This article, by the WebSphere Portal Security development team, provides portal administrators with a conceptual overview of IBM® WebSphere® Portal's security architecture so that you can decide the best security configuration for your specific portal environment. You see multiple deployment scenarios for WebSphere Portal. You learn options for handling authentication, access control, single sign-on (SSO), portlet security, and Web Services for Remote Portlets (WSRP) security. Finally, you see how to secure connections between clients and the portal as well as connections between the portal and back-end systems.
Portals provide personalized access to information, applications, processes, and people. They are central access points that authenticate users and control access to various kinds of information and applications. The nature of the content of portals can range from public information that needs no strong protection (such as articles in a news portal) to classified information within enterprises or governments.
To accommodate such different levels of security requirements, IBM WebSphere Portal must integrate with different security infrastructure components for authentication, authorization, and single sign-on (SSO) so that customers can choose the combination that best matches their security needs. For example, authentication might be as simple as requesting users to provide a user ID and password. Alternatively, it could be as sophisticated as requiring users to authenticate using a smart card, which securely stores a private key and certificate. The card provides WebSphere Portal with cryptographic computations needed to participate in SSL/TLS client authentication to build up an authenticated and secure connection between the client and the portal.
Through its modular architecture, WebSphere Portal enables integration with different authentication proxies, authorization systems, and credential vault implementations. WebSphere Portal can work with WebSphere Security, Tivoli Access Manager, and various third-party security products. It lets customers build a secure system that fits well into their particular infrastructure.
This article provides portal administrators with an overview of the WebSphere Portal security architecture, and briefly describes some basics of internet security. You see various deployment scenarios for WebSphere Portal through which you learn how it handles authentication, authorization, SSO, secure connections between clients and the portal, and secure connections between the portal and back-end systems.
|WebSphere Portal V6.0 Security Overview||0611_buehler-WP60-SecurityOverview.pdf||508 KB|