Integrating CAPTCHA authentication technologies with WebSEAL CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a popular mechanism used in Web sites to ensure humans only are interacting with the security functions of the Web site. CAPTCHA does this by producing images that include embedded numbers and letters that are not easily interpreted by automation tools. This article provides a solution and reference implementation of how to integrate CAPTCHA with IBM Tivoli Access Manager (TAM) WebSEAL.
Utilizing IBM Directory Server proxy authorization (impersonation) within Web applications Web applications providing gateway access to LDAP services, such as an enterprise-wide phone and mail directory, are usually designed to authenticate using an LDAP "superuser" account. As a result, the user reads and updates the directory according to the rights of that high-privileged account instead of his/her own LDAP privileges. IBM Tivoli Directory Server offers a powerful feature, known as proxied authorization (RFC 4370), which enables programmers to write applications that authenticates themselves using a specific account but operates on behalf of the real user, thus delegating all privilege enforcements to the LDAP server.
SOA authorization using Tivoli Federated Identity Manager and WebSphere Service Registry and Repository This article describes a service-based approach to authorization in Service Oriented Architecture (SOA) environments using IBM Tivoli Federated Identity Manager (TFIM). This approach extends existing IBM solutions for identity propagation in SOA by leveraging Tivoli Access Manager (TAM) as the authorization policy decision point. A software utility to discover services from the IBM WebSphere Service Registry and Repository (WSRR) to enable the authorization solution will be provided to simplify and accelerate deployment of this authorization solution.
