Chapter 1: Introduction

Overview

This publication is intended to help IT architects, IT specialists, security architects, and security administrators with understanding and implementing a secure portal. It outlines an installation approach that can be used to build a secure system for WebSphere Portal Server (WPS) and Tivoli Access Manager (TAM) integration. The installation process described in this document is specifically targeted at a demonstration or proof-of-concept system, and as such, it takes a few shortcuts (for example, it uses IBM Cloudscape as a Portal database, runs outside of a DMZ, and assumes a single Windows system) that would not be applicable for a production system. However, the integration steps can be readily mapped to other environments and modified for a production environment. The focus of this publication is on the security aspect of Portal's single access point with centralized authentication and authorization. Other aspects of security such as auditing, firewall, and DMZ are not within the scope of this document. We will include a discussion of requirements and design of such a solution as well as business and technical use cases. We will also provide detailed information on installing, configuring, and administrating an implementation of a secure portal.

As more and more business functions become Web-enabled, the use of portals has grown tremendously. Businesses are using portals to provide a centralized point of access for information and services to customers, employees, and other businesses. Portals provide a consistent brand and help in providing consistent customer service which can also be personalized with the user's interests and interactions.

Because portals are based on Web technologies, they are particularly susceptible to security threats. A portal must include a robust security solution. In addition to the breadth and types of functions, the management of such a security solution should be considered. A portal is one component of an e-business. Its security enforcement and administration should be able to integrate with and follow more comprehensive security policies.