IBM®
Skip to main content
    United States change      Terms of use
 
 
Select a scope:    
     Home      Products      Services & industry solutions      Support & downloads      My account     
alphaWorks  >  Privacy and security  >  

Separation of Duties and Entitlement Analyzer for Tivoli Access Manager

A set of policy analysis functions for Tivoli Access Manager that supports "separation of duties" and entitlement reporting.


Date Posted: June 5, 2008
OverviewRequirements Download FAQs Forum Reviews

Update: September 2, 2008

Version 1.2 provides bug fixes.

What is Separation of Duties and Entitlement Analyzer for Tivoli Access Manager?

This technology analyzes authorization policies for Tivoli® Access Manager for E-Business 6.0. Static separation-of-duty constraints can be specified over Tivoli Access Manager policies and subsequently evaluated in order to determine compliance or identify violation. In addition, entitlement and accessor reports provide greater insight into resource access. Separation of Duties and Entitlement Analyzer for Tivoli Access Manager was developed by IBM research teams in Tokyo and Zurich.

How does it work?

This Java™-based technology is packaged as a Web-based console containing analysis functions, reports, and an editor for creating basic separation-of-duty constraints. The Web-based console is deployed into any J2EE 1.4 container as a Web application. Upon deployment, Tivoli Access Manager systems are configured into the console. Note that the console and the target Tivoli Access Manager systems can reside on different systems.

The separation-of-duty and entitlement analysis functions internally use XACML, the OASIS standard for authorization policy. When an analysis function is performed, policy information is first extracted from Tivoli Access Manager and then translated into XACML. The analysis functions are then performed on the XACML policy.


About the technology author(s):

Christopher Giblin is a software engineer in the Security and Assurance Group at the IBM Zurich Research Laboratory, where he is involved in security and compliance management projects.

Satoshi Hada, Ph.D., is a researcher at the IBM Tokyo Research Laboratory, Japan. At IBM, he has worked on XML security, enterprise privacy, and compliance technologies. He is a contributor to Web Services Security 1.0 and XACML 1.0.

Günter Karjoth, Ph.D., is a researcher at the IBM Zurich Research Laboratory, Switzerland. At IBM, he has worked on enterprise privacy, middleware and mobile agent security, secure electronic commerce, and RFID security and privacy.

Andreas Schade, Ph.D., is a researcher at the IBM Zurich Research Laboratory, Switzerland, where he currently works in the Security and Assurance Group. At IBM he has worked on pervasive computing and e-business systems, as well as distributed systems and applications and their management.

Yukihiko Sohda, Ph.D., is a software engineer at the Tivoli Development of IBM Yamato Software Development Laboratory in Japan. Previously, he was at the IBM Tokyo Research Laboratory and worked on Web service caching, enterprise privacy, compliance technologies, and the Separation of Duties Analyzer.

Els Van Herreweghen, Ph.D., is a research staff member in the Security and Assurance Group at the IBM Zurich Research Laboratory, where she works on research projects related to security and privacy.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Tivoli is a trademark of IBM Corporation in the United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of others.

View screenshots:
Separation of Duty Constraint Editor

Download now Download now

Related technologies

For platform(s):
Java

For topics:
Administration, analysis, authorization, configuration, J2EE, Java technology, Privacy, security


 

    About IBM      Privacy      Contact