TAMeb provides policy-based security to a Web environment. It secures HTTP and HTTPS traffic by
§ mapping to an identity in an LDAP or URAF registry to validate user credentials;
§ controlling access privileges;
§ auditing;
§ single sign-on;
§ high availability; and
§ logging.
The TAMeb solution provides proxy server web security. The alternative, less robust solution uses a plug-in architecture. TAMeb does have a plug-in alternative.
Figure 1 shows the plug-in security model. A resource request is directed to the webserver (IHS in this diagram), which rallies the enforcement agent (EA) to perform a directory query for user authentication and authorization information. The EA then either grants or denies access to the requested resource.
TAMeb solution components consist of:
§ The LDAP registry (Tivoli Directory Server (LDAP registry) for external accounts (non-workforce) and Active Directory (URAF registry) for internal accounts (workforce) provides identity information and is used as an authentication target.
§ The Policy Server manages and provides updates to configuration information used for authorization.
§ The WebSEAL servers authenticates the user and maps to an identity in the registry.
§ The Web Portal Manager (WPM) is a browser based GUI for TAMeb administration.
§ The pdadmin console is a commandline interface for TAMeb administration.
§ The Session Management Servers (SMS) maintain session state across multiple WebSEAL servers.
§ The Authorization Server (AS) handles application API calls for authorization.