Contents
About this publication . . . . . . . .ix
Intended audience . . . . . . . . . . . .ix
What this publication contains . . . . . . . .ix
Publications . . . . . . . . . . . . . .xi
IBM Tivoli Access Manager for e-business library xi
Related products and publications . . . . . xiii
Accessing terminology online . . . . . . . xiv
Accessing publications online . . . . . . . xiv
Ordering publications . . . . . . . . . . xiv
Accessibility . . . . . . . . . . . . . .xv
Tivoli technical training . . . . . . . . . .xv
Support information . . . . . . . . . . .xv
Conventions used in this publication . . . . . .xv
Typeface conventions . . . . . . . . . .xv
Operating system-dependent variables and
paths . . . . . . . . . . . . . . . xvi
Chapter 1. Tivoli Access Manager
overview . . . . . . . . . . . . . .1
Core technologies . . . . . . . . . . . . .1
Authentication . . . . . . . . . . . . .2
Authorization . . . . . . . . . . . . .2
Quality of Protection . . . . . . . . . . .2
Scalability . . . . . . . . . . . . . .3
Accountability . . . . . . . . . . . . .4
Centralized management . . . . . . . . .4
Security policy overview . . . . . . . . . .5
Authorization API standard . . . . . . . . .5
Authorization: conceptual model . . . . . . .6
The benefits of a standard authorization service .7
Tivoli Access Manager authorization service
overview . . . . . . . . . . . . . .8
The Tivoli Access Manager authorization service . .9
Components . . . . . . . . . . . . .9
Authorization service interfaces . . . . . .10
Replication for scalability and performance . . .10
Implementing a network security policy . . . . .11
Defining and applying security policy . . . .11
The authorization process: step-by-step . . . .13
The Tivoli Access Manager authorization API . . .14
Using the authorization API: examples . . . .14
Authorization API: remote cache mode . . . .15
Authorization API: local cache mode . . . . .16
External authorization capability . . . . . . .17
Extending the authorization service . . . . .17
Imposing conditions on resource requests . . .18
The authorization evaluation process . . . . .18
Implementing an external authorization service 20
Deployment strategies . . . . . . . . . .20
Chapter 2. Web Portal Manager . . . .23
Types of administration . . . . . . . . . .24
Delegate administration tasks . . . . . . . .24
Self-care . . . . . . . . . . . . . .24
Self-registration . . . . . . . . . . . .24
Web Portal Manager common tasks . . . . . .25
Starting Web Portal Manager . . . . . . .25
Logging in and signing off . . . . . . . .25
Accessing online help . . . . . . . . . .26
Customizing the Web Portal Manager interface . .26
Customizing the images . . . . . . . . .26
Self-registration tasks . . . . . . . . . . .27
Performing self-registration . . . . . . . .27
Changing Java Server Pages . . . . . . . .28
Chapter 3. Tivoli Access Manager
administration . . . . . . . . . . .31
Domains . . . . . . . . . . . . . . .31
Protected object space . . . . . . . . . . .32
Users and groups . . . . . . . . . . . .34
Security policy . . . . . . . . . . . . .35
ACL policies . . . . . . . . . . . . . .36
Using ACL policies with the authorization service 36
Evaluating ACL policies . . . . . . . . .37
Protected object policies . . . . . . . . . .38
Authorization rules . . . . . . . . . . . .38
How authorization rules differ . . . . . . .38
When to use authorization rules . . . . . .39
Guidelines for a secure object space . . . . . .39
Chapter 4. Default security policy . . .41
Default administration users and groups . . . .41
iv-admin group . . . . . . . . . . . .41
sec_master user . . . . . . . . . . . .41
ivmgrd-servers group . . . . . . . . . .41
Administration users . . . . . . . . . .41
Defining and applying security policy . . . . .43
ACL policies . . . . . . . . . . . . .43
Protected object policies . . . . . . . . .43
Authorization rules . . . . . . . . . . .44
Sparse security policy model . . . . . . . .45
Security policy inheritance . . . . . . . .45
default-root ACL policy . . . . . . . . .46
Control permission . . . . . . . . . . .46
Traverse permission . . . . . . . . . .46
Resolving an access request . . . . . . . .47
Applying ACL policies to different object types 48
ACL policy inheritance example . . . . . .48
Default ACL policies . . . . . . . . . . .49
default-root ACL policy . . . . . . . . .49
default-management ACL policy . . . . . .50
default-replica ACL policy . . . . . . . .50
default-config ACL policy . . . . . . . .50
default-gso ACL policy . . . . . . . . .50
default-policy ACL policy . . . . . . . .50
default-domain ACL policy . . . . . . . .51
default-proxy ACL policy . . . . . . . . .51
/Management permissions . . . . . . . . .51
/Management/ACL permissions . . . . . .51
/Management/Action permissions . . . . .52
© Copyright IBM Corp. 1999, 2008 iii
评论0