58 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
user’s credential. The groups could then be synchronized from the foreign
user registry into the Access Manager user registry. Another way to perform
this type of mapping is to have the EAI map the users into a specified set of
static groups in the Access Manager user registry. Using this technique,
authentication is performed against a foreign user registry and the group
memberships in the foreign user registry can be reflected in the Access
Manager credential. ACL authorization can now be performed at the group
level. It is important to be aware that user level authorization is still not
possible since the EAI is still returning a fixed user ID to WebSEAL.
2.5.4 Java API for Access Manager
The IBM Tivoli Access Manager Runtime for Java component includes the Java
language version of a subset of the Tivoli Access Manager API. The
authorization API consists of a set of classes that provide Java applications with
the ability to interact with Tivoli Access Manager to make authentication and
authorization decisions.
Java security
The Tivoli Access Manager authorization Java classes provide an
implementation of Java security code that is fully compliant with the Java 2
security model and the Java Authentication and Authorization Service (JAAS).
The Tivoli Access Manager authorization Java classes are built around JAAS
and the Java 2 security model. The Tivoli Access Manager API closely follows
the Java 2 permission model. The Tivoli Access Manager authorization API Java
classes also support a completely Java-compliant usage of the Tivoli Access
Manager authorization check that is outside of the Java 2 and JAAS framework.
2.5.5 Access Manager-based authorization for Microsoft .NET
IBM Tivoli Access Manager provides integration and support for implementing
Access Manager-based authorization for Microsoft .NET applications. Access
Manager APIs are exposed at the .NET Common Language Runtime level. This
exposes the functionality to all .NET languages such as Managed C++, C#, and
Visual Basic .NET.
2.6 Placing components in a network
There is no unique configuration of Access Manager components in a network.
No solution uses the same number of Access Manager components and some of
the components are not mandatory. The placement of Access Manager
components represents a set of choices, but in this book we show some general