"Notes has so many components that the Internet lacks. Authentication [checking the identity of users logging in], for instance, is not built into the Web, but it's handled by Notes. At some point the Web will have all these things, but it will be challenging to integrate them." ” Bill Wilson, Senior Vice President of Johnson & Higgins, a New York City insurance brokerage that has 6,000 employees on Notes ( Fortune , July 8, 1996) In this chapter, we present and discuss the security features of the WebSphere and Domino server products, which are used together to secure Web applications. Both products provide support for securing the application components that they serve. They each implement a range of Internet standard security mechanisms for verifying user identity (authentication) and controlling access to protected resources by users (authorization). Some of these mechanisms are common to both products, such as HTTP authentication, Secure Sockets Layer (SSL), and some are not, such as the authorization models. By combining the security features of each, you can appropriately protect your Web applications as if they were running on a single application server. We discuss the security features most often used to secure Web applications that run on both WebSphere and Domino servers. First, we present a brief review of the WebSphere and Domino security models and then discuss in detail the setup and use of the shared user authentication mechanism, or what's commonly referred to as "Single Sign-On" (SSO) support. We also discuss how to troubleshoot security- related problems and some of the remaining limitations with the current product implementations . |
