As described in the introduction to this series, a typical consumer self-service solution uses a single point of access to a business through a Web-based portal. Naturally, consumers need to feel confident that the information and self-service features provided by the portal are secure. They need to trust that the financial institution, retailer, or insurer provides proper controls on personal information and restricts who may carry out transactions.

However, portals are based on Web technologies that make them particularly susceptible to security threats. To counter these threats, a portal application, such as that required by the consumer self-service solution, must include robust security. When selecting a security system, a business needs to consider not only the functions needed to secure the portal application, but also consider the management of the security system.

Some Web application servers and portal servers provide native security functions for authentication, authorization, and auditing. These might be sufficient for many portal applications. However, an external security manager will provide more features than native solutions. In addition, an external security manager allows you to centralize your security management across the applications in your e-business.

Figure 1 illustrates the secure portal architecture. The key component is a single, central security manager that provides security services to the Web portal through the User Interface Manager in addition to other systems in the solution, such as the Financial Application and the Customer Information Manager, as shown in the overall consumer self-service architecture presented in the introduction to this series. The Directory Server acts as the user registry for the Security component. It is used in the authentication and authorization processes provided by the security manager to other components in the solution.

The IBM Redbook, A Secure Portal, describes a simple portal application that exhibits the kind of secure portal capability necessary for the consumer self-service solution. The portal application is built on WebSphere® Portal Server V5.0.1 and Tivoli® Access Manager V4.1.

This Redbook focuses on the security aspect of WebSphere Portal's single access point. It is intended to help IT architects, IT specialists, security architects, and security administrators understand and implement portal security using a secure portal solution. The secure portal is designed to be a portal application that is integrated with a centralized security access manager. Both client authentication and page or portlet authorization will be managed in this one central repository.

All the detailed steps you need to build a secure portal are in the Redbook. The Redbook:

• Introduces portal security and security access management concepts
• Discusses the products used to build a secure portal: WebSphere Portal Server V5.0.1 and Tivoli Access Manager V4.1
• Discusses functional and non-functional requirements and design with business and technical use cases
• Covers design guidelines and technology choices
• Documents the steps necessary to install and configure the secure portal environment
• Includes a sample

Go to the Redbook to obtain the first building block you need to construct a consumer self-service solution.

Resources

• Read the first article in this series, Consumer self-service: Help customers help themselves by providing services on the Web, Part 1 -- Introduction, for an overview of a consumer self-service solution.
  
  
• Consult the IBM Redbook, A Secure Portal using WebSphere Portal Version 5 and Tivoli Access Manager, for details about building a secure portal.
  
  
• Download Configuration Utility for a Secure Portal from alphaWorks. This quick-start utility automates the configuration actions described in the Secure Portal Redbook.
  
  
• Find loads of information about WebSphere Portal on the Portal Zone at developerWorks WebSphere.
  
  
• Get an overview of Tivoli Access Manager for e-business.
  
  
• Learn how to install Tivoli Access Manager on Linux in this developerWorks tutorial.
  
  
• Find more information about developing with Tivoli products on the Tivoli Developer Domain.
  
  
• Download a trial version of WebSphere Studio and give it a try for your application development needs.
  
  
• Visit the WebSphere Studio Zone at developerWorks WebSphere for comprehensive information on how to acquire and use IBM's suite of tools for application development.
  
  
• Access the developerWorks Subscription online catalog to download WebSphere Portal - Express Plus for Multiplatforms V5.0, IBM Tivoli Access Manager Base, Version 4.1, and WebSphere Studio Site Developer V5.1 for Windows.
  
  

About the author

Comments

Back to top

Trademarks  |  My developerWorks terms and conditions

Table of contents

• Resources
• About the author
• Comments

Local resources

• IBM Innovation Center - Austin, TX
• IBM Innovation Center - Chicago, IL
• IBM Innovation Center - Dallas, TX
• IBM Innovation Center - San Mateo, CA
• IBM Innovation Center - Waltham, MA
• Technical Briefings in North America

My developerWorks community