Secure domain overview
The computing environment in which Security Access Manager enforces security policies for authentication, authorization, and access control is called a secure domain.
- Policy server
- Maintains the master authorization database for the management domain. In addition, it updates authorization database replicas and maintains location information about other Security Access Manager servers.
- Registry
- Provides a database of the user identities that are known to Security Access Manager. It also provides a representation of groups in Security Access Manager roles that are associated with users.
You can deploy Security Access Manager on multiple systems to configure and use the management domain on one stand-alone system. A single system setup is useful only when prototyping a deployment or developing and testing an application.
After you configure the policy server and registry server, you can set up more systems in the management domain. For example, you could set up an authorization server or application development system. You can also create more secure domains (if you use an LDAP registry) to securely partition data into separate, logical groupings. For information about creating multiple domains, see the Administering topics in the IBM Knowledge Center.