Securing a composite business service delivered as a software-as-a-service: Part II, Supporting identity propagation (enterprise and federated SSO) and authorization

A composite business service (CBS) introduces many new challenges for security in an SOA solution. In this two-article series, a few security scenarios are examined in a proof-of-concept (PoC) CBS software-as-a-service (SaaS) application for banking called Jivaro. These scenarios help to identify when and how to apply different IBM Tivoli security products. In particular, scenarios for using IBM Tivoli Access Manager and Tivoli Federated Identity Manager (TFIM) for meeting SSO requirements in a CBS are described.