Secure domain overview

Edit online

The computing environment in which Verify Identity Access enforces security policies for authentication, authorization, and access control is called a secure domain.

The initial secure domain, called the management domain, is created when you install and configure the following systems:

Policy server: Maintains the master authorization database for the management domain. In addition, it updates authorization database replicas and maintains location information about other Verify Identity Access servers.
Registry: Provides a database of the user identities that are known to Verify Identity Access. It also provides a representation of groups in Verify Identity Access roles that are associated with users.

These core systems must exist for Verify Identity Access to complete fundamental operations, such as permitting or denying user access to protected objects (resources). All other Verify Identity Access services and components are built on this base.

You can deploy Verify Identity Access on multiple systems to configure and use the management domain on one stand-alone system. A single system setup is useful only when prototyping a deployment or developing and testing an application.

After you configure the policy server and registry server, you can set up more systems in the management domain. For example, you could set up an authorization server or application development system. You can also create more secure domains (if you use an LDAP registry) to securely partition data into separate, logical groupings. For information about creating multiple domains, see the Administering topics in the IBM Knowledge Center.