Overview of My webMethods Server Security
My webMethods Server has many different features and functions that contribute to its overall security infrastructure. When discussing security, it is always necessary to separate the discussion of authentication (Auth) from Authorization (AZ). While they are almost always related, the two concepts are distinct and work together to contribute to an overall security solution.
Authentication is defined as an assurance that a party to some computerized transaction is not an impostor. Authentication typically involves using a password, certificate, PIN, or other information that can be used to validate identity. The goal of authentication is to simply verify that “you are who you say you are.”
Authorization is defined as the process of determining, by evaluating applicable access control information, whether a party is allowed to have the specified types of access to a particular resource. Usually, authorization is in the context of authentication. Once a party is authenticated, that party may be authorized to perform different types of activities.
My webMethods Server provides built-in infrastructure for both authentication and authorization. My webMethods Server is also designed in a way that allows it to be extended so that existing security infrastructure can be re-used and leveraged for both authentication and authorization. This chapter discusses both the built in mechanisms and the extensible mechanisms.
In My webMethods Server, you can apply both authentication and authorization to the entire server or to individual server resources, which include folders, pages, portlets, links, documents, files, or custom objects.