, both in what runs on System z and what management/security of System z resources we can provide. This paper introduces some of the platforms (and their terminology) for the mainframe, or System z. It then looks at the Tivoli Access and Identity Management as well as risk and compliance solutions and their System z footprint. The paper is broken up into the following parts: - What is all this z? - Directory and data integration on z - Identity and access management products - Risk and compliance products - Conclusion This paper assumes that you are familiar with the Tivoli Security suite but not familiar with the mainframe and the security offerings there. The update from January 28, 2008 fixes a broken Web link.

This paper is one in a series of service-oriented architecture (SOA) papers that features a case study involving a fictitious company called JKHL Enterprises (JKHLE). The focus of the case study in this paper is the challenges and solutions that are associated with SOA security and management. This paper describes how to apply the realizations and solution patterns of the SOA Security and Management Scenario to solve the business and IT challenges as they relate to the case study. The fictitious scenario used in this paper is described in: <a href="http://www.redbooks.ibm.com/abstracts/redp4376.html">Case Study: SOA Account Open Project Overview</a> Read the other case studies in this series: <a href="http://www.redbooks.ibm.com/abstracts/redp4375.html">Case Study: Interaction and Collaboration Services SOA Scenario</a> <a href="http://www.redbooks.ibm.com/abstracts/redp4383.html">Case Study: Business Process Management SOA Scenario</a> <a href="http://www.redbooks.ibm.com/abstracts/redp4377.html">Case Study: Service Creation SOA Scenario</a> <a href="http://www.redbooks.ibm.com/abstracts/redp4379.html">Case Study: SOA Design Scenario</a> <a href="http://www.redbooks.ibm.com/abstracts/redp4380.html">Case Study: Service Connectivity SOA Scenario</a> <a href="http://www.redbooks.ibm.com/abstracts/redp4381.html">Case Study: Process SOA Scenario</a> <a href="http://www.redbooks.ibm.com/abstracts/redp4382.html">Case Study: In

This IBM Redpaper addresses the need for information in the area of integrating security between WebSphere Application Server on z/OS and the outside world. In most cases, multiple security registries exist within a company with a different scheme of identities. This is even more likely in companies using z/OS. There are basically two "worlds": the z/OS (RACF) world in which identities and their authorizations are kept in RACF and the outside world where identities and their authorizations are kept in LDAP, Microsoft Active Directory, or equivalent solutions. In an e-business environment, the first authentication of a user is usually already performed before a request reaches the z/OS environment based on an ID not known in that exact form on z/OS. There are basically two challenges, and both of them are addressed in this paper: - Authenticate a user on a distributed server and be able to trust that user when coming into WebSphere Application Server on z/OS. - Propagate the user ID and eventual security credentials from the distributed environment to WebSphere Application Server on z/OS, and eventually transform the ID and credentials to something that is administered and understood on z/OS.