Portal, Express Beta Version 6.1 Operating systems: i5/OS, Linux,Windows

Security and authentication considerations

Security and authentication are key elements of a production environment. Learn about single sign-on, credential vaults and external security managers.

• Authentication
  Authentication means that users identify themselves to gain access to the system. Users can identify themselves immediately upon entry to the system or they can be challenged by the system when they try to access a protected resource before identifying themselves. The user ID/password combination is the most common method of identifying a user to the system. After a user has been authenticated, the system can determine if that user is authorized to access the resources that are requested.
• Java 2 security with WebSphere Portal Express
  Java 2 (J2SE) security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. J2SE security allows you to set up individual policy files that control the privileges assigned to individual code sources. If the code does not have the required permissions and still tries to execute a protected operation, a corresponding security exception will be thrown by the Java Access Controller.
• Federal Information Processing Standards
  Federal Information Processing Standards (FIPS) are standards and guidelines issued by the United States National Institute of Standards and Technology (NIST) for federal government computer systems. FIPS are developed when there are compelling federal government requirements for standards, such as for security and interoperability, but acceptable industry standards or solutions do not exist.
• Planning for single sign-on
  Single sign-on provides a secure method of authenticating a user one time within an environment and using that authentication (for the duration of the session) to access other applications, systems, and networks. In the context of IBM^® WebSphere^® Portal Express there are two single sign-on realms; one realm from the client to the portal and other web applications and the other realm from the portal to the backend applications.
• Secure Socket Layer
  This section provides information about adding a secure socket layer to your LDAP server.
• Planning a Credential Vault
  The Credential Vault is a service that stores credentials that allow portlets to log in to applications outside the realm on behalf of the user. It manages multiple identities for portlets and users.
• Caching considerations
  Information that is protected by access control and is therefore restricted to a limited set of people needs special consideration when served from an access control agnostic cache. These considerations especially apply to server side caches but you also need to consider local browser caches.
• Planning for external security managers
  By default, IBM WebSphere Application Server controls authentication to IBM WebSphere Portal Express and WebSphere Portal Express controls authorization (access control) to resources. You can use an external security manager such as IBM Tivoli^® Access Manager for e-business or Computer Associates eTrust SiteMinder to manage authentication and authorization from a central location.