Content types and levels of protection
Identify the types of content available to various user types. Some content must be protected and available only to specific users; other content is for general public view. Each security scenario demands different protection requirements and an associated WebSEAL configuration.
- Public content - access requires no protection
- Unauthenticated users can access resources by using HTTP.
- An unauthenticated credential is used for access control to resources.
- Basic WebSEAL configuration requirements provide protection.
- Public content - access requires privacy (encryption)
- Unauthenticated users can access resources by using HTTPS.
- Encryption, which is required by the application server, is used to protect sensitive data (such as credit card numbers and user account information).
- An unauthenticated credential is used for access control to resources.
- WebSEAL configuration needs to stipulate privacy.
- Private content - access requires authentication
- Authenticated clients can access resources by using HTTP or HTTPS.
- The administrator determines the need for encryption.
- An authenticated credential is used for access control to resources; each user must have an account that is defined in the ISAM user registry.
- WebSEAL configuration is complex and all options must be considered carefully to determine the impact of the security policy.
Parent topic: IBM Security Verify Access WebSEAL overview
Related concepts
- Introduction to IBM Security Verify Access
- WebSEAL introduction
- ISAM appliance
- WebSEAL functionality on the appliance
- Security concepts for a WebSEAL deployment
- Authorization process
- Security policy planning
- WebSEAL authentication
- Standard WebSEAL junctions
- Web space scalability