Applications that run in WebSphere Process Server are
secured by authentication and by access control. In addition the data that
is transferred during the invocation of an application is kept secure by various
mechanisms; these mechanisms ensure that the data cannot be read or altered
in transit. The final element of security is the propagation of security information
through various systems, in order that the user need not repeatedly enter
a user name and password.
It is possible to divide security in
WebSphere Process Server into
three broad groupings:
- Application security
- Data integrity and privacy
- Identity propagation
Application security
The security of your
WebSphere Process Server applications
is maintained in two ways:
- Authentication A user who wants to use an application must provide
a user name and password from the user registry.
- Access control A user must have permission to invoke the application.
Roles are associated with invocation of the application. An authenticated
user must be part of the appropriate role, otherwise the application will
not run.
Data integrity and privacy
The security of the data
accessed by an application is secured at origin, destination, and in transit:
- Integrity Data sent over the network can not be altered in transit.
- Privacy/confidentiality Data sent over the network cannot be intercepted
and read in transit.
Identity propagation
The final element of security
is one of propagation of identity:
- Single sign on When a client request needs to flow through several
systems within the enterprise, the client is not forced to provide authentication
data multiple times. The single sign on method is used to propagate the authentication
information to downstream systems that can in turn apply access
control.
Last updated: Tue 24 Oct 2006 22:01:09
(c) Copyright IBM Corporation 2005, 2006.
This information center is powered by Eclipse technology (http://www.eclipse.org)