Search results

Identity management is the concept of providing a unifying interface to manage all aspects related to individuals and their interactions with the business. It is the process that enables business initiatives by efficiently managing the user life cycle (including identity/resource provisioning for people (users)), and by integrating it into the required business processes. Identity management encompasses all the data and processes related to the representation of an individual involved in electronic transactions. This IBM® Redbooks® publication provides an approach for designing an identity management solution with IBM Tivoli® Identity Manager Version 5.1. Starting from the high-level, organizational viewpoint, we show how to define user registration and maintenance processes using the self-registration and self-care interfaces as well as the delegated administration capabilities. Using the integrated workflow, we automate the submission/approval processes for identity management requests, and with the automated user provisioning, we take workflow output and automatically implement the administrative requests on the environment with no administrative intervention. This book is a valuable resource for security administrators and architects who wish to understand and implement a centralized identity management and security infrastructure.

This IBM Redbooks publication provides solution designers and architects with a comprehensive view of the security services they can exploit on z/OS, whether their application is hosted by z/OS or by another platform. It also discusses, at a high level, the Tivoli products that team with mainframe security services to provide flexible and extensible security architectures that fit On Demand infrastructure requirements, because implementing optimum solution-based security requires extensive knowledge of what security services and APIs provide on the platforms for which you are developing the solution. The book briefly describes data processing security concepts, with a focus on the problems that enterprises face today because of the heterogeneous nature of their platforms and technologies, and the requirement to progress towards an On Demand environment. Next, it explains the security services and APIs that are provided on z/OS, with respect to the security concepts they implement and their seamless integration into distributed environments, as building blocks for optimal solution-based security. This analysis is examined from the perspective of both z/OS solutions and non-z/OS hosted solutions, because non-z/OS hosted solutions can exploit the remote security services that z/OS offers. High level explanations and exploitation considerations are provided for z/OS RACF, LDAP server, Kerberos and PKI support, z/OS Communications Server-specific features (such as embedded IP filtering, IPSec VPNs, and application-t

Securing access to information is important to any business. Security becomes even more critical for implementations structured according to Service-Oriented Architecture (SOA) principles, due to loose coupling of services and applications, and their possible operations across trust boundaries. To enable a business so that its processes and applications are flexible, you must start by expecting changes – both to process and application logic, as well as to the policies associated with them. Merely securing the perimeter is not sufficient for a flexible on demand business. In this IBM Redbooks publication, security is factored into the SOA life cycle reflecting the fact that security is a business requirement, and not just a technology attribute. We discuss an SOA security model that captures the essence of security services and securing services. These approaches to SOA security are discussed in the context of some scenarios, and observed patterns. We also discuss a reference model to address the requirements, patterns of deployment, and usage, and an approach to an integrated security management for SOA. This book is a valuable resource to senior security officers, architects, and security administrators.

This IBM Redbooks publication reviews the overall Tivoli Enterprise Security Architecture. It focuses on the integration of audit and compliance, access control, identity management, and federation throughout extensive e-business enterprise implementations. The available security product diversity in the marketplace challenges everyone in charge of designing single secure solutions or an overall enterprise security architecture. With Access Manager, Identity Manager, Federated Identity Manager, Security Compliance Manager, Security Operations Manager, Directory Server, and Directory Integrator, Tivoli offers a complete set of products designed to address these challenges. This book describes the major logical and physical components of each of the Tivoli products. It also depicts several e-business scenarios with different security challenges and requirements. By matching the desired Tivoli security product criteria, this publication describes the appropriate security implementations that meet the targeted requirements. This book is a valuable resource for security officers, administrators, and architects who want to understand and implement enterprise security following architectural guidelines.

Don't be fooled by the name; IBM Tivoli Directory Integrator integrates anything, and it is not in any way limited to directories. It is a truly generic data integration tool that is suitable for a wide range of problems that usually require custom coding and significantly more resources to address with traditional integration tools. This IBM Redbook shows you how Directory Integrator can be used for a wide range of applications utilizing its unique architecture and unparalleled flexibility. We discuss the business context for this evolutionary data integration and tell you how to architect and design an enterprise data synchronization approach. By telling you everything about Directory Integrator's component structure and then applying all the techniques in two comprehensive business scenarios, we build a formidable base for your own data integration and synchronization projects. This book is a valuable resource for security administrators and architects who want to understand and implement a directory synchronization project.

Today, companies have no way to trust identities belonging to their partners, suppliers, contracts and their outsourcers. This lack of trust means companies end-up creating online identities (and passwords) for all users. This approach is very costly, inefficient, and creates user frustration with multiple accounts and registrations for each Web Site. Federation is the set of business and technology agreements as well as policies that enable companies to optimally pursue business automation goals that best align with their business model, IT policies, security and privacy goals and requirements. This book takes a close look at the trust infrastructure over which business federations are implemented. We cover important aspects of utilizing the Tivoli integrated identity management architecture in order to build and deploy the Tivoli Federated Identity Management and Web Services Security components, which consist of Tivoli Federated Identity Manager, IBM WebSphere Application Server, and the IBM Integrated Solutions Console. This book is a valuable resource for security officers, administrators and architects who wish to understand and implement Web Services security and federated identity management.

The identity and access management solutions described in this IBM Redbook include the following key areas: User provisioning: Develop a portlet interface for self-care (user and account management), and approval of user provisioning requests by utilizing the Tivoli Identity Manager (TIM) APIs, services, workflow and policies. Tivoli Directory Integrator Assembly Lines and connectors are used to provision users to an LDAP directory, DB2 UDB database, and DB2 Content Manager. Authentication: Provide an integrated single sign-on (SSO) authentication solution using Tivoli Access Manager, and related technologies such as trusted association interceptor (TAI), Credential Vault, and LtpaToken. Authorization: Manage user access control through TIM provisioning policies and role mapping with products that have access models such as Tivoli Access Manager, WebSphere Portal, and DB2 Content Manager. First, we describe the key concepts, benefits, and architecture of an identity and access management solution. Then we present an end-to-end working example scenario for identity and access management system. The example includes business requirements, architecture, details for implementing the runtime and development environments, creation of Identity Manager policies and workflow, provisioning portlet development, deployment, and administration. Finally, we provide procedures to deploy and run the HR and document management applications used in the working example.

This IBM Redbook provides a solution-oriented overview of using Tivoli's security products to provide an implementation for integrated identity management based on real-life customer experience. When defining functional requirements for e-business related projects, you have to take into consideration a serious amount of security related tasks and disciplines. These disciplines are authentication and credential acquisition, use of directory infrastructures, session management, multiple tiers of single sign-on, authorization, administration, users and policy, accountability, and availability. Together they stand for the integrated identity management approach, an approach that should be regarded as a holistic way of tying security requirements into your projects. This redbook is a valuable resource for security officers, administrators, and architects who wish to understand and implement enterprise security following these guidelines.

This IBM Redbook provides best practices and guidance for building a secure collaboration infrastructure utilizing IBM Lotus technologies. It is the third Lotus security oriented Redbook to be published. However, unlike the previous two Redbooks in this series, "The Domino Defense: Security in Lotus Notes 4.5 and the Internet" (SG24-4848) and "Lotus Notes and Domino R5.0 Security Infrastructure Revealed" (SG24-5341), this third book focuses not just on Notes/Domino - but on all IBM Lotus collaborative products, as well as general security best practices for any infrastructure. This book should be considered essential reading for anyone responsible for Lotus technology based applications, systems, and infrastructures. The book is broken into four main parts: Part 1 introduces the basic concepts related to security, and then covers a number of methodologies for architecting and deploying security from beginning to end in an organization. Part 2 delves into the specific concepts and components involved in a secure infrastructure. This includes discussions about security zoning, single sign-on (SSO), public key infrastructures (PKI), and directory strategies. Part 3 discusses the specific security features in the latest versions of Lotus products. Detailed security features of Lotus Notes and Domino 6, Sametime 3, QuickPlace 2.08, Domino Web Access (iNotes), WebSphere Portal, and other IBM/Lotus collaborative technologies are all discussed. Part 4 provides a real-life scenario demonstrating the secure imple

Directories are key for a successful IT operation and e-business application deployments in medium and large environments. IBM understands this requirement and supports it by providing directory implementations based on industry standards at no additional cost on all its major platforms and even on important non-IBM platforms. The IBM Directory Server implements the Lightweight Directory Access Protocol (LDAP) standard that has emerged quickly in the past years as a result of the demand for such a standard. We concentrate on some advanced LDAP tasks, such as referrals and schema extensibility. We also provide a scenario-based approach to discuss Directory Integration, using some of the leading directory products available: the IBM Directory Server, IBM Directory Integrator, Lotus Domino, and Microsoft's Active Directory. This IBM Redbook will help you understand, install, and configure the IBM Directory Server into a heterogeneous repository environment. It is targeted at system specialists who need to know the concepts and the detailed instructions for a successful Meta directory implementation.