Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Access control with IBM Tivoli access manager

Access control with IBM Tivoli access manager Web presence has become a key consideration for the majority of companies and other organizations. Besides being an essential information delivery tool, the Web is increasingly being regarded as an extension of the organization itself, directly integrated with its operating processes. As this transformation takes place, security grows in importance. IBM Tivoli Access Manager offers a shared infrastructure for authentication and access management, technologies that have begun to emerge in the commercial marketplace. This paper describes the Authorization Service provided by IBM Tivoli Access Manager for e-business (AM) and its use by AM family members as well as third-party applications. Policies are defined over a protected object namespace and stored in a database, which is managed via a management console and accessed through an Authorization API. The protected object namespace abstracts from heterogeneous systems and thus enables the definition of consistent policies and their centralized management. ACL inheritance and delegated management allow these policies to be managed efficiently. The Authorization API allows applications with their own access control requirements to decouple authorization logic from application logic. Policy checking can be externalized by using either a proxy that sits in front of the Web servers and application servers or a plug-in that examines the request. Thus, AM familiy members establish a single entry point to enforce enterprise policies that regulate access to corporate data. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png ACM Transactions on Information and System Security (TISSEC) Association for Computing Machinery

Access control with IBM Tivoli access manager

Download PDF
26 pages

Loading next page...
 
/lp/association-for-computing-machinery/access-control-with-ibm-tivoli-access-manager-0nlK5aBAwc

References

References for this paper are not available at this time. We will be adding them shortly, thank you for your patience.

Publisher
Association for Computing Machinery
Copyright
Copyright © 2003 by ACM Inc.
ISSN
1094-9224
DOI
10.1145/762476.762479
Publisher site
See Article on Publisher Site

Abstract

Web presence has become a key consideration for the majority of companies and other organizations. Besides being an essential information delivery tool, the Web is increasingly being regarded as an extension of the organization itself, directly integrated with its operating processes. As this transformation takes place, security grows in importance. IBM Tivoli Access Manager offers a shared infrastructure for authentication and access management, technologies that have begun to emerge in the commercial marketplace. This paper describes the Authorization Service provided by IBM Tivoli Access Manager for e-business (AM) and its use by AM family members as well as third-party applications. Policies are defined over a protected object namespace and stored in a database, which is managed via a management console and accessed through an Authorization API. The protected object namespace abstracts from heterogeneous systems and thus enables the definition of consistent policies and their centralized management. ACL inheritance and delegated management allow these policies to be managed efficiently. The Authorization API allows applications with their own access control requirements to decouple authorization logic from application logic. Policy checking can be externalized by using either a proxy that sits in front of the Web servers and application servers or a plug-in that examines the request. Thus, AM familiy members establish a single entry point to enforce enterprise policies that regulate access to corporate data.

Journal

ACM Transactions on Information and System Security (TISSEC)Association for Computing Machinery

Published: May 1, 2003

There are no references for this article.