Secure domains
The computing environment in which ISAM enforces security policies for authentication, authorization, and access control is called a secure domain. The initial secure domain, called the management domain, is created when we configure the following systems:
Policy server Master authorization database for the management domain. Also updates authorization database replicas and maintains location information about other ISAM servers. Registry Database of the user identities known to ISAM. The registry also provides a representation of groups in ISAM roles associated with users. These core systems must exist for ISAM to complete fundamental operations, such as permitting or denying user access to protected objects (resources). All other ISAM services and components are built on this base. A single system setup is useful only when prototyping a deployment or developing and testing an application. After configuring the policy server and registry server, we can set up more systems in the management domain. For example, we could set up an authorization server or application development system. We can also create additional secure domains to securely partition data into separate, logical groupings.
Parent topic: Security concepts for a WebSEAL deployment