Front cover Integrated Identity Managementment using IBM Tivoli Security Solutions Latest technology in access control and identity management solutions Holistically covers security in e-business projects Best practices and experiences Axel Bücker Jaime Cordoba Palacios Michael Grimwade Loïc Guézo Mari Heiser Samantha Letts Sridhar Muppidi ibm.com/redbooks International Technical Support Organization Integrated Identity Management using IBM Tivoli Security Solutions May 2004 SG24-6054-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (May 2004) This edition applies to Tivoli Access Manager for e-business 5.1, Tivoli Identity Manager 4.5, Tivoli Privacy Manager 1.2, Tivoli Risk Manager 4.2, Tivoli Directory Server 5.2, and Tivoli Directory Integrator 5.2. © Copyright International Business Machines Corporation 2004. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix The team that wrote this redbook. ix Become a published author . xii Comments welcome. xii Part 1. Why Integrated Identity Management . 1 Chapter 1. An introduction to a new reference architecture . 3 1.1 Everything is on demand today . 4 1.2 Security management methods and practices . 5 1.2.1 Confidentiality . 6 1.2.2 Integrity . 6 1.2.3 Availability . 6 1.2.4 Areas of security implied in the CIA Triad . 7 1.3 Business drivers . 8 1.4 Issues affecting identity integration solutions . 9 1.5 Integrated identity in the enterprise . 11 1.5.1 Access control management. 11 1.5.2 Identity and credential management . 12 1.5.3 Audit management . 13 1.5.4 Directory management . 14 1.5.5 Privacy management . 15 1.6 Conclusion. 16 Chapter 2. What Bank International. 17 2.1 Company profile . 18 2.1.1 Geographic distribution of WBI . 18 2.1.2 Organization of WBI . 20 2.1.3 HR and personnel procedures . 21 2.2 Current IT architecture . 22 2.2.1 Overview of the WBI network . 23 2.2.2 Recently implemented e-business initiative . 25 2.2.3 Security infrastructure deployed for the e-business initiative . 25 2.2.4 Secured e-business initiative architecture. 27 2.2.5 Identity management and emerging problems . 28 2.3 Corporate business vision and objectives . 30 © Copyright IBM Corp. 2004. All rights reserved. iii 2.4 Business requirements . 31 2.4.1 Business requirements for phase 1. 32 2.4.2 Business requirements for phase 2. 33 2.5 Functional requirements . 33 2.5.1 Phase 1 . 34 2.5.2 Phase 2 . 41 2.6 Risk assessment . 42 2.6.1 WBI risk assessment. 44 2.7 Security design objectives. 46 2.7.1 Functional design objectives . 47 2.7.2 Non-functional design objectives . 49 2.8 Architectural decisions . 50 Chapter 3. Applying the reference architecture . 53 3.1 Solution design and delivery approach . 53 3.1.1 Implementation life-cycle. 54 3.1.2 Requirements analysis . 60 3.1.3 Incremental delivery strategy . 69 3.2 WBI solution design. 83 3.2.1 Solution overview . 83 3.2.2 Component model. 87 3.2.3 The operational architecture . 102 3.2.4 The security architecture. 111 3.2.5 Implementation phases . 119 Chapter 4. Implementing the solution . 121 4.1 Development environment overview . 122 4.1.1 Component model. 123 4.1.2 Operational model. 124 4.1.3 Security architecture . 126 4.2 Technical implementation . 126 4.2.1 Automatic provisioning . 126 4.2.2 Application subscription . 137 4.2.3 Self care . 141 4.2.4 Self registration . 149 4.3 Conclusion. 155 Part 2. Appendixes . 157 Appendix A. ISO 17799 compliance mapping . 159 Corporate policy and standards . 160 Standards, practices, and procedures . 161 Practical example . 162 External standards and certifications . 163 iv Integrated Identity Management using IBM Tivoli Security Solutions Industry specific requirements . 164 Product or solution certifications . 164 Nationally and internationally recognized standards. 165 Legal requirements . 165 ISO 17799 and integrated identity management . 166 Summary. 169 Glossary . 171 Related publications . 173 IBM Redbooks . 173 How to get IBM Redbooks . 173 Help from IBM . 174 Index.