IBM BS029ML Self Help Guide - Page 107
Portal Access Control (PAC), Login point, The flow, Artifact, Description
![]() |
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 107 highlights
Login point Other applications through SSO. External Security Manager through TAI SSL client certificates The flow The LTPA in the client request triggers WebSphere Application Server to create the security context with the user credentials and passes it to Portal login. The LoginUser engine command is then triggered. WebSphere Application Server checks LTPA first. If none exists, the TAI configured in WebSphere Application Server trusts the ESM and creates the LTPA for the user, and sends the security context to Portal Login. WebSphere Application Server authenticates the user through the client certificate, and builds and passes the subject to Portal Login To obtain details, refer to the white paper Understanding and configuring WebSphere Portal login and logout, found at: http://www.ibm.com/developerworks/websphere/library/techarticles/0706_buchwald/070 6_buchwald.html 4.1.6 Portal Access Control (PAC) The access level of a user to a portal resource is measured by the actions he can apply on the resource. In the portal environment, these actions are view/read, update/write, delegate, traverse, and delete. For different types of resources, different set of actions are applicable. A set of fixed role types are defined in portal access model for management, each one of which is represented by a set of actions (called actionset) that can be applied to the resources. The Portal Access Control (PAC) authorization model is based on the concepts of protected resources and the hierarchy these resources build up. It contains a set of fine-grained configurations for portal resources, such as pages, portlets, services, and global settings. They provide a full range of control settings from an easy and simple solution to fairly complicated enterprise level systems. The artifacts defined by the PAC model are summarized in Table 4-2. Table 4-2 PAC artifacts Artifact Protected Resources Protected resource hierarchy Virtual resources Role types Role Role block Ownership Description Represent a set of portal artifacts protected by the portal, and they are divided into four domains. Starting from a set of virtual resources to form a tree structure, with virtual resource PORTAL at the top root. A set of virtual objects created during portal installation to form the roots of the protected resource hierarchy. Formed by the action-sets that can be applied to resources. An instance of a role type with a specific resource. A configuration set to block role inheritance or propagation. Unrestricted access to the resource by the owner. Chapter 4. WebSphere Portal security 93
![](/manual_guide/products/ibm-bs029ml-self-help-guide-6d3dd71/107.png)