Sway5-1 NabiTel

ComponentComponent : : Policy DirectorPolicy Director

User Administration : User Administration : 사용자 등록 관리사용자 등록 관리

Global Sign-On : Global Sign-On : 사용자 사용자 Log OnLog On 관리관리

Security Manager : Security Manager : 보안 정책 생성 및 적용 관리보안 정책 생성 및 적용 관리

Policy Director : Policy Director : 웹 서버 접근 관리웹 서버 접근 관리

Privacy Manager : Privacy Manager : 개인 정보 접근 관리개인 정보 접근 관리

Risk Manager : Risk Manager : 침입 위험 관리침입 위험 관리

PKI : PKI : 공개 키를 이용한 인증 관리 공개 키를 이용한 인증 관리

User Administration : User Administration : 사용자 등록 관리사용자 등록 관리

Global Sign-On : Global Sign-On : 사용자 사용자 Log OnLog On 관리관리

Security Manager : Security Manager : 보안 정책 생성 및 적용 관리보안 정책 생성 및 적용 관리

Policy Director : Policy Director : 웹 서버 접근 관리웹 서버 접근 관리

Privacy Manager : Privacy Manager : 개인 정보 접근 관리개인 정보 접근 관리

Risk Manager : Risk Manager : 침입 위험 관리침입 위험 관리

PKI : PKI : 공개 키를 이용한 인증 관리 공개 키를 이용한 인증 관리

Sway5-2 NabiTel

ComponentComponent : : Policy Director Policy Director - - 특징특징

Addresses the top challenges of e-business securitySecure communication with

CustomersBusiness partnersOthers

Centrally define/manage security policy e-business

applicationsTransparently enforce authorization policy

Through access control rights to Web applicationsSupport virtually any client device

BrowsersPervasive devices that use Wireless Access

Protocol(WAP)

Addresses the top challenges of e-business securitySecure communication with

CustomersBusiness partnersOthers

Centrally define/manage security policy e-business

applicationsTransparently enforce authorization policy

Through access control rights to Web applicationsSupport virtually any client device

BrowsersPervasive devices that use Wireless Access

Protocol(WAP)

Sway5-3 NabiTel

ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))

Use public key infrastructure (PKI)-based

authentication

To access existing Web-based applications

No rewriting or modification of applications

Control access to legacy TCP/IP-based client/server

applications

Provide single sign-on to Web-based applications

Access for the Right People at the Right Time

Reduce your cost of building security into new

applications

Eliminate the need to write complex security code

Use public key infrastructure (PKI)-based

authentication

To access existing Web-based applications

No rewriting or modification of applications

Control access to legacy TCP/IP-based client/server

applications

Provide single sign-on to Web-based applications

Access for the Right People at the Right Time

Reduce your cost of building security into new

applications

Eliminate the need to write complex security code

Sway5-4 NabiTel

ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))

Secure Access to Enterprise Web Servers

WebSEAL server manages access to all your Web

servers

Centrally control Web resources as one logical

Web space

Intelligent load balancing over replicated servers

Effective server scalability and deployment

Provides a fail over capability

Automatically switch to a backup Web server.

Secure Access to Enterprise Web Servers

WebSEAL server manages access to all your Web

servers

Centrally control Web resources as one logical

Web space

Intelligent load balancing over replicated servers

Effective server scalability and deployment

Provides a fail over capability

Automatically switch to a backup Web server.

Sway5-5 NabiTel

ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))

Supports authentication and access control of Web

browsers

Through user IDs and passwords

Through client-side certificates

Through RSA SecureID tokens

Provides single sign-on access to the Web servers it

secures

Single log on once to PD

Subsequent logons are handled transparently

Supports authentication and access control of Web

browsers

Through user IDs and passwords

Through client-side certificates

Through RSA SecureID tokens

Provides single sign-on access to the Web servers it

secures

Single log on once to PD

Subsequent logons are handled transparently

Sway5-6 NabiTel

ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))

Secure Access to Legacy Client/Server Applications

Secures traditional Internet services

Telnet and TCP/IP-based legacy applications

Logon required for access

VPN support

Between NetSEAT client and NetSEAL server

End-to-end encryption

Secure Access to Legacy Client/Server Applications

Secures traditional Internet services

Telnet and TCP/IP-based legacy applications

Logon required for access

VPN support

Between NetSEAT client and NetSEAL server

End-to-end encryption

Sway5-7 NabiTel

ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))

Support for Many Standardized Features

Supports many open, industry standards

LDAP for the storage of user and group

credentials

Supports Netscape/IBM SecureWay LDAP

directories

Provides strong authentication to web-based

resources

Using X.509 V3 client certificates

Support/manage for full Certificate Revocation

List (CRL)

Real-time control of user access rights

Support for Many Standardized Features

Supports many open, industry standards

LDAP for the storage of user and group

credentials

Supports Netscape/IBM SecureWay LDAP

directories

Provides strong authentication to web-based

resources

Using X.509 V3 client certificates

Support/manage for full Certificate Revocation

List (CRL)

Real-time control of user access rights

Sway5-8 NabiTel

ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))

Authorization API (AuthAPI) implements

Open Group Authorization Service API (aznAPI)

Provides a common set of authorization

services

Support multiple operating system

environments

Logon required for access

Security application development API

Customized security environment

Authorization decision-making possible in

applications

Authorization API (AuthAPI) implements

Open Group Authorization Service API (aznAPI)

Provides a common set of authorization

services

Support multiple operating system

environments

Logon required for access

Security application development API

Customized security environment

Authorization decision-making possible in

applications

Sway5-9 NabiTel

ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))

Integration with Other Tivoli Products

Foundation for Policy Director for Application

Servers

Adds security support for CORBA applications

Logon required for access

Backbone for Tivoli SecureWay Privacy Manager

Integrates with Tivoli SecureWay PKI

Identifies users to PD access

Identifies PD to Web browsers

Integration with Other Tivoli Products

Foundation for Policy Director for Application

Servers

Adds security support for CORBA applications

Logon required for access

Backbone for Tivoli SecureWay Privacy Manager

Integrates with Tivoli SecureWay PKI

Identifies users to PD access

Identifies PD to Web browsers

Sway5-10 NabiTel

ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))

Can configure PD as a logon target for Global Sign-

On

Provide single sign-on across enterprise

Enables users to access resources across the

enterprise

Integration with UA and SM

Allows PD user creation from UA console

Allows security policies from SM console

Can configure PD as a logon target for Global Sign-

On

Provide single sign-on across enterprise

Enables users to access resources across the

enterprise

Integration with UA and SM

Allows PD user creation from UA console

Allows security policies from SM console

Sway5-11 NabiTel

PolicyDirector

WebSEAL

AuthorizationDatabase

Firewall

ComponentComponent : : Policy Director Policy Director - Architecture- Architecture

사용자 1권한 : A, B

사용자 2권한 : B, C

A

C

B

Smart JunctionLogical Web Space

Sway5-12 NabiTel

ComponentComponent : : Policy Director Policy Director - Access Control- Access Control

Sway5-13 NabiTel

ComponentComponent : : Policy Director Policy Director - - 효과효과

Application 과 보안의 독립

No Agent Code

No Security Code

Centralized Single Point

Control

Authentication

Authorization

e-Commerce Infra

Enabler

Virtual Web Server

Integration

생산성 증대

관리 효율성 향상

Application 과 보안의 독립

No Agent Code

No Security Code

Centralized Single Point

Control

Authentication

Authorization

e-Commerce Infra

Enabler

Virtual Web Server

Integration

생산성 증대

관리 효율성 향상

Microsoft

IBM

User

Netscape

PolicyDirector

Single PointAccess Control

Apache

PermitDeny

Sway5-14 NabiTel

ComponentComponent : : Policy Director Policy Director - Platform- Platform

Client

Windows 95

Windows 98

Windows NT 4.0

Client

Windows 95

Windows 98

Windows NT 4.0

Server

IBM RS/6000

Sun SPARC

Intel x86 or

Pentium

IBM AIX 4.3.1

Sun Solaris 2.6

Windows NT 4.0

HP-UX 11.0

Server

IBM RS/6000

Sun SPARC

Intel x86 or

Pentium

IBM AIX 4.3.1

Sun Solaris 2.6

Windows NT 4.0

HP-UX 11.0

Sway5-15 NabiTel

""Policy Director authorization and access control technology has been Policy Director authorization and access control technology has been instrumental in helping us build several of our most strategic e-business instrumental in helping us build several of our most strategic e-business

initiatives -- in particular our Global Supplier Network and our intranet initiatives -- in particular our Global Supplier Network and our intranet capabilities. "capabilities. "

Ralph Szygenda - Vice President and Chief Information Officer, Ralph Szygenda - Vice President and Chief Information Officer, General Motors. General Motors.

General Motors

세계 최대 자동차 제조 회사 Policy Director 를 이용하여 GM/ 협력사

적용업무에 대한 안전한 웹 포탈 서비스를 제공 일만개의 직접 공급사를 지원하는 확장

가능성을 제공 공급사들이 GM 의 웹서버 자원을 직접

관리함으로써 사업의 활성화를 유도

ComponentComponent : : Policy Director Policy Director - GM- GM

Sway5-16 NabiTel

"Policy Director has been the cornerstone of our security architecture, providing the permissions management that has

enabled us to implement our e-commerce initiatives."

Kirk Kness, Assistant Vice President of Application Architecture

T.RowePrice

뮤추얼 펀드 , 자산 관리 서비스 제공 회사 Policy Director 를 이용하여 자사의 고객을 대상으로 하는 e-

commerce 시스템의 보안 솔루션 구축 Legacy 시스템과 웹 기반의 시스템의 원활한 연동 Scalability 와 extensibility 가 가장 큰 장점

ComponentComponent : : Policy Director Policy Director - RowePrice- RowePrice

Sway5-17 NabiTel

""Using Tivoli's Policy Director solution for our new Cockpit Using Tivoli's Policy Director solution for our new Cockpit

and Cabin Crew System had a very positive effect on the and Cabin Crew System had a very positive effect on the

business case. It's central management allows for reduced TCO business case. It's central management allows for reduced TCO

while the need of not writing 'permissions' -identification and while the need of not writing 'permissions' -identification and

access control - into each application but using a central policy access control - into each application but using a central policy

scheme improved the ROI.”scheme improved the ROI.”

Bert van Wijk, Head of KLM Cabin Crew ProjectsBert van Wijk, Head of KLM Cabin Crew Projects

KLM

Major 국제 항공사 Policy Director 를 이용하여 “ Crew WorkStation” mission-

critical 어플리케이션을 위한 웹 포탈 사이트 구축 중앙집중식 접근 통제 시스템 / 중앙 접근 통제 관리 시스템 구축

ComponentComponent : : Policy Director Policy Director - KLM - KLM

Sway5-18 NabiTel

동아일보사

국내 Major 언론사 Policy Director 를 이용하여 기자들을 위한 Secure-Intranet 웹

사이트 구축 특징 : Tivoli PKI 와의 연동으로 사용자 인증 방식 강화

국세청

국내 주요 관청 Policy Director 를 이용하여 국세청 Secure-Internet 웹 사이트 구축 특징 : 웹 관리자를 위한 인증과 Access Control 기능 제공으로 일반

사용자와 관리자의 접근 분리

ComponentComponent : : Policy Director Policy Director - - 국내 국내

Sway5-19 NabiTel

ABN/AmroABN/Amro ABPABP ADPADP AduanasAduanas Aetna InsuranceAetna Insurance AholdAhold Air TranAir Tran Alfa LavalAlfa Laval AmeriSource CorpAmeriSource Corp AnicoAnico APNTAPNT AT&TAT&T Banco BanescoBanco Banesco Banco ItauBanco Itau Banco RioBanco Rio Banco SantanderBanco Santander Banco Weise SudamerisBanco Weise Sudameris BanestoBanesto Bangkok BankBangkok Bank BanruralBanrural Barclays Barclays

• Baxter Health• BBV • Bell Atlantic Internet• Bell Canada• BC/BS of IL/TX• BC/BS of Kansas• BG• British Airways• Burlington Industries• CanTV• Capital BC/BS• Cari Varona• Cargill• CGU Insurance• Chase Manhattan Bank• CP Rail• Dascom – J• Delta Lloyd Insurance• Den Danske Bank• Dept. of Justice• Deutsche Telecom

• DTCC

• Expedium

• Federal Reserve Bank• Fireman’s Fund• First USA• Freddie Mac• Frieghtliner

• GKM Chep Ltd.

• GM

• Group Health (Kaiser)

• HIT

• HSBC

• Hundai

• I2

• ICCREA

• IKON

• Independent BC/BS

• ING Bank

ComponentComponent : : Policy Director Policy Director - Reference- Reference

Sway5-20 NabiTel

• Intessa

• Investment Banker’s Trust

• Jaztel

• John Deere

• Juske Bank

• KBC

• Kemper Insurance

• KLM

• Kotak Securities

• Kreditkassen

• Leader Systems

• Maersk

• Matsushita

• Met Life

• Multrix

• Mutual of Omaha

• Navistar

• Navy Credit

• NCM

• New York Stock Exchange

• NTT

• Panasonic

• Partima

• Pershing

• Ralston Purina

• Safelite Autoglass

• SBC

• SEB

• Shell Canada

• St. Paul Insurance

• State of NJ

• State of Ohio

• State of Washington

• SunTrust

Telcordia/BelcoreTelcordia/Belcore

TelstraTelstra

Texas Farm BureauTexas Farm Bureau

Tokyo MarinesTokyo Marines

Winn DixieWinn Dixie

WM DataWM Data

YKBYKB

United AirlinesUnited Airlines

Universidad Autonoma de CampoUniversidad Autonoma de Campo

University of MAUniversity of MA

VW GedasVW Gedas

Washington State UniversityWashington State University

Westpac Banking Corp.Westpac Banking Corp.

WestvacoWestvaco

WhirlpoolWhirlpool

ComponentComponent : : Policy Director Policy Director - Reference- Reference