Saturday, March 5, 2011

Introduction to Tivoli Access Manager for e-business

TAMeb provides policy-based security to a Web environment.  It secures HTTP and HTTPS traffic by
§  mapping to an identity in an LDAP or URAF registry to validate user credentials;
§  controlling access privileges;
§  auditing;
§  single sign-on;
§  high availability; and
§  logging.
The TAMeb solution provides proxy server web security.  The alternative, less robust solution uses a plug-in architecture.  TAMeb does have a plug-in alternative.
Figure 1 shows the plug-in security model.  A resource request is directed to the webserver (IHS in this diagram), which rallies the enforcement agent (EA) to perform a directory query for user authentication and authorization information.  The EA then either grants or denies access to the requested resource.



Figure 2 shows the TAMeb security model.  A resource request is directed to the WebSEAL server, which queries the directory server to validate credentials and group membership.  Retrieved information is compared to the authorization database replica.  WebSEAL then either grants defined access or denies access to the requested resource and passes the request to the webserver (IHS in the diagram).


TAMeb solution components consist of:
§  The LDAP registry (Tivoli Directory Server (LDAP registry) for external accounts (non-workforce) and Active Directory (URAF registry) for internal accounts (workforce) provides identity information and is used as an authentication target.
§  The Policy Server manages and provides updates to configuration information used for authorization.
§  The WebSEAL servers authenticates the user and maps to an identity in the registry.
§  The Web Portal Manager (WPM) is a browser based GUI for TAMeb administration.
§  The pdadmin console is a commandline interface for TAMeb administration.
§  The Session Management Servers (SMS) maintain session state across multiple WebSEAL servers.
§  The Authorization Server (AS) handles application API calls for authorization.