IBM Tivoli Access Manager

From Wikipedia, the free encyclopedia
Jump to: navigation, search

IBM Tivoli Access Manager (TAM) is an authentication and authorization solution for corporate web services, operating systems, and existing applications.[1] Tivoli Access Manager runs on various operating system platforms such as Unix (AIX, Solaris, HP-UX), Linux, and Windows. It has been renamed as IBM Security Access Manager (ISAM), in line with the renaming of other Tivoli products, such as TIM turned ISIM.

Core Components[edit]

TAM has two core components:

  • A user registry.[2]
  • An authorization service consisting of an authorization database and an authorization engine that performs the decision-making action on the request.[3]

A user registry and an authorization service are the fundamental building blocks upon which Access Manager provides its security service capabilities. All other Access Manager services and components are built upon this base foundation.

Another component that is very close to the base components is called a resource manager. It is responsible for applying security policy to resources. The policy enforcer component directs the request to the authorization service for evaluation.[4] Based on the authorization service result (approval or denial) the resource manager allows or denies access to the protected resources. Access Manager authorization decisions are based upon the Privilege Attribute Certificate (PAC), which is created for each user authenticated in an Access Manager environment, regardless of the authentication mechanism used.

Tivoli Access Manager Family[edit]

Tivoli Access Manager is not a single product but rather a family of products that use the same core authorization and authentication engine:

Tivoli Access Manager for e-business[edit]

Tivoli Access Manager for e-business provides robust, policy-based security to a corporate Web environment. TAMeb provides authentication of users, control of access privileges, auditing, single sign-on, high availability, and logging.


See also[edit]