Security concepts for a WebSEAL deployment
You must understand the security model concepts so that you can successfully deploy WebSEAL and protect your resources. Basic concepts include protected object space, access control lists, and protected object policies.
- Secure domain overview
The computing environment in which Security Access Manager enforces security policies for authentication, authorization, and access control is called a secure domain. - The role of the user registry and master authorization database in security
The user registry and the master authorization database are two key security structures that govern and maintain the security policy of a Security Access Manager secure domain. - The protected object space and system resource
The protected object space is a hierarchical representation of resources that belong to a Security Access Manager secure domain. The system resource is the actual physical file or application. - Access control lists and protected object policies
Security administrators define and apply the access control list (ACL) and protected object policy (POP) to protect resources in the Security Access Manager system. These rules are applied to the object representations of the resources in the protected object space. - Access control list policies
An access control list policy, or ACL policy, controls what operations a user can perform on the resource and who can perform them. - Protected object policies
Protected object policies, or POPs, are policies that contain extra conditions on the requests that are sent to the Security Access Manager and WebSEAL along with the yes ACL policy decision from the authorization service. - Explicit and inherited policy
Policies can be explicitly applied or inherited. The protected object space supports inherited and explicit ACL and POP attributes. - Policy administration: The Web Portal Manager
The Web Portal Manager is a web-based graphical application that manages the security policy in a Security Access Manager secure domain. Use the Web Portal Manager to manage the user registry, the master authorization policy database, and the Security Access Manager servers.
Parent topic: IBM Security Access Manager WebSEAL overview
Related concepts: