In a typical production environment, all messages and the communication of those messages between partners and between users in the federation are secured. In addition, you must secure the communication among the servers in your environment, such as the communication between your server and your user registry.
For example, the SAML standards state that the partners must use a Public Key Infrastructure (PKI) and implement Secure Sockets Layer (SSL)-over-HTTP or HTTPS, to establish a trust relationship. Doing so ensures the integrity and confidentiality of the messages during transport.
Implementing security is a complex topic and is dependent on the configuration of your environment and the security policies of your organization. This overview explains the general concepts of securing the elements in a Tivoli® Federated Identity Manager environment. If you need assistance with this topic, review the security requirements in the protocol specifications document or contact a computer security consultant.