Nortib 2001

1
Nortib 2001
2
Agenda

• Utfordringer
• Hvordan sikkret Volvo sitt WEB miljø
• Underleverandører på portalen
• Hva er blir neste steg
• Litt om Netegrity og SiteMinder

3
Utfordringer med gårsdagens løsning
e-Business Web Site
Intranett
Portal Appliksjoner
Under leverandører
Ekstranett
Kunde service
401 K HR Asset Management Sales
Forecast Competitive Analysis
Negotiation Reverse Auction Decision
Optimization Catalog Mgmt Contract Mgmt
Inventory Pricing Sales Forecasting Pipeline
Reporting Quoting
Virtual StoreFront Product Catalogs Auctions Confi
gurators Pricing
Ask the Expert KnowledgeBase Order Accessories
Product Updates Schedule Service
Security Island
Security Island
Security Island
Security Island
Security Island
4
UtfordringerSSOTilgangskontrollRoller
Resurser på flere steder Mange domene
navn Brokete samling av HW og SW
Websphere
Domino
IIS
IBM

BEA
Sun
NT
Authentication Methods
- Passwords/forms - Two factor tokens -
Certificates - Smart cards
5
SiteMinder
A Conceptual Overview
SiteMinderProcess
Users attempt to access protected resources.
Users profile Entitlements are passed to
applications.
Usersauthorizedfor accessto resources
Web Server
HTTP. SSL
Web Agent
Encrypted credentials are passed to SiteMinder
Policy server.
Users presentcredentials to SiteMinder agent.
Usersauthenticatedagainstusers stores.
6
SSO With Policy Based Authentication
User authenticates once (to any
domain). Multi-domain SSO now available
Supports all major authentication methods. Full
Password Management System
MainPortal.com
Entitlements
Entitlements
Main Web Server w/ Protected Apps
Division 1.COM Web Server w/ Protected Apps
Division 2.COM Web Server w/ Protected Apps
Entitlements
Entitlements
Division 3.COM Web Server w/ Protected Apps
7
Native Directory Enabled Product
Simplifies Administration Reduces Costs
Users

• SiteMinder natively accesses directories for user
  policy data
• No embedded database required
• Supports databases and mainframes
• Enables authentication from 1 directory and
  authorization from a different directory
• Supports multiple user directories

Web Server With SiteMinder Agent
DMZ
Web Agent
No User Data Stored in SiteMinder
SiteMinder Policy Server
NT, LDAP, ADSI ODBC, RACF
NT, LDAP, ADSI ODBC, RACF
Authentication Namespace
Authorization Namespace
8
Delegated Management Services (DMS)
Reduce Management Costs
Company A
ROLE Super Administrator

• Role Based Management
• User assigned to Roles
• Roles associated with Policies
• Flexible delegation hierarchy
• N-Level delegation
• Open Architecture
• Support for major LDAP directories
• Customizable
• JSP and HTML based templates
• Workflow enabled
• Provisioning Self-Registration
• Users provisioned to directories
• User self-service their own profiles

Company B
ROLE Organization Administrator
ROLE 2rd Organization Administrator
ROLE 3rd Organization Administrator
ROLE Buyer
9
Fine Grained Entitlement Management
Flexible Policy Model

• Restrict access by user, role, groups, dynamic
  groups, or exclusions
• Fine grained access control at the file, page
  or object level
• Can allow access based on location and time
• Active Rules dynamically access external data in
  real time
• E.g. Current Bank Balance
• Multiple types of responses
• Can include static, dynamic or directory
  attributes

Rules
Users, Groups, etc
Policy Server
Active Rules
Domains
Responses
10
Application Server Agents
HTML
Java
Securely Manage J2EE Components

• Provides fine grained policy management for Java
  Application Servers
• SSO entitlement management
• SiteMinder Agent protects resources in the
  application server
• Realm level support
• Component level support Java Server Pages, Java
  Servlets, EJB components, JMS, Static resources
• Supported Servers
• BEA WebLogic Server
• IBM Websphere

Java Application Server
Encrypted TCP (RC4)
SiteMinder Policy Server
User Policy Store
11
Scalable Architecture
Scalable Architecture 1. Automatic Failover 2.
Load Balancing 3. 2-level caching in Policy
Server and agent 4. Linear scalability on 4
processor systems
Web Server
Web Server
Web Server
Web Agent w/Cache
Web Agent w/Cache
Web Agent w/Cache
128 Bit RC4 encryption
Policy Server
Policy Server
Audit Log(ODBC)
PolicyCache
RulesCache
PolicyCache
RulesCache
Replication
Directory Server
Directory Server
12
Affiliate Agents Enable e-Partnerships
Create a Secure Affiliate Network
Good Year
Volvo
User XC Profile Gold Customer
Affiliate Agent
Affiliate
SiteMinder
Affiliate Agent
Affiliate
SSO Personalization Across Affiliate Network
Affiliate Agent
13
Security for Web Services NetworksTransactionMind
er
TransactionMinder reads XML document,
authenticates and authorizes request, price quote
returned to Broker.COM
14
TransactionMinder 1.0
www.seller.com
www.buyer.com
XML Request
XML Response
B2Bi Server
Web Service
1. Buyer.com creates a Web service request in the
form of an XML document. An optional SAML
assertion can be added for passing credentials
or authorization entitlements. 2. Buyer.com sends
the XML document to Seller.com using any
transport and through any number of intermediate
steps. 3. TransactionMinder intercepts the XML
request, gathers credentials, authenticates and
authorizes the sender, and injects entitlements
into the document for use by the Web service
implementation and/or application. 4. The Web
service implementation interacts with the
back-end application to generate an XML
response. 5. The XML response is returned to
Buyer.com.
Application
15
TransactionMinder 1.0 Benefits

• Built upon Netegritys core technology to secure
  the documents used in Web services and e-business
  transactions
• New XML Agents for market-leading
  business-to-business servers and other Web
  services environments
• Payload level authentication schemes - SAML, XML
  document credential collector, XML digital
  signatures
• Single sign-on support through self-issued SAML
  assertions
• Support for standard messaging frameworks - SOAP
• Authorization rules based on message content
• SAML framework integration for creation and
  consumption of authentication and authorization
  information
• New XML response types - XML transformation,
  message unpacking, SAML assertion creation

16
Broadest Platform Support
Leverage Existing Investments
ServerPlatforms
UserDirectories
DevelopmentEnvironments
AuthenticationMethods
RADIUS Network Access Devices

• Passwords
• Two factor tokens
• X.509 certificates
• Passwords over SSL
• smart cards
• Method Chaining
• Authentication Levels
• Forms-based
• Custom Forms
• Directory Attribute
• Certs and/or basic
• Certs and/or forms
• Custom authentication
• Full CRL support
• OSCP support

• App Servers
• WebLogic
• WebSphere
• iPlanet
• Coldfusion
• Interwoven
• Vignette
• ATG Dynamo
• BroadVision
• Microsoft
• Lotus Domino
• All scripting environments including
• JSP, ASP, Perl

• Web Agents
• Microsoft IIS (NT, Win2000)
• iPlanet (NT, Solaris, HP)
• Apache Apache, IBM, Stronghold, Linux, Covalent
  (Solaris, Linux)
• Domino
• Policy Server
• NT
• Windows 2000
• Solaris

• iPlanet Directory Server
• Active Directory
• NT Domains
• Oracle Internet Dir
• IBM SecureWay
• NDS
• Siemens DirX
• SQL Database
• ISOCOR
• PeerLogic

• Firewalls
• Communication Servers

17
Open, Extensible Architecture
18
Netegrity Today

• Market share leader
• 431 customers worldwide
• Strong Revenue Growth
• 50.8 million in revenue for first half of 2001
• 134 year to year increase in SiteMinder revenue
  (Q201)
• Profitable since Q300 and generating positive
  cash flow
• Global company with over 400 employees worldwide
• Offices in over 20 countries

SiteMinder Customers
19
Netegrity - Market Leadership

• Netegrity solidifies its leadership position in
  our Magic Quadrant.
• - Gartner Group, 5/01
• Netegrity created the market for portal access
  management tools three years ago and so far has
  captured about three quarters of all sales with
  its SiteMinder tool.
• - Meta Group 01/01
• Netegrity is taking the lead in market for
  authenticating user access to web portals
• - ComputerWorld 01/08/01
• Netegrity really is the front runner. It has
  the largest run rate, the most impressive
  customer list and can support large numbers of
  users.
• - Adams Harkness Hill Inc. 5/01

20
Blue Chip Customers
Financial Services
Manufacturing
Technology

• J.P. Morgan Chase Co.
• Hong Kong Shanghai Bank
• Wells Fargo
• Bank One
• Bank of America
• ETrade
• American Express
• VISA
• Aetna
• Fleet
• Citibank
• MBNA
• Fidelity
• CIBC

• Cisco
• Motorola
• Hewlett-Packard
• Intel
• Compaq
• Brocade

• General Electric
• Daimler-Chrysler
• Toyota
• Thomson Consumer Electronics
• US Steel
• Carrier
• Deere Company
• Chevron
• Lockheed Martin
• Volvo
• Johnson Controls
• Honeywell
• Volkswagen

Service Providers

• Verizon
• Nextel
• Loudcloud
• GE Global Exchange
• Telstra
• France Telecom
• ATT
• MCIWorldcom
• British Telecom

Government
Healthcare

• Defense Information Systems Agency
• US Air Force Supply
• Transcom
• Internal Revenue Service

• PacifiCare Health Systems
• The Mayo Foundation
• Blue Cross/Blue Shield
• Sentara Healthcare
• Delta Dental

E-Marketplaces
Transportation
Retail

• Transora
• NECX
• Pantellos
• Schlumberger
• Ventro

• The GAP
• LL Bean
• CVS
• The Limited

• American Airlines
• Delta Airlines
• Sabre
• Union Pacific

21
287 Deployed Customers

• American Express - 3 million users, 20
  applications
• Etrade.com - 3.5 million users
• GE - 25 Business units deployed
• Wells Fargo - 800k users for brokerage services

22
Netegrity Alliance Partnerships
23
Netegrity Integration Partnerships
24
Systems Integrators