28 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
2.1 Access management overview
Access control management plays a very significant role in any security
architecture and implementation. The purpose of access control in an overall IT
security architecture is to enforce security policies by gating access to, and
execution of, processes and services within a computing solution via
identification, authentication, and authorization processes, along with security
mechanisms that use credentials and attributes. In security systems,
authentication is distinct from authorization.
Authentication is the process of
identifying an individual who is attempting to log in to a secure domain. It gives
the answer on the question: “Who are you?”.
Authorization is the act of
determining what resources an authenticated user can access. To put it simply,
authorization provides you with a yes or no answer to the question: “Are you
authorized (do you have permission) to access/manipulate the requested
object?”. Part of the authentication process involves the creation of a credential
that describes the identity of the user. Authorization decisions made by an
authorization service are based on user credentials.
Access control information, which generally evolves around authentication and
authorization mechanisms, is handled by IBM Tivoli Access Manager.
The following products make up the IBM Tivoli Access Manager family:
IBM Tivoli Access Manager for e-business (ITAMeb)
IBM Tivoli Access Manager for Business Integration (ITAMBI)
IBM Tivoli Access Manager for Operating Systems (ITAMOS)
This book focuses on IBM Tivoli Access Manager for e-business, which provides
robust, policy-based security to a corporate Web environment. Authentication of
users, control of access privileges, auditing, single sign-on, high availability, and
logging are all essential elements of any security management solution and are
provided by Access Manager for e-business.
2.2 Core components
Access Manager for e-business, like the whole Access Manager product family,
is based on two core components:
A user registry.
authorization service consisting of an authorization database and an
authorization engine that performs the decision-making action on the request.
A user registry and an authorization service are the fundamental building blocks
upon which Access Manager provides its security service capabilities. All other
Access Manager services and components are built upon this base foundation.