Federated Identity Management and Web Services Security with IBM Tivoli Security Solutions
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
Today, companies have no way to trust identities belonging to their partners, suppliers, contracts and their outsourcers. This lack of trust means companies end-up creating online identities (and passwords) for all users. This approach is very costly, inefficient, and creates user frustration with multiple accounts and registrations for each Web Site. Federation is the set of business and technology agreements as well as policies that enable companies to optimally pursue business automation goals that best align with their business model, IT policies, security and privacy goals and requirements.
This book takes a close look at the trust infrastructure over which business federations are implemented. We cover important aspects of utilizing the Tivoli integrated identity management architecture in order to build and deploy the Tivoli Federated Identity Management and Web Services Security components, which consist of Tivoli Federated Identity Manager, IBM WebSphere Application Server, and the IBM Integrated Solutions Console.
This book is a valuable resource for security officers, administrators and architects who wish to understand and implement Web Services security and federated identity management.
Part 1. Architecture and design
Chapter 1. Business context for identity federation
Chapter 2. Architecting an identity federation
Chapter 3. Tivoli Federated Identity Manager architecture
Chapter 4. Deploying Tivoli Federated Identity Manager
Chapter 5. Integrating with IBM identity management offerings
Part 2. Customer environment
Chapter 6. Overview
Chapter 7. Use case 1 - SAML/JITP
Chapter 8. Use case 2 - WS-Federation
Chapter 9. Use case 3 - Liberty
Chapter 10. Use case 4 - Web services security management
Part 3. Appendixes
Appendix A. Configuring Access Manager WebSEAL and Web plug-in
Appendix B. Identity mapping rules
Appendix C. Keys and certificates
Appendix D. WS-Security deployment descriptors