Tool Mentor: FIM - Operate Security Protection Mechanisms
TM122 - How to use IBM Tivoli Federated Identity Manager to Extend Security Policy Throughout an Eco-System and Operate Security Protection Mechanisms
Tool: IBM Tivoli Federated Identity Manager
Relationships
Related Elements
Main Description

Context

Tool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section.

You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons:

Details

Federated Identity Management (FIM) provides a simple, loosely-coupled model for managing identity and access to resources that span companies or security domains. Rather than replicate identity and security administration at both companies, IBM® Tivoli® Federated Identity Manager provides a simple model for managing identities and providing them with access to information and services in a trusted fashion. For companies deploying Service Oriented Architecture (SOA) and Web Services, FIM provides policy-based integrated security management for federated web services. The foundation of FIM is trust, integrity, and privacy of data.

Through this foundation of trust, integrity, and privacy, organizations can share identity and policy data about users and services versus replication identities and security policies locally. The sharing of trusted identities and policies is the key to delivering a richer experience for users navigating between federation sites. Trust enables companies to loosely couple their disparate identity management systems.

A federated model simplifies administration and enables companies to extend identity and access management to third-party users and third-party services.

Companies that choose to collaborate in identity-based business processes may benefit from IBM Tivoli Federated Identity Manager's ability to help:

  • Simplify integration between companies their partners' Web sites; and disparate application platforms within one enterprise or across many.
  • Improve business compliance by helping to reduce security exposure.
  • Improve end-user experience through Single Sign On (SSO) across an entire eco-system
  • Centralized security management for web services alongside that of security for web applications, portals, and host systems.
  • Expand business reach of service providers creating revenue generating opportunities.
  • Simplify administration of security in cross-enterprise business processes by delivering "security as services".
  • Deliver policy-based integrated security management for SOA Web Services.
  • Support for open standards and specifications including Liberty, SAML, WS-Federation, WS-Security and WS-Trust.
  • Simple and secure session management

IBM Tivoli Federated Identity Manager and your business eco-system:

  • In a federated identity management scenario, organizations assume the role of an identity provider or a service provider. These roles are not mutually exclusive. Many large organizations will assume the role of both identity provider and service provider.
  • An identity provider is an organization that directly manages end users. An identity provider is the authoritative source for issuing and validating user identities and network credentials for a set of users; an identity provider "owns the user relationship". For example, many companies act as identity providers for employees, customers, and contractors. Identity providers "vouch" (authentication authority) for the user identity and their entitlements in a federated interaction with service providers.
  • A service provider provides "services" for end users. They typically do not have a vested business interest in managing the user. Service providers act as a "relying party" to validate credentials issued by a trusted identity partner, on the basis of which they provide services to that trusted identity.
  • In a service-oriented architecture (SOA) environment the following additional roles apply:
    • A Web services requester is a service client that needs to access a service provider. A Web service requester may be a MS.NET application or a Java® or WebSphere® application.
    • A Web services provider is a service provider that provides a "service" or a component. A Web service provider could be a MS.NET Application or a Java or WebSphere application. Web Service Providers need to identified, authenticated by service clients.
    • Within an SOA environment, there needs to be an infrastructure service that simplifies the management of security polices for these various service clients and service providers.

For More Information

For more information about this tool, click on the link for this tool at the top of this page.

©Copyright IBM Corp. 2005, 2008. All Rights Reserved.