|< Day Day Up >|| |
This chapter introduces the subjects of portals and portal security in broad terms. It then defines the secure portal concept that will be covered in this publication. Lastly, the software products implemented in this redbook are introduced.
A portal is a Web site that offers a single point of personalized interaction with applications (called portlets), content, processes, and people for a unified user experience. Example portal features include:
Personalized, aggregated content from multiple sources
Integration with other applications and systems
Support for access from pervasive devices
In Figure 1-1 on page 4, a sample of a portal home page is displayed.
Figure 1-1: Sample home page of a portal
There are many aspects to security when it comes to protecting your computer hardware and software systems. This includes implementing physical and logical security measures as well as defining security policies and processes for your e-business. This publication will focus on the subset that is related to a secure portal. These topics include:
Authentication - the process of verifying the identity of a user.
Authorization - the process of verifying that the user is really allowed to do what he/she is requesting to do.
Configuring a LDAP user registry - in both WebSphere Portal and Tivoli Access Manager for e-business as the shared database of users and groups.
Enabling Secure Socket Layer (SSL) communication between applications for secure network connections between multiple software components.
User administration such as managing users, groups, and their security attributes.
The following topics are still pertinent to a secure portal in your e-business but they will not be discussed in this publication:
Auditing - the process of collecting data about system activities and events.
Credential Vault - the SSO service for WebSphere Portal to a back-end application.
Firewalls and the DMZ.
Performance analysis of a secure portal.
A secure portal is a portal solution that emphasizes centralized security for authentication, authorization and administration. The secure portal should be ready and able to integrate with future enhancements to the portal or other components in an e-business. It can serve as a starting point as you build a portal e-business infrastructure, for example, implementing Single Sign-On or Sametime® for chat.
|< Day Day Up >|| |