IBM Tivoli Access Manager

Last updated

IBM Tivoli Access Manager (TAM) is an authentication and authorization solution for corporate web services, operating systems, and existing applications. [1] [2] [3] Tivoli Access Manager runs on various operating system platforms such as Unix (AIX, Solaris, HP-UX), Linux, and Windows. It has been renamed as IBM Security Access Manager (ISAM), in line with the renaming of other Tivoli products, such as TIM turned ISIM.

Contents

In 2002, IBM acquired Access360 software, which it planned to integrate into Tivoli Access Manager. [4] In 2009, IBM and Fujitsu announced a partnership to integrate Fujitsu's biometric authentication technology into TAM. [5] Comparable products from other vendors include Oracle Access Manager, CA SiteMinder, NetIQ Access Manager and SAP NetWeaver Single Sign-On. [6]

Core components

TAM has two core components, which are the foundation upon which its other features are implemented:

Another related component is the resource manager, which is responsible for applying security policy to resources. The policy enforcer component directs the request to the authorization service for evaluation. [9] Based on the authorization service result (approval or denial) the resource manager allows or denies access to the protected resources. Access Manager authorization decisions are based upon the Privilege Attribute Certificate (PAC), which is created for each user authenticated in an Access Manager environment, regardless of the authentication mechanism used.

Tivoli Access Manager Family

Tivoli Access Manager is not a single product but rather a family of products that use the same core authorization and authentication engine:

Related Research Articles

<span class="mw-page-title-main">Authentication</span> Act of proving an assertion

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

<span class="mw-page-title-main">Public key infrastructure</span> System that can issue, distribute and verify digital certificates

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.

A DataBlade is a module for the IBM Informix database server. Released in 1996, it allows creating complex, custom datatypes whilst providing the same level of integration as built-in datatypes.

FCAPS is the ISO Telecommunications Management Network model and framework for network management. FCAPS is an acronym for fault, configuration, accounting, performance, security, the management categories into which the ISO model defines network management tasks. In non-billing organizations accounting is sometimes replaced with administration.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

Digital identity is the phrase referring to the data that computer systems use to identify individuals, organizations, applications, or devices. For individuals, it involves the collection of personal data that is essential for facilitating automated access to digital services, confirming one's identity on the internet, and allowing digital systems to manage interactions between different parties. It is a component of a person's social identity in the digital realm, often referred to as their online identity.

IBM Storage Protect is a data protection platform that gives enterprises a single point of control and administration for backup and recovery. It is the flagship product in the IBM Spectrum Protect family.

A friend class in C++ can access the private and protected members of the class in which it is declared as a friend. A significant use of a friend class is for a part of a data structure, represented by a class, to provide access to the main class representing that data structure. The friend class mechanism allows to extend the storage and access to the parts, while retaining proper encapsulation as seen by the users of the data structure.

Application Response Measurement (ARM) is an open standard published by the Open Group for monitoring and diagnosing performance bottlenecks within complex enterprise applications that use loosely-coupled designs or service-oriented architectures.

IBM Tivoli Identity Manager, also known as TIM, ITIM, or ISIM, is an Identity Management System product from IBM.

HCL Connections is a Web 2.0 enterprise social software application developed originally by IBM and acquired by HCL Technologies in July 2019. Connections is an enterprise-collaboration platform which aims to helps teams work more efficiently. Connections is part of HCL collaboration suite which also includes Notes / Domino, Sametime, Portal and Connections.

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.

Tape labels are identifiers given to volumes of magnetic tape.

<span class="mw-page-title-main">OpenAM</span>

OpenAM is an open-source access management, entitlements and federation server platform. Now it is supported by Open Identity Platform Community.

Encentuate, Inc., was a privately held company that was started in Singapore in 2002, but eventually based in Redwood City, California before it was acquired by IBM in 2008. It developed an identity and access management software product focused on enterprise single sign-on and integration of strong authentication technology.

Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.

A whole new range of techniques has been developed to identify people since the 1960s from the measurement and analysis of parts of their bodies to DNA profiles. Forms of identification are used to ensure that citizens are eligible for rights to benefits and to vote without fear of impersonation while private individuals have used seals and signatures for centuries to lay claim to real and personal estate. Generally, the amount of proof of identity that is required to gain access to something is proportionate to the value of what is being sought. It is estimated that only 4% of online transactions use methods other than simple passwords. Security of systems resources generally follows a three-step process of identification, authentication and authorization. Today, a high level of trust is as critical to eCommerce transactions as it is to traditional face-to-face transactions.

A trusted execution environment (TEE) is a secure area of a main processor. It helps code and data loaded inside it to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in SGX. This is done by implementing unique, immutable, and confidential architectural security such as Intel Software Guard Extensions which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).

Privileged Access Management (PAM) is a type of identity management and branch of cybersecurity that focuses on the control, monitoring, and protection of privileged accounts within an organization. Accounts with privileged status grant users enhanced permissions, making them prime targets for attackers due to their extensive access to vital systems and sensitive data.

References

  1. http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itame.doc/am61_admin18.htm#choverview
  2. Gimbel, Erika (25 September 2018). "How Identity Management Tools Help States Solve Thorny Security Issues". StateTech. Retrieved 2024-03-17.
  3. Karjoth, Günter (2003-05-01). "Access control with IBM Tivoli access manager". ACM Transactions on Information and System Security. 6 (2): 232–257. doi:10.1145/762476.762479. ISSN   1094-9224.
  4. "IBM acquires Access360 for identity management". www.theregister.com. 4 Sep 2002. Retrieved 2024-03-17.
  5. Chickowski, Ericka (2009-12-18). "IBM, Fujitsu Take Biometrics Up a Notch". Channel Insider. Retrieved 2024-03-17.
  6. "Identity Management Product Vendor / Matrix". M&S Consulting. 2013-06-25. Retrieved 2024-03-19.
  7. http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itame.doc/am61_admin65.htm#wq70
  8. http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itame.doc/am61_admin32.htm#wq34
  9. http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itame.doc/am61_admin28.htm#i1045612

See also