0.18: What is security? (brief description)

Security gives an administrator the power to determine who can access applications and their resources. The WebSphere security system enables the administrator to define security policy to establish control of resources. The system provides security services to enforce the policy.

Authentication means proving that you are who you claim to be. Authentication requires that the users of the system have some way of identifying themselves to the system. A familiar example is the identifier/password combination.

Authentication generally requires two steps:

  1. The user submits the required information (like an identifier/password combination) to an authentication service, such as an LDAP directory service or the user registry of the local operating system..

    Advanced Single Server Edition supports only the latter.

  2. The service validates the information. If the information is valid, the server grants the user the status as an authenticated user.

Successful authentication is necessary, but not sufficient, for gaining access to protected resources. After a security system knows who you are, it must use that information to determine what what you are allowed to do.

Authorization is the process of determining what a user is permitted to do. Different classes of users and groups can be associated with roles, which give them privileges, such as the ability to Read, Write, or Execute (Run) an application.