Front cover -- Contents -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Part 1 Introduction to Patterns -- Chapter 1. Patterns for e-business -- 1.1 The Patterns for e-business layered asset model -- 1.2 How to use the Patterns for e-business -- 1.2.1 Select a Business, Integration, or Composite pattern, or a Custom design -- 1.2.2 Selecting Application patterns -- 1.2.3 Review Runtime patterns -- 1.2.4 Review product mappings -- 1.2.5 Review guidelines and related links -- 1.3 Summary -- Chapter 2. Edge of network Runtime patterns for authorization and authentication -- 2.1 Edge of network authorization and authentication -- 2.1.1 User authentication -- 2.1.2 User authorization -- 2.2 The need for authorization and authentication -- 2.2.1 Considerations -- 2.3 Runtime node types and tiers -- 2.3.1 Runtime nodes -- 2.3.2 Network tiers -- 2.4 Runtime patterns for authorization and authorization -- 2.4.1 Application patterns -- 2.4.2 Basic Runtime pattern -- 2.4.3 Runtime variation 1: single caching proxy -- 2.4.4 Runtime variation 2: caching proxy with security plug-in -- 2.4.5 Runtime variation 3: high availability caching proxies -- Part 2 Runtime patterns: technology guidelines -- Chapter 3. Tivoli Access Manager technology guidelines -- 3.1 Tivoli Access Manager for e-business -- 3.2 Web server security characteristics -- 3.3 Tivoli Access Manager overview -- 3.3.1 Policy-based access control -- 3.3.2 Architectural choices -- 3.3.3 Authentication -- 3.3.4 Authorization -- 3.4 Tivoli Access Manager base components -- 3.4.1 User registry -- 3.4.2 Authorization database -- 3.4.3 Policy Server -- 3.4.4 Authorization Service -- 3.4.5 The pdadmin utility -- 3.4.6 Web Portal Manager -- 3.5 Tivoli Access Manager Blades -- 3.5.1 WebSEAL.

3.5.2 Tivoli Access Manager Plug-in for Edge Server -- 3.5.3 Plug-in for Web servers -- 3.6 Access control of Web content and applications -- 3.6.1 Typical business requirements -- 3.6.2 Typical design objectives (technical requirements) -- 3.7 Basic architectural principles -- 3.7.1 Principle 1 -- 3.7.2 Principle 2 -- 3.7.3 Principle 3 -- 3.8 Tivoli Access Manager component interactions -- 3.9 Component configuration and placement -- 3.9.1 Network zones -- 3.9.2 Secure communication issues -- 3.9.3 Specific Access Manager component placement guidelines -- 3.9.4 Summarizing Access Manager component placement issues -- Chapter 4. Edge Components technology guidelines -- 4.1 WebSphere Application Server Edge Components -- 4.1.1 Components -- 4.1.2 History -- 4.2 Caching Proxy -- 4.2.1 Forward proxy -- 4.2.2 Reverse proxy -- 4.2.3 Cache -- 4.3 Load Balancer -- 4.3.1 Load Balancer forwarding methods -- 4.3.2 Media Access Control (MAC) forwarding -- 4.3.3 Network Address Translation (NAT) forwarding -- 4.3.4 Network Address Port Translation (NAPT) forwarding -- 4.3.5 Load Balancer High Availability feature -- 4.3.6 Load Balancer Mutual High Availability feature -- 4.3.7 Wide Area Network Dispatcher (WAND) -- 4.3.8 Advisors -- 4.3.9 Metric Server -- Part 3 Guidelines -- Chapter 5. Common installation and configuration guidelines -- 5.1 Common installation topics -- 5.1.1 Windows 2000 -- 5.1.2 AIX V4.3.3 -- 5.1.3 Additional software -- 5.1.4 References -- 5.2 IBM Directory Server V4.1 on Windows 2000 -- 5.2.1 Configuring the IBM Directory Server -- 5.3 Tivoli Access Manager V4.1 on Windows 2000 -- 5.3.1 Configuring Tivoli Access Manager V4.1 -- 5.4 Caching Proxy V5 on Windows 2000 -- 5.4.1 Configuring Caching Proxy V5 -- 5.5 Tivoli Access Manager Plug-in on Windows 2000 -- 5.5.1 IBM Directory Client V4.1.

5.5.2 Tivoli Access Manager V4.1 runtime and Plug-in for Edge Server -- 5.6 IBM Directory Server 4.1 on AIX 4.3.3 -- 5.6.1 Configuring IBM Directory Server V4.1 in AIX 4.3.3 -- 5.7 Tivoli Access Manager V4.1 on AIX 4.3.3 -- 5.7.1 Configuration of Tivoli Access Manager V4.1 in AIX V4.3.3 -- 5.8 Caching Proxy V5 for AIX V4.3.3 -- 5.8.1 Installation using the setup program -- 5.8.2 Configuring the Caching Proxy as a reverse proxy -- 5.9 Tivoli Access Manager Plug-in on AIX 4.3.3 -- 5.9.1 IBM Directory Client V4.1 and Tivoli Access Manager RTE V4.1 -- 5.9.2 Tivoli Access Manager Plug-in for Edge Server -- 5.9.3 Starting the Caching Proxy with the plug-in installed -- 5.10 Administration of the Caching Proxy and plug-in -- 5.10.1 Re-enabling browser administration of the Caching Proxy -- Chapter 6. Sample authentication and authorization environment -- 6.1 Sample scenario environment -- 6.2 Access Manager Plug-in files and tools -- 6.2.1 Configuration files -- 6.2.2 Configuration tools -- 6.3 Sample scenario -- 6.3.1 Defining the reverse proxy host name -- 6.3.2 Checking the local object space definition -- 6.3.3 Adding the remote object space definition -- 6.3.4 Defining Users and ACLs in Tivoli Access Manager -- 6.3.5 Adding proxy statements -- 6.3.6 Accessing the unprotected back-end server ka6brxz -- 6.3.7 Accessing the protected back-end server rs600010 -- Part 4 Appendixes -- Glossary -- Abbreviations and acronyms -- Related publications -- IBM Redbooks -- Other resources -- Referenced Web sites -- How to get IBM Redbooks -- IBM Redbooks collections -- Index -- Back cover.