Security
IBM® WebSphere® sMash implements system-level authentication and authorization. Applications can take advantage of WebSphere sMash security by defining security rules that determine which resources are protected, and how they are protected.
Security is included in the zero.core component of WebSphere sMash, providing authentication and authorization functionality for WebSphere sMash applications.
The following topics detail the features provided as part of WebSphere sMash security :
- Authentication and authorization
- Overview of authentication and authorization.
- OpenID authentication
- Overview of WebSphere sMash as an OpenID consumer.
- Token support
- Overview of security token support.
- Secret key encryption
- Overview of secret key encryption and how it is used in WebSphere sMash.
- User Service
- Overview of the user service library included with WebSphere sMash.
- Security considerations
- Best practices ranging from configuring security rules, to requiring SSL for a set of resources, to how not to cache secured resources.
- Advanced authorization
- Overview of the more advanced features of authorization.
- Extending security
- Overview of extending the default security support.
- Extending user service
- Overview of extending the default user service libraries provided with WebSphere sMash.
- Extending token support
- Overview of extending the default security token support.
- Security migration
- Overview of migrating security features from previous releases of WebSphere sMash.
