t l identity manager - ibmpublib.boulder.ibm.com/tividd/td/itim/sc32-1486-00/en_us/... ·...
TRANSCRIPT
Tivoli® Identity Manager
Common Criteria Guide
Version 4.6
SC32-1486-00
���
Tivoli® Identity Manager
Common Criteria Guide
Version 4.6
SC32-1486-00
���
Note:
Before using this information and the product it supports, read the information in Appendix B, “Notices,” on page 33.
First Edition (August 2005)
This edition applies to version 4.6 of Tivoli Identity Manager and to all subsequent releases and modifications until
otherwise indicated in new editions.
This product includes Adaptx, a free XSLT Processor. (C) 1998-2002 Keith Visco and Contributors.
© Copyright International Business Machines Corporation 2005. All rights reserved.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Preface . . . . . . . . . . . . . . . v
Who should read this book . . . . . . . . . v
Publications and related information . . . . . . v
Tivoli Identity Manager library . . . . . . . v
Prerequisite product publications . . . . . . vii
Related publications . . . . . . . . . . viii
Accessing publications online . . . . . . . viii
Accessibility . . . . . . . . . . . . . . viii
Support information . . . . . . . . . . . ix
Conventions used in this book . . . . . . . . ix
Typeface conventions . . . . . . . . . . ix
Operating system differences . . . . . . . . ix
Definitions for HOME and other directory
variables . . . . . . . . . . . . . . . x
Special terms . . . . . . . . . . . . . x
Chapter 1. Introduction and roadmap for
Common Criteria implementation . . . . 1
1.1 What is Common Criteria? . . . . . . . . 1
1.2 What this guide describes . . . . . . . . . 2
1.3 Implementation roadmap . . . . . . . . . 2
Chapter 2. Specifications and references
for a CC-evaluated system . . . . . . . 5
2.1 About the evaluated version of Tivoli Identity
Manager . . . . . . . . . . . . . . . . 5
2.2 How to obtain the CC-evaluated product . . . 5
2.3 Component specifications for the CC-evaluated
system . . . . . . . . . . . . . . . . 6
2.4 Technical documentation guidance and reference 7
2.4.1 Tivoli Identity Manager technical
documentation library . . . . . . . . . . 7
2.4.2 Accessing the Tivoli Identity Manager
technical documentation used for CC evaluation . 7
2.4.3 Obtaining the official certification documents 9
2.5 Evaluated and non-evaluated security
functionality . . . . . . . . . . . . . . 10
2.5.1 Evaluated security functionality . . . . . 10
2.5.2 Security functionality not evaluated . . . 11
Chapter 3. Security policy assumptions
and conditions . . . . . . . . . . . 13
3.1 Security policy assumptions . . . . . . . . 13
3.1.1 Physical policy assumptions . . . . . . 13
3.1.2 Personnel policy assumptions . . . . . 13
3.1.3 System policy assumptions . . . . . . 13
3.1.4 Connectivity policy assumptions . . . . 14
3.2 Installation and configuration conditions . . . 14
3.2.1 General server conditions . . . . . . . 14
3.2.2 General adapter conditions . . . . . . 15
3.2.3 Documentation issues . . . . . . . . 16
3.3 Assumed security threats . . . . . . . . 16
Chapter 4. Configuring evaluated
security functionality . . . . . . . . 19
4.1 Auditing system activity . . . . . . . . . 20
4.1.1 Viewing audit records . . . . . . . . 20
4.2 Identification and authentication . . . . . . 20
4.2.1 Password challenge/response feature must
be disabled . . . . . . . . . . . . . 21
4.2.2 No passwords allowed in e-mail
notifications . . . . . . . . . . . . . 21
4.2.3 Shared secret for password notification not
allowed . . . . . . . . . . . . . . . 22
4.2.4 Required password policies . . . . . . 22
4.2.5 Client-to-Web server SSL communication
required . . . . . . . . . . . . . . 23
4.2.6 Server-to-adapter SSL communication
required . . . . . . . . . . . . . . 23
4.2.7 HTTPS communication on WebSphere
Application Server must be enabled . . . . . 24
4.2.8 Java 2 security required for WebSphere
Application Server . . . . . . . . . . . 24
4.2.9 Maximum number of invalid logon
attempts . . . . . . . . . . . . . . 25
4.2.10 Password expiration period . . . . . . 25
4.2.11 Enable password editing . . . . . . . 25
4.3 Provisioning . . . . . . . . . . . . . 27
4.3.1 Disable remote password synchronization 27
4.4 Event notification . . . . . . . . . . . 27
4.4.1 Event notification must be disabled . . . 27
Appendix A. Support information . . . 29
Searching knowledge bases . . . . . . . . . 29
Search the information center on your local
system or network . . . . . . . . . . . 29
Search the Internet . . . . . . . . . . . 29
Obtaining fixes . . . . . . . . . . . . . 30
Contacting IBM Software Support . . . . . . . 30
Determine the business impact of your problem 31
Describe your problem and gather background
information . . . . . . . . . . . . . 31
Submit your problem to IBM Software Support 32
Appendix B. Notices . . . . . . . . . 33
Trademarks . . . . . . . . . . . . . . 34
Index . . . . . . . . . . . . . . . 37
© Copyright IBM Corp. 2005 iii
iv IBM Tivoli Identity Manager: Common Criteria Guide
Preface
The IBM
® Tivoli
® Identity Manager Common Criteria Guide provides
information about how to use the IBM Tivoli Identity Manager product in
accordance with Common Criteria guidelines.
Who should read this book
This book is intended for system and security administrators who install, maintain,
or administer software on their site’s computer systems. Readers are expected to
understand system and security administration concepts. Additionally, the reader
should understand administration concepts for the following:
v Directory server
v Database server
v WebSphere® embedded messaging support
v WebSphere Application Server
v IBM® HTTP Server
Publications and related information
Read the descriptions of the Tivoli Identity Manager library. To determine which
additional publications you might find helpful, read the “Prerequisite product
publications” on page vii and the “Related publications” on page viii. After you
determine the publications you need, refer to the instructions in “Accessing
publications online” on page viii.
Tivoli Identity Manager library
The publications in the Tivoli Identity Manager technical documentation library are
organized into the following categories:
v Release information
v Planning for installation, configuration, and customization
v Online user assistance
v Server installation and configuration
v Problem determination
v Technical supplements
v Adapter installation and configuration
Release Information:
v IBM Tivoli Identity Manager Release Notes
Provides software and hardware requirements for Tivoli Identity Manager, and
additional fix, patch, and other support information.
v IBM Tivoli Identity Manager Documentation Read This First Card
Lists the Tivoli Identity Manager publications.
Planning for installation, configuration, and customization:
IBM Tivoli Identity Manager Planning for Deployment Guide describes the
components, functions, and capabilities of the product, explains how the product
© Copyright IBM Corp. 2005 v
can impact the infrastructure of an organization, recommends guidelines for
managing the implementation of the product, and recommends strategies for
integrating these capabilities into a production environment.
Online user assistance:
Provides online help topics and an information center for all Tivoli Identity
Manager administrative tasks. The information center includes information that
was previously provided in the IBM Tivoli Identity Manager Configuration Guide and
the IBM Tivoli Identity Manager Policy and Organization Administration Guide.
Server installation and configuration:
IBM Tivoli Identity Manager Server Installation and Configuration Guide for WebSphere
Environments provides installation and configuration information for Tivoli Identity
Manager.
Configuration information that was previously provided in the IBM Tivoli Identity
Manager Configuration Guide is now included in either the installation guide or in
the IBM Tivoli Identity Manager Information Center.
Problem determination:
IBM Tivoli Identity Manager Problem Determination Guide provides problem
determination, logging, and message information for the Tivoli Identity Manager
product.
Technical supplements:
The following technical supplements are provided by developers or by other
groups who are interested in this product:
v IBM Tivoli Identity Manager Performance Tuning Guide
Provides information needed to tune Tivoli Identity Manager Server for a
production environment. It is available on the Web at:
http://publib.boulder.ibm.com/tividd/td/tdprodlist.html
Click the I character in the A-Z product list, and then, click the IBM Tivoli
Identity Manager link. Browse the information center for the Technical
Supplements section.
v Redbooks and white papers are available on the Web at:
http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliIdentityManager.html
Browse to the Self Help section, in the Learn category, and click the Redbooks
link.
v Technotes are available on the Web at:
http://www.redbooks.ibm.com/redbooks.nsf/tips/
v Field guides are available on the Web at:
http://www.ibm.com/software/sysmgmt/products/support/Field_Guides.html
v For an extended list of other Tivoli Identity Manager resources, search the
following IBM developerWorks Web site:
http://www.ibm.com/developerworks/
Adapter installation and configuration:
vi IBM Tivoli Identity Manager: Common Criteria Guide
The Tivoli Identity Manager Server technical documentation library also includes
an evolving set of platform-specific installation documents for the adapter
components of a Tivoli Identity Manager Server implementation. Locate adapters
on the Web at:
http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliIdentityManager.html
Browse to the Other resources, and click the link for the current inventory of
adapters.
Skills and training:
The following additional skills and technical training information were available at
the time that this manual was published:
v Virtual Skills Center for Tivoli Software on the Web at:
http://www.cgselearning.com/tivoliskills/
v Tivoli Education Software Training Roadmaps on the Web at:
http://www.ibm.com/software/tivoli/education/eduroad_prod.html
v Tivoli Technical Exchange on the Web at:
http://www.ibm.com/software/sysmgmt/products/support/supp_tech_exch.html
Prerequisite product publications
To use the information in this book effectively, you must have knowledge of the
products that are prerequisites for Tivoli Identity Manager Server. Publications are
available from the following locations:
v Operating systems
– Microsoft™ Windows™ Server 2003
http://www.microsoft.com/windowsserver2003/proddoc/default.mspxv Database servers
– IBM DB2 Universal Database™
- Support: http://www.ibm.com/software/data/db2/udb/support.html
- Information center:
http://publib.boulder.ibm.com/infocenter/db2help/index.jsp
- Documentation: http://www.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/v8pubs.d2w/en_main
- DB2 product family: http://www.ibm.com/software/data/db2
- Fix packs:
http://www.ibm.com/software/data/db2/udb/support/downloadv8.html
- System requirements:
http://www.ibm.com/software/data/db2/udb/sysreqs.html– Oracle
http://www.oracle.com/technology/documentation/index.html
http://otn.oracle.com/tech/index.html
http://otn.oracle.com/tech/linux/index.html
– Microsoft SQL Server 2000
http://www.msdn.com/library/
http://www.microsoft.com/sql/
Preface vii
v Directory server applications
– IBM Tivoli Directory Server Version 5.2: http://publib.boulder.ibm.com/tividd/td/IBMDS/IDSapinst52/en_US/HTML/ldapinst.htm Version 6.0: http://publib.boulder.ibm.com/infocenter/tiv2help/index.jsp?toc=/com.ibm.IBMDS.doc/toc.xml
v WebSphere Application Server
Additional information is available in the product directory or Web sites. http://publib.boulder.ibm.com/infocenter/ws51help/index.jsp http://www.redbooks.ibm.com/
v WebSphere embedded messaging
http://www.ibm.com/software/integration/wmq/
v IBM HTTP Server
http://www.ibm.com/software/webservers/httpservers/library.html
Related publications
Information that is related to Tivoli Identity Manager Server is available in the
following publications:
v The Tivoli Software Library provides a variety of Tivoli publications such as
white papers, datasheets, demonstrations, redbooks, and announcement letters.
The Tivoli Software Library is available on the Web at:
http://www.ibm.com/software/tivoli/literature/
v The Tivoli Software Glossary includes definitions for many of the technical terms
related to Tivoli software. The Tivoli Software Glossary is available from the
Glossary link of the Tivoli Software Library Web page at:
http://publib.boulder.ibm.com/tividd/glossary/tivoliglossarymst.htm
Accessing publications online
IBM posts publications for this and all other Tivoli products, as they become
available and whenever they are updated, to the Tivoli software information center
Web site. Access the Tivoli software information center at the following Web
address:
http://publib.boulder.ibm.com/tividd/td/tdprodlist.html
Click the I character in the A-Z list, and then click the Tivoli Identity Manager
link to access the product library.
Note: If you print PDF documents on other than letter-sized paper, set the option
in the File → Print window that allows Adobe Reader to print letter-sized
pages on your local paper.
Accessibility
The product documentation includes the following features to aid accessibility:
v Documentation is available in convertible PDF format to give the maximum
opportunity for users to apply screen-reader software.
v All images in the documentation are provided with alternative text so that users
with vision impairments can understand the contents of the images.
viii IBM Tivoli Identity Manager: Common Criteria Guide
Support information
If you have a problem with your IBM software, you want to resolve it quickly. IBM
provides the following ways for you to obtain the support you need:
v Searching knowledge bases: You can search across a large collection of known
problems and workarounds, Technotes, and other information.
v Obtaining fixes: You can locate the latest fixes that are already available for your
product.
v Contacting IBM Software Support: If you still cannot solve your problem, and
you need to work with someone from IBM, you can use a variety of ways to
contact IBM Software Support.
For more information about these ways to resolve problems, see Appendix A,
“Support information,” on page 29.
Conventions used in this book
This reference uses several conventions for special terms and actions and for
operating system-dependent commands and paths.
Typeface conventions
This guide uses the following typeface conventions:
Bold
v Lowercase commands and mixed case commands that are otherwise
difficult to distinguish from surrounding text
v Interface controls (check boxes, push buttons, radio buttons, spin
buttons, fields, folders, icons, list boxes, items inside list boxes,
multicolumn lists, containers, menu choices, menu names, tabs, property
sheets), labels (such as Tip:, and Operating system considerations:)
v Keywords and parameters in text
Italic
v Words defined in text
v Emphasis of words (words as words)
v New terms in text (except in a definition list)
v Variables and values you must provide
Monospace
v Examples and code examples
v File names, programming keywords, and other elements that are difficult
to distinguish from surrounding text
v Message text and prompts addressed to the user
v Text that the user must type
v Values for arguments or command options
Operating system differences
This guide uses the UNIX® convention for specifying environment variables and
for directory notation.
When using the Windows® command line, replace $variable with %variable% for
environment variables and replace each forward slash (/) with a backslash (\) in
directory paths. The names of environment variables are not always the same in
Preface ix
Windows and UNIX. For example, %TEMP% in the Windows operating system is
equivalent to $tmp in a UNIX operating system.
Note: If you are using the bash shell on a Windows system, you can use the UNIX
conventions.
Definitions for HOME and other directory variables
The following table contains the default definitions that are used in this guide to
represent the HOME directory level for various product installation paths. You can
customize the installation directory and HOME directory for your specific
implementation. If this is the case, you need to make the appropriate substitution
for the definition of each variable represented in this table.
The value of path varies for these operating systems:
v Windows: drive:\Program Files
v AIX: /usr
v Other UNIX: /opt
Path Variable Default Definition Description
ITIM_HOME Windows:
path\IBM\itim
UNIX:
path/IBM/itim
The base directory
that contains the
Tivoli Identity
Manager code,
configuration, and
documentation.
WAS_HOME Windows:
path\WebSphere\AppServer
UNIX:
path/WebSphere/AppServer
The WebSphere
Application Server
home directory
Special terms
The following special term is used in this information:
UNIX and Linux
The term UNIX means both UNIX and Linux systems. A Linux-specific
label is used only when required for clarity.
x IBM Tivoli Identity Manager: Common Criteria Guide
Chapter 1. Introduction and roadmap for Common Criteria
implementation
This IBM Tivoli Identity Manager Common Criteria Guide describes how to set up a
Tivoli Identity Manager environment to meet the same security conditions used by
the Common Criteria evaluation.
This guide is a supplement to the standard Tivoli Identity Manager technical
documentation library and provides the additional installation, configuration, and
security information required to reproduce the security level of an evaluated
system.
Section topics:
v “1.1 What is Common Criteria?” on page 1
v “1.2 What this guide describes” on page 2
v “1.3 Implementation roadmap” on page 2
1.1 What is Common Criteria?
In order to ensure the security of their computer environments, many governments
and other organizations rely on the development of and adherence to strict
standards for software and other products. One of the most important of these
standards is the Common Criteria for Information Technology Security
Evaluation, an internationally recognized ISO standard (ISO 15408) that defines
general concepts and principles of information technology (IT) security evaluation
and presents a general model of evaluation. Common Criteria presents constructs
for expressing IT security objectives, for selecting and defining IT security
requirements, and for writing high-level specifications for products and systems.
Common Criteria is used by the United States federal government, international
governments, and other organizations to assess the security and assurance of
technology products.
The Common Criteria provides a standardized method of expressing security
requirements and defines rigorous criteria by which products are evaluated. A
product that passes a Common Criteria evaluation receives officially recognized
certification. Common Criteria certification is widely recognized among IT
professionals, government agencies, and customers as a seal-of-approval for
mission-critical software.
Common Criteria evaluation can take place in any certificate issuing member
country. The Common Criteria Mutual Recognition Arrangement (CCMRA) ensures
that certified products are accepted globally. New members are regularly and
frequently added to the list of countries.
You can find the information about Common Criteria at the following Web site:
http://www.commoncriteriaportal.org
© Copyright IBM Corp. 2005 1
1.2 What this guide describes
This guide makes a distinction between two types of Tivoli Identity Manager
implementations:
v An implementation that serves a specific production environment
v An implementation that meets the conditions established for the Common
Criteria evaluation of this product
The system configuration that meets these conditions is referred to as a
CC-evaluated system in this guide.
A CC-evaluated implementation of Tivoli Identity Manager makes specific
assumptions about installation, configuration, and security that distinguishes it
from most production versions of the product. A CC-evaluated version of the
product includes certain restrictions on the way product components are employed
and draws specific boundaries around functionality and performance.
The purpose of this guide is to describe the assumptions, conditions, and
boundaries required to reproduce the implementation of Tivoli Identity Manager
used for the Common Criteria evaluation.
1.3 Implementation roadmap
This Common Criteria evaluation is based on the English version of Tivoli Identity
Manager and its documentation. You must use only the English-version Tivoli
Identity Manager GUI and refer only to the English-version technical
documentation when implementing the CC-evaluated version of Tivoli Identity
Manager.
To install and configure a CC-evaluated implementation of Tivoli Identity Manager,
you must use the standard version 4.6 technical documentation for Tivoli Identity
Manager, then refer to the IBM Tivoli Identity Manager Common Criteria Guide (this
document) for supplemental information specific to the Common Criteria
requirements.
If configuration recommendations in the technical documentation are not consistent
with the instructions in the IBM Tivoli Identity Manager Common Criteria Guide, the
information in the IBM Tivoli Identity Manager Common Criteria Guide takes
precedence and applies. For example, if a procedure is described as optional in the
IBM Tivoli Identity Manager Server Installation and Configuration Guide for WebSphere
Environments but is required in the IBM Tivoli Identity Manager Common Criteria
Guide, that procedure is required to meet the specifications for Common Criteria
compliance.
Use the following checklist as a roadmap to implementing a CC-evaluated version
of Tivoli Identity Manager:
1. Understand the definition and purpose of the Common Criteria standard:
IBM Tivoli Identity Manager Common Criteria Guide, chapter 1.
2. Review the CC-evaluated product component specifications, documentation
references, and summary of evaluated security functionality:
IBM Tivoli Identity Manager Common Criteria Guide, chapter 2.
3. Review and apply the installation and policy conditions required for a
CC-evaluated system:
IBM Tivoli Identity Manager Common Criteria Guide, chapter 3.
2 IBM Tivoli Identity Manager: Common Criteria Guide
4. Install and configure the single-server version of Tivoli Identity Manager
according to the standard installation documentation:
IBM Tivoli Identity Manager Server Installation and Configuration Guide for
WebSphere Environments
5. Review and apply the security functionality required for a CC-evaluated
system:
IBM Tivoli Identity Manager Common Criteria Guide, chapter 4.
Chapter 1. Introduction and roadmap for Common Criteria implementation 3
4 IBM Tivoli Identity Manager: Common Criteria Guide
Chapter 2. Specifications and references for a CC-evaluated
system
Note: Before proceeding with this chapter, make sure you read “1.3
Implementation roadmap” on page 2.
This chapter provides specifications and references for implementing a Common
Criteria evaluated (CC-evaluated) Tivoli Identity Manager system.
Section topics:
v “2.1 About the evaluated version of Tivoli Identity Manager” on page 5
v “2.2 How to obtain the CC-evaluated product” on page 5
v “2.3 Component specifications for the CC-evaluated system” on page 6
v “2.4 Technical documentation guidance and reference” on page 7
v “2.5 Evaluated and non-evaluated security functionality” on page 10
2.1 About the evaluated version of Tivoli Identity Manager
IBM Tivoli Identity Manager 4.6 contains the technology to meet the requirements
of the Common Criteria Evaluation Assurance Level (EAL) 3+. The system
configuration that meets these requirements is referred to as a CC-evaluated system
in this guide.
The Common Criteria evaluation for Tivoli Identity Manager was performed on
the specific configuration described in this guide. Any deviation from this
configuration may result in a non-evaluated system, but does not necessarily mean
that the security of the system is reduced.
2.2 How to obtain the CC-evaluated product
Tivoli Identity Manager is a distributed system comprising the Tivoli Identity
Manager Server, the application server, database, directory server, and adapters.
Only the Tivoli Identity Manager Server and certain adapters have been assessed
as the part of the evaluation, while other components are considered to provide
supplementary functions in the IT environment.
Tivoli Identity Manager is delivered as an installation image through IBM’s
Passport Advantage distribution channel. The evaluated configuration assumes that
the customer uses online access to Passport Advantage to download an installation
image.
You must use the Restartable Transfer Java applet offered on the Passport
Advantage download site for retrieving the images (and not the HTTP download).
Only this applet provides for sufficient integrity of the downloaded files.
Additionally, users should verify that IBM can be identified as the originator of the
Java applet by checking the digital signature issued for it (open the applet in a
browser to reveal an information box about the signature).
© Copyright IBM Corp. 2005 5
2.3 Component specifications for the CC-evaluated system
The CC-evaluated implementation of Tivoli Identity Manager is a single-node
deployment only. From the list of components below, only the Tivoli Identity
Manager Server, the Microsoft Windows AD adapter, and the Oracle adapter were
subject to evaluation under the Common Criteria. The remaining components are
required to support the server and the adapters and are included in the definition
of a CC-evaluated system configuration, but their individual security functionality
has not been evaluated.
Note: Refer to the IBM Tivoli Identity Manager Release Notes for the applicable fix
packs and APARs that are associated with each product listed below.
Supported platform components:
v Java 2 Platform Enterprise Edition Specification (J2EE), Version 1.4
Tivoli Identity Manager Server processes run within the J2EE environment used
by WebSphere Application Server. Consequently, all supported operating system
versions listed in the IBM Tivoli Identity Manager Release Notes can be used for
CC evaluation.
The evaluated configuration is restricted to Windows Server 2003 Enterprise
Edition.
Supported server components:
v WebSphere Application Server 5.1 for a single-server installation on all operating
system platforms supported for Tivoli Identity Manager Version 4.6
– Web application server
– Java Message Service (JMS)
– IBM WebSphere embedded messaging supportv Tivoli Identity Manager Server 4.6 (this component included in the evaluation)
– Tivoli Identity Manager application binaries
– Tivoli Identity Manager configuration files
– Tivoli Identity Manager API (overview documentation, detailed
documentation, examples)v IBM Directory Server Version 5.2, Fix Pack 2
v Supported Relational Database Management System (RDMS):
– IBM DB2 Universal Database Enterprise Edition server and IBM DB2 runtime
client, Version 8.2
– Oracle Version 9i Release 2 (9.2.0.5)
– Microsoft SQL Server 2000v Access to user and administration interfaces:
– Mozilla 1.7 (using the Java Runtime Environment provided with this browser)
– Microsoft Internet Explorer 6.0 (using the Java Runtime Environment
provided with this browser)
Supported adapter components:
v Adapter for Windows AD Version 4.6.2 (this component included in the evaluation)
This adapter runs on 32-bit x86-based machines with Windows 2000 Advanced
Server running Active Directory, Windows Server 2003 Enterprise Edition, or
Windows XP Workstation.
6 IBM Tivoli Identity Manager: Common Criteria Guide
The evaluated configuration is restricted to Windows Server 2003 Enterprise
Edition.
v Oracle Database Adapter for Windows Version 4.6.1 (this component included in
the evaluation)
This adapter runs on 32-bit x86-based machines with Windows Server 2003
Enterprise Edition, Windows 2000 Advanced Server, or Windows NT running
Oracle Client software Version 8i or Version 9i. The adapter supports Oracle
Database versions 8i and 9i for all platforms.
The evaluated configuration is restricted to systems using Windows Server 2003
Enterprise Edition running the Oracle Client software Version 9i.
2.4 Technical documentation guidance and reference
This Common Criteria evaluation is based on the English version of Tivoli Identity
Manager and its documentation. When implementing the CC-evaluated version of
Tivoli Identity Manager, you must use only the English-version Tivoli Identity
Manager GUI and refer only to the following English-version technical
documentation:
v Tivoli Identity Manager version 4.6 publications described in “2.4.1 Tivoli
Identity Manager technical documentation library.”
v IBM Tivoli Identity Manager Common Criteria Guide (this document), which must
be obtained using a secure download procedure described in “2.4.2 Accessing
the Tivoli Identity Manager technical documentation used for CC evaluation.”
2.4.1 Tivoli Identity Manager technical documentation library
The following technical documents provide standard information and procedures
for installing and configuring the CC-evaluated implementation of Tivoli Identity
Manager. These documents were updated and revised for version 4.6 and verified
for security compliance with the Common Criteria evaluation:
v IBM Tivoli Identity Manager Server Installation and Configuration Guide for
WebSphere Environments
v IBM Tivoli Identity Manager Oracle Adapter for Windows Installation and
Configuration Guide
v IBM Tivoli Identity Manager Adapter for Windows Installation and Configuration
Guide
v IBM Tivoli Identity Manager Information Center
Additionally, always review the latest version of the IBM Tivoli Identity Manager
Release Notes for late-arriving Common Criteria information affecting this product.
To implement a CC-evaluated system, you must follow all configuration and
security guidelines specified in the IBM Tivoli Identity Manager Common Criteria
Guide (this document), which must be obtained using one of the secure access
procedures described in “2.4.1 Tivoli Identity Manager technical documentation
library.”
2.4.2 Accessing the Tivoli Identity Manager technical
documentation used for CC evaluation
The standard library information for installing and configuring the CC-evaluated
implementation of Tivoli Identity Manager, described in “2.4.1 Tivoli Identity
Chapter 2. Specifications and references for a CC-evaluated system 7
Manager technical documentation library” on page 7, can be obtained online (in
Portable Document Format (PDF) or Hypertext Markup Language (HTML) format
or both) in the Tivoli Information Center:
http://publib.boulder.ibm.com/tividd/td/IdentityManager4.6.html
Use the publications listed in the Tivoli Information Center to install and configure
a CC-evaluated implementation of Tivoli Identity Manager. However, to ensure
compliance with CC guidelines, access the IBM Tivoli Identity Manager Common
Criteria Guide using a secure procedure described in this section. Do not use the
copy of IBM Tivoli Identity Manager Common Criteria Guide that is posted in the
Tivoli Information Center.
Updates to all technical documents are also posted in the Tivoli Information
Center.
You must securely obtain the IBM Tivoli Identity Manager Common Criteria Guide
using either of the following procedures:
Passport Advantage
The IBM Tivoli Identity Manager Common Criteria Guide is available as a
separately selectable item for customers with Passport Advantage access to
the IBM Tivoli Identity Manager Version 4.6 product.
Download Director
The IBM Tivoli Identity Manager Common Criteria Guide can also be obtained
securely through the IBM Publications Center using the Download
Director option. To use Download Director, you must have installed Java 2
Runtime Environment version 1.4.2 on your local system, and your Web
browser must be set to use Java 1.4.2. To access the IBM Publications
Center, use the following procedure:
1. Start a supported version of a Web browser and go to the IBM home
page at:
http://www.ibm.com
2. Under Get support click Product publications.
3. In the Product publications window, in the Information centers and
libraries section, click Browse by product.
4. In the Product information window, in the Product information
column, click Search for publications.
5. In Welcome to the IBM Publications Center, in the search field, select
United States of America and click Go.
6. In the Quick Publications Center Search window, in the Publication
number field, enter SC32-1486-00, and click Go.
7. In the Publication information window the IBM Tivoli Identity Manager
Common Criteria Guide is listed. Click the option under Download
Director.
8. The security applet prompts you to select whether you trust the content
of the information you are about to receive from the IBM Web site.
Click Yes to start the download.
To ensure proper printing of PDF publications, select the Fit to page check box in
the Adobe Acrobat Print window (which is available when you click File→ Print).
8 IBM Tivoli Identity Manager: Common Criteria Guide
2.4.3 Obtaining the official certification documents
The official technical reference describing the details of the Common Criteria
evaluation for Tivoli Identity Manager Version 4.6 is contained in a document
known as the IBM Tivoli Identity Manager 4.6 Security Target.
Additionally, a certification report is produced that describes the successful
completion of the evaluation process.
When these documents are made available, you can obtain them from the Web site
of the German certification body, Bundesamt für Sicherheit in der
Informationstechnik (BSI):
http://www.bsi.de/zertifiz/zert/reporte.htm
Chapter 2. Specifications and references for a CC-evaluated system 9
2.5 Evaluated and non-evaluated security functionality
This section describes:
v Security functionality evaluated for Tivoli Identity Manager 4.6.
For specific details describing the configuration of these security items, refer to
Chapter 4, “Configuring evaluated security functionality,” on page 19.
v Security functionality not evaluated for Tivoli Identity Manager 4.6.
2.5.1 Evaluated security functionality
This section describes the security functionality that was evaluated for the 4.6
version of Tivoli Identity Manager. For specific details describing the configuration
of these security items, refer to Chapter 4, “Configuring evaluated security
functionality,” on page 19.
Audit of activities
A CC-evaluated implementation of Tivoli Identity Manager is capable of auditing
internal events (such as the modification of provisioning policies or the creation of
new users) by generating audit information for all transactions and storing this
information in a transactional database provided by the IT environment. You can
view these audit records using the Tivoli Identity Manager GUI (Home→ Pending
or Completed Requests).
Identification and authentication
A CC-evaluated implementation of Tivoli Identity Manager identifies users
(including administrators) by user name and authenticates them by password.
ITIM users are persons having an account on the Tivoli Identity Manager system.
ITIM users can be organized by membership in ITIM groups.
User identities are stored in a directory server provided by the IT environment.
Only hashes of the passwords are stored in the Tivoli Identity Manager system.
Password policies can be applied to enforce requirements on the quality of the
password that a user chooses. Lockout mechanisms prevent password guessing
attacks.
Authorization (access control)
A CC-evaluated implementation of Tivoli Identity Manager performs authorization
for user actions, commonly referred to as requests, based on access control items
(ACIs). ACIs can be assigned to ITIM groups and ACI principals (such as
administrators). One predefined account (ITIM manager) exists for Tivoli Identity
Manager administrators. Other ITIM groups can be defined by the customer.
The following ACIs have been considered in the Common Criteria evaluation:
v Organizational
Provides access control to functions related to entities within an organization or
the organization itself.
v Provisioning
Provides access control to functions related to provisioning and other policies.
v Reporting
Provides access control to functions related to the generation of reports.
ACIs can be created, modified, or deleted by either a system administrator or
explicitly entitled users. Members of the predefined administrator group are not
subject to any access control.
10 IBM Tivoli Identity Manager: Common Criteria Guide
Provisioning
Provisioning policies for a CC-evaluated implementation of Tivoli Identity
Manager define the services to which persons belonging to an organizational role
can have access. If a person belongs to an organizational role defined within a
Tivoli Identity Manager environment, and a provisioning policy specifies the
entitlement of this organizational role to a certain service, the person is entitled to
have an account on this service. Such an account may be created in the following
ways:
v Upon request of the user, if the person belongs to an ITIM group
v Manually created by an administrator request
v Automatically created for the person during periodic policy enforcement
Service reconciliation and identity feeds
The CC-evaluated implementation of Tivoli Identity Manager provides the
capability of gathering account information from managed resources. The process
of reconciliation retrieves and compares user information stored on a managed
resource with the corresponding data stored in the Tivoli Identity Manager
database.
Additionally, data can be imported by identity feeds. For example, user data (such
as person, or identity, information) can be imported into an organization managed
by Tivoli Identity Manager. This functionality eliminates the manual adding of a
potentially large number of persons to the Tivoli Identity Manager database by the
administrator. Identity feeds also allow automated reconciliation with systems used
for human resource management within an organization.
An identity feed from a DSML file and a reconciliation using the IBM Tivoli
Directory Integrator were both evaluated for Common Criteria.
2.5.2 Security functionality not evaluated
This section lists the security functionality that was determined to be out of scope
and therefore not evaluated for the 4.6 version of Tivoli Identity Manager. You can
use the functionality listed in this section; however, the current Common Criteria
evaluation for Tivoli Identity Manager Version 4.6 does not provide any level of
assurance for the use of these items.
v SSL/TLS-based encryption of network connections was not evaluated for
Common Criteria.
Tivoli Identity Manager makes use of several third party products to implement
this functionality. The assumption is made that these products provide a correct
implementation of SSL/TLS.
v Generation of log files that can be viewed by directly accessing the files was not
evaluated for Common Criteria.
v Identity feed through a JNDI interface was not evaluated for Common Criteria.
v The use of IBM Tivoli Directory Integrator for provisioning accounts was not
evaluated for Common Criteria.
v The Enterprise Java Beans (EJB), Web, and applet containers in the IT
environment (described in J2EE, J2SE, and related specifications) were not
evaluated for Common Criteria.
Chapter 2. Specifications and references for a CC-evaluated system 11
12 IBM Tivoli Identity Manager: Common Criteria Guide
Chapter 3. Security policy assumptions and conditions
Note: Before proceeding with this chapter, make sure you read “1.3
Implementation roadmap” on page 2.
A Common Criteria evaluated (CC-evaluated) implementation of Tivoli Identity
Manager makes specific assumptions about required security policy and
installation restrictions. Assumptions are items and issues that cannot be formally
evaluated but are required to ensure the security level of a CC-evaluated system.
To reproduce a CC-evaluated implementation of Tivoli Identity Manager, you must
review and apply the items in this chapter.
Section topics:
v “3.1 Security policy assumptions” on page 13
v “3.2 Installation and configuration conditions” on page 14
3.1 Security policy assumptions
A CC-evaluated implementation of Tivoli Identity Manager is based on security
policy assumptions that must be respected to achieve and maintain a secure
operation.
3.1.1 Physical policy assumptions
The machines running the Tivoli Identity Manager server and adapters that are
part of the CC-evaluated configuration must be protected against unauthorized
physical access and modification.
3.1.2 Personnel policy assumptions
v The system administration personnel for Tivoli Identity Manager and the IT
environment are not careless, willfully negligent, or hostile, and follow and
abide by the instructions provided by the administrator documentation. They are
well trained to securely administer all aspects of Tivoli Identity Manager
operation in accordance with the conditions outlined in the product technical
documentation and this guide.
v Passwords generated for users of the system by administrators must be
transmitted in a secure fashion to the users.
v Users and administrators have to protect any passwords used for authentication
to Tivoli Identity Manager, and must not disclose their passwords to others.
v Users of the Tivoli Identity Manager environment are from a well-managed user
community in a non-hostile working environment.
3.1.3 System policy assumptions
v All services on the Tivoli Identity Manager Server must be switched off,
especially networked services that are nonessential for running, managing, and
administering Tivoli Identity Manager. Tivoli Identity Manager components must
be the only components running on the underlying operating systems.
v The runtime environment must provide an exact time to the Tivoli Identity
Manager components. Exact time is critical for audit record generation.
v Tivoli Identity Manager properties files, configuration files, and log/audit files
must be protected using operating system access control mechanisms.
© Copyright IBM Corp. 2005 13
v The directory server must protect stored data from unauthorized modification
and deletion by requiring user identification and authentication, and performing
access control on the data entries.
v The database server must protect stored audit records and other data from
unauthorized modification and deletion by requiring user identification and
authentication, and performing access control on the data entries.
v If you use the product APIs to create a custom application to access the Tivoli
Identity Manager Server, you must use the ITIM_CLIENT role to establish the
working context in the WebSphere Application Server. The ITIM_CLIENT role is
described in the IBM Tivoli Identity Manager Planning for Deployment Guide.
Additional management and administration issues and mechanisms of the
underlying operating systems are beyond the scope of these guidelines.
3.1.4 Connectivity policy assumptions
v An administrator using a remote terminal or remote workstation for
administration must ensure that the remote terminal or workstation is in a
secured environment and use secure connections to the Tivoli Identity Manager
Server. Adequate procedures and security policies must be in place to protect
remote terminal-to-server communication against eavesdropping and
unauthorized access.
v An administrator using the Web GUI supplied with the product to access the
Tivoli Identity Manager Server from a remote workstation must log in with a
user ID that is mapped to the ITIM_CLIENT role. The ITIM_CLIENT role,
described in the IBM Tivoli Identity Manager Planning for Deployment Guide, is an
unprivileged role that prevents access to core product functions. The procedure
for mapping credentials to the ITIM_CLIENT role is described in “4.2.8 Java 2
security required for WebSphere Application Server” on page 24.
v Person information stored in any external enterprise identity data store must be
managed in a way that allows proper association with the entity information
managed by Tivoli Identity Manager.
3.2 Installation and configuration conditions
3.2.1 General server conditions
v This Common Criteria evaluation is based on the English version of Tivoli
Identity Manager and its documentation. You must use only the English-version
Tivoli Identity Manager GUI.
v Ensure that you are using clean systems that do not have previous versions of
Tivoli Identity Manager installed. You are not allowed to upgrade from an older
release to the current release and then use this upgraded system as a basis for a
CC-evaluated configuration.
v The system must be configured in such a way that no unauthorized access to
functions provided by the Web application server and operating system software
(including network services) is possible either locally or through any network
connection. Additionally, all product system components are protected against
interference by unauthorized users.
v The Tivoli Identity Manager Server component must be installed and operated
on a dedicated Web application server that communicates through network
connections with clients, adapters, and the resources in the IT environment (for
example, LDAP registry, relational database management system (RDBMS)).
14 IBM Tivoli Identity Manager: Common Criteria Guide
v Do not register user-defined Java or JavaScript extensions in the Tivoli Identity
Manager configuration files.
v The CC-evaluated implementation of Tivoli Identity Manager must not be
operated in a multi-tenant setup.
v The usage of low-level APIs (as opposed to the provided application API) to
extend the functionality of the Tivoli Identity Manager core services is
prohibited.
v The Web application server and MQSeries are installed on one dedicated
machine that is physically and logically protected. Clustering is disabled.
v The directory server and RDBMS are installed either together on one system or
separately on two systems. They are for dedicated use by Tivoli Identity
Manager only and configured accordingly (for example, with restricted network
availability). The underlying machine(s) are dedicated to run only these
applications.
v All network communication is protected, either by cryptographic (SSL/TLS) or
organizational (restricted network access) means. Network connections requiring
protection include:
– Client to application server/Web server
– Adapter to Tivoli Identity Manager server
– Database server to Tivoli Identity Manager server
– Directory server to Tivoli Identity Manager serverv Only identity feed through a DSML file and reconciliation using the IBM Tivoli
Directory Integrator are supported as the mechanisms for identity feed and
account reconciliation.
v IBM Tivoli Directory Integrator is not supported for provisioning accounts.
v Single sign-on (SSO) with Tivoli Access Manager is not supported.
v Applications that access the Tivoli Identity Manager application API are
implemented using the Java Development Kit (JDK) packaged with the
WebSphere Application Server.
v The procedure entitled "Configuring the referential integrity plug-in on the IBM
Tivoli Directory Server" in the IBM Tivoli Identity Manager Server Installation and
Configuration Guide for WebSphere Environments is not required for CC evaluation.
The plug-in is already integrated into the IBM Tivoli Directory Server.
3.2.2 General adapter conditions
v The CC-evaluated implementation of Tivoli Identity Manager can only use the
specified adapters (refer to “2.3 Component specifications for the CC-evaluated
system” on page 6). Tivoli Identity Manager adapters were called agents in
previous versions of Tivoli Identity Manager. No other adapters or agents in the
IT environment can be connected to the CC-evaluated configuration, including
LDAP or vendor-specific agents.
v The adapters supported by the CC-evaluated configuration must use the DAML
protocol (and not FTP) for communication with the Tivoli Identity Manager
server.
v The operating system must operate as specified and provide adequate protection
measures against tampering with the adapter and its interfaces.
v To prevent password snooping through the network, access to network sockets
opened by adapters for configuration with the agentCfg utility is restricted to
root users, or administrators, on the local operating system hosting the adapter.
High quality passwords must be set for the adapter configuration.
Chapter 3. Security policy assumptions and conditions 15
3.2.3 Documentation issues
v This Common Criteria evaluation is based on the English version of Tivoli
Identity Manager and its documentation. You must refer only to the
English-version technical documentation when implementing the CC-evaluated
version of Tivoli Identity Manager.
v The following technical documents provide standard information and
procedures for installing and configuring the CC-evaluated implementation of
Tivoli Identity Manager. These documents must be obtained using the secure
procedure described in “2.4.2 Accessing the Tivoli Identity Manager technical
documentation used for CC evaluation” on page 7.
– IBM Tivoli Identity Manager Server Installation and Configuration Guide for
WebSphere Environments
– IBM Tivoli Identity Manager Oracle Adapter for Windows Installation and
Configuration Guide
– IBM Tivoli Identity Manager Adapter for Windows Installation and Configuration
Guide
– IBM Tivoli Identity Manager Information Center
– IBM Tivoli Identity Manager Common Criteria Guide (this document)
– IBM Tivoli Identity Manager Release Notes
3.3 Assumed security threats
The Common Criteria evaluation of Tivoli Identity Manager produces a set of
conditions for an accepted level of security for the system implementation. Security
conditions exist to counter the general threat of unauthorized access to stored and
transmitted information assets. The term ″access″ includes the acts of disclosure,
modification, and destruction.
Assets to be protected include:
v Information related to identities, accounts, organizational structures, users, and
groups
v Provisioning policies, password policies, service definitions, workflows, ACIs,
and other policies maintained by Tivoli Identity Manager
v Authentication and transaction security credentials
Two classifications of threats (threat agents) are considered:
v Unauthenticated individuals
Individuals not known to Tivoli Identity Manager but who have network-based
access to communication interfaces exposed by Tivoli Identity Manager.
v Authorized users of Tivoli Identity Manager
Individuals who have successfully authenticated themselves to Tivoli Identity
Manager and can access resources as defined by the access control information
through the user and administration interface.
The CC-evaluated implementation of Tivoli Identity Manager is not intended to
provide protection against determined attempts by hostile and well-funded
attackers attempting to breach system security. Instead, the CC-evaluated
implementation of Tivoli Identity Manager assumes that threats are going to
originate from a well-managed user community in a non-hostile working
environment. Therefore, the product’s focus is to protect against inadvertent or
casual attempts to breach the system security.
16 IBM Tivoli Identity Manager: Common Criteria Guide
An example of an intended environment is a company intranet well-protected from
external attacks and with an overall user community (including unauthenticated
users) that can be assumed to be non-hostile. System administrators of the system,
and administrators for the underlying operating systems, Web application server,
transaction database, and directory server, are assumed to be trustworthy and
trained, and follow the instructions provided to them with respect to the secure
configuration and operation of the systems under their responsibility.
Chapter 3. Security policy assumptions and conditions 17
18 IBM Tivoli Identity Manager: Common Criteria Guide
Chapter 4. Configuring evaluated security functionality
Note: Before proceeding with this chapter, make sure you read “1.3
Implementation roadmap” on page 2.
A Common Criteria evaluated (CC-evaluated) implementation of Tivoli Identity
Manager makes specific assumptions about security functionality considered in the
evaluation.
To install and configure a CC-evaluated implementation of Tivoli Identity Manager,
you must use the standard version 4.6 technical documentation for Tivoli Identity
Manager. Then you must review and apply the items in this chapter.
Section topics:
v “4.1 Auditing system activity” on page 20
v “4.2 Identification and authentication” on page 20
v “4.3 Provisioning” on page 27
v “4.4 Event notification” on page 27
© Copyright IBM Corp. 2005 19
4.1 Auditing system activity
The following items represent the required conditions for the auditing of system
activity on a CC-evaluated implementation of Tivoli Identity Manager.
Task list:
v “4.1.1 Viewing audit records” on page 20
4.1.1 Viewing audit records
Tivoli Identity Manager can audit internal activity (events) such as the modification
of provisioning policies and the creation of new user accounts. Audit information
for all events are stored in the database that supports the Tivoli Identity Manager
Server. Any ITIM user can view his own audit log records. A CC-evaluated
implementation of Tivoli Identity Manager must allow an administrator the ability
to review all available audit records.
Action:
A user can find audit records by using the Tivoli Identity Manager GUI:
1. Select the Home tab on the Navigation bar.
2. Select View Completed Requests from the Task Bar.
3. Click the Request Details icon found on the left of each audit record row.
The Request header page appears for that record.
4. Click the Audit Log tab.
5. Click the Request Details icon found on the left of the audit record row.
A user belonging to the Administrator ITIM group has the correct access rights to
view all available audit records on the system.
4.2 Identification and authentication
The following items represent the required conditions for secure password
management on a CC-evaluated implementation of Tivoli Identity Manager. In a
CC-evaluated system, the security of passwords must never be compromised. The
following configuration information provides specific methods to achieve this
security. You can apply other configuration options as long as the security of
passwords is ensured.
Task list:
v “4.2.1 Password challenge/response feature must be disabled” on page 21
v “4.2.2 No passwords allowed in e-mail notifications” on page 21
v “4.2.3 Shared secret for password notification not allowed” on page 22
v “4.2.4 Required password policies” on page 22
v “4.2.5 Client-to-Web server SSL communication required” on page 23
v “4.2.6 Server-to-adapter SSL communication required” on page 23
v “4.2.7 HTTPS communication on WebSphere Application Server must be
enabled” on page 24
v “4.2.8 Java 2 security required for WebSphere Application Server” on page 24
v “4.2.9 Maximum number of invalid logon attempts” on page 25
v “4.2.10 Password expiration period” on page 25
v “4.2.11 Enable password editing” on page 25
20 IBM Tivoli Identity Manager: Common Criteria Guide
4.2.1 Password challenge/response feature must be disabled
A CC-evaluated implementation of Tivoli Identity Manager requires that the
password challenge/response feature be disabled.
The password challenge/response feature, if enabled, allows a user access to the
Tivoli Identity Manager system if the user forgot the password but successfully
answers challenge/response questions. If the password challenge/response feature
is disabled, the user is required to contact the system administrator for access to
the Tivoli Identity Manager system.
Action:
Refer to the ″Password challenge/response configuration″ section of the IBM Tivoli
Identity Manager Information Center for instructions on disabling the password
challenge/response feature.
4.2.2 No passwords allowed in e-mail notifications
You can configure the Tivoli Identity Manager Server to send e-mail notifications
with embedded passwords when specific administrative changes occur, such as a
password reset. In a CC-evaluated configuration, the sending of these e-mails
(which contain unencrypted passwords) is prohibited. Sending e-mail notifications
with unencrypted passwords over untrusted systems can allow attackers to steal
these passwords by intercepting these e-mails. If you still want to use the e-mail
feature to notify users of password changes, ensure that you always send the
e-mails over secure networks. Note, however, that transmitting e-mails with
unencrypted passwords over secured or unsecured networks is a violation of the
CC evaluation criteria.
To ensure that e-mails with passwords are not automatically sent when an
administrative action occurs, complete the steps described in this section to:
v Disable the automatic sending of the passwords in e-mail notifications.
The enrole.workflow.notification.newpassword property of the
enrole.properties configuration file is set by default to a Java class file that
provides e-mail notification to a user when a password change has occurred for
that user’s account. You can instead replace the NewPasswordNotification class
with the EmptyNotificationFactory class. Alternatively, you can provide a
custom notification factory if the factory mechanism safeguards passwords
during storage and transmission to the user.
v Disable the use of the templates that send the e-mail notifications with
embedded passwords when a related administrative action is completed.
Action:
The following procedure results in no notification being sent to a user upon
completion of a password change workflow process:
1. Compile the EmptyNotificationFactory source file located in the following
directory:
ITIM_HOME/extensions/examples/mail/
The examples directory contains a help HTML file that explains how to build
(compile) the example.
2. Some examples must be run within the context of the Tivoli Identity Manager
provisioning platform. This requires that the extensions/lib/examples.jar file
must be added to the application server’s classpath.
The examples directory contains a help HTML file that explains how to add
examples.jar to the classpath.
Chapter 4. Configuring evaluated security functionality 21
3. Update the enrole.properties configuration file by replacing the following
line:
enrole.workflow.notification.newpassword =
com.ibm.itim.workflow.notification.TemplateNewPasswordNotification
with:
enrole.workflow.notification.newpassword =
com.ibm.itim.workflow.notification.EmptyPasswordNotification
4. Restart the Tivoli Identity Manager Server.
Action:
Use the following procedure to disable the sending of e-mail notifications with
embedded passwords:
1. Login as an administrator and select Configuration→ Properties.
2. Click [...] next to Workflow Notification to view a list of templates.
3. Remove the check mark from the Enabled box next to the following templates:
v New Password Template
v New Account Template
v Restore Account Template4. Click Submit to save your changes.
4.2.3 Shared secret for password notification not allowed
The enrole.workflow.notifypassword property in the enrole.properties
configuration file specifies the type of e-mail notification used to transmit a new
password change to a user.
A ″true″ value indicates an e-mail notification of a password change can be sent to
the user. The actual notification mechanism, including the inclusion, or not, of the
actual password in the e-mail, is dictated by the configuration of the
enrole.workflow.notification.newpassword property value in the
enrole.properties configuration file (see “4.2.2 No passwords allowed in e-mail
notifications” on page 21).
A ″false″ value places a password retrieval URL in an e-mail to the user. The user
clicks on the URL to obtain the password. The user must provide his/her shared
secret key. This setting is not allowed in a CC-evaluated implementation of Tivoli
Identity Manager because Tivoli Identity Manager has no means to enforce the use
of large quantities of these secret keys.
Action:
Set the enrole.workflow.notifypassword property in the enrole.properties
configuration file to ″true″ (default):
enrole.workflow.notifypassword = true
4.2.4 Required password policies
All users and managed resources of a CC-evaluated implementation of Tivoli
Identity Manager must adhere to a minimal criteria for specifying password rules.
The following password policy rules specify the minimal criteria. These password
policy rules ensure adequate strength of the password mechanisms as configured
for a CC-evaluated system. If desired, you can implement more stringent password
rules and still be in compliance with CC criteria. For example, you can specify a
22 IBM Tivoli Identity Manager: Common Criteria Guide
minimum length of eight characters (instead of six characters) and use all of the
other specified minimal criteria and the password rules will be in compliance with
the CC criteria.
v Minimum Length: 6 characters
v Maximum Length: not specified
v Maximum Repeated Characters: not specified
v Minimum Unique Characters Required: 6 characters
v Minimum Alphabetic Characters Required: 5 characters
v Minimum Numeric Characters Required: 1 character
v Disallow User Name?: yes
v Disallow User ID?: yes
v Repeated History Length: 5
v Invalid Characters: none
Action:
The password policy you implement must be placed at the top level of the
organizational tree, and the policy must be configured to apply to all subtrees and
all services. The following options must also be configured in the policy:
v Disallow User Name (with Case-Insensitivity)?: yes
v Disallow User ID (with Case-Insensitivity)?: yes
You can configure more than one password policy, for example, you can configure
one or more password policies that apply to specific levels (subnodes) of the
organizational tree, or to specific services. However, to comply with CC
requirements, the specified rules of each password policy you implement must be
at least as stringent as the minimal guidelines described in this section.
Refer to the IBM Tivoli Identity Manager Information Center for instructions on using
the Tivoli Identity Manager GUI to create policies and policy rules.
4.2.5 Client-to-Web server SSL communication required
To protect authentication credentials and other data transmitted to the Tivoli
Identity Manager user interface, a CC-evaluated implementation of Tivoli Identity
Manager requires one-way SSL communication between clients and the Web server.
In a one-way SSL configuration, the client (browser) is configured with the CA
certificate that corresponds to the certificate presented by the Web server.
Action:
Refer to the IBM Tivoli Identity Manager Information Center for information on
configuring the Web server to require SSL communication (under Contents select
Configuring the Tivoli Identity Manager environment→ Configuring the use of
SSL authentication→ Configuring SSL authentication on the IBM HTTP Server).
Refer to the online help of the browser for information on configuring the browser
to use SSL authentication. Note that supported browsers are preconfigured with
the CA certificates of most well-known certificate authorities.
4.2.6 Server-to-adapter SSL communication required
To protect authentication credentials and other data transmitted between the Tivoli
Identity Manager Server and the adapters, a CC-evaluated implementation of
Tivoli Identity Manager requires two-way SSL communication between the Tivoli
Identity Manager Server and the adapters. In a two-way SSL configuration, the
Chapter 4. Configuring evaluated security functionality 23
Tivoli Identity Manager Server and the adapters must be configured with
certificates and corresponding CA certificates.
Action:
Refer to the IBM Tivoli Identity Manager Information Center for information on
configuring the Tivoli Identity Manager Server to use SSL communication (under
Contents select Configuring the Tivoli Identity Manager environment→
Configuring the use of SSL authentication→ Configuring SSL authentication for
the Tivoli Identity Manager Server). Refer to the installation and configuration
guides of the adapters for information on configuring the adapters to use two-way
SSL communication.
4.2.7 HTTPS communication on WebSphere Application Server
must be enabled
A CC-evaluated implementation of Tivoli Identity Manager requires that secure
(HTTPS) communication on WebSphere Application Server be enabled.
Action:
1. From the left navigation panel of the WebSphere Administration Console,
expand Servers.
2. From the expanded view of Servers, click Application Servers.
The panel for server1 displays on the right.
3. Click server1.
4. Click Web Container.
The Configuration panel for Web Container displays.
5. From the Additional Properties section of the Configuration panel, click HTTP
transports.
The HTTP Transport panel displays. Currently configured communication ports
are listed.
6. Option 1: Remove inappropriate ports:
Click the check box for the port and click Delete.
7. Option 2: Enable SSL for a port:
a. Click the check box for the port and click the * link.
The Configuration panel for the selected port displays.
b. Click the check box for Enable SSL.
4.2.8 Java 2 security required for WebSphere Application
Server
A CC-evaluated implementation of Tivoli Identity Manager requires that
WebSphere Application Server be configured to use Java 2 security.
Action:
Refer to ″Configuring security manually for single-node deployments before
installing Tivoli Identity Manager″ in IBM Tivoli Identity Manager Server Installation
and Configuration Guide for WebSphere Environments for information on configuring
WebSphere Application Server to use Java 2 security.
In addition to defining the itimadmin user, a CC-evaluated implementation of
Tivoli Identity Manager also requires that you define another EJB User,
itimnonadmin. To define the itimnonadmin user, complete the following steps:
24 IBM Tivoli Identity Manager: Common Criteria Guide
v In ″Configuring security manually for single-node deployments before installing
Tivoli Identity Manager,″ add the following step c after step b in the procedure
labeled 1. Specify an administrative user with these steps:
– Create or select another administrative user in the user registry of your
operating system. In subsequent examples, this user is an EJB User called
itimnonadmin.v In ″Optionally configuring security after installing Tivoli Identity Manager,″
complete the following steps after you complete the steps described in Mapping
an administrative user to a role. These steps map an EJB User, itimnonadmin, to
the ITIM_CLIENT role:
1. On the WebSphere Administrative Console, click Applications → Enterprise
Applications.
2. Click enRole.
3. In Additional Properties, scroll down and click Map security roles to
users/groups.
4. Select the check box for ITIM_CLIENT.
5. Click Lookup users.
6. Click Search.
7. Select the itimnonadmin EJB User from the list.
8. Click OK.
9. To prevent unauthorized access, clear the Everyone? or All Authenticated?
check boxes.
10. Save the configuration changes.
4.2.9 Maximum number of invalid logon attempts
A CC-evaluated implementation of Tivoli Identity Manager requires that the
maximum number of invalid logon attempts is set to a value between 1 and 5.
After 5 unsuccessful logon attempts, the account is suspended. This protective
measure prevents password guessing attacks.
Action:
In the Tivoli Identity Manager GUI, select Configuration→ Properties to set the
value for the maximum number of unsuccessful logon attempts. Use the
Information Center for help in completing the task.
4.2.10 Password expiration period
A CC-evaluated implementation of Tivoli Identity Manager requires that the
password expiration period be set to 90 days or less. The password expiration
period is the number of days a Tivoli Identity Manager password is valid before a
user is forced to choose a new password.
Action:
In the Tivoli Identity Manager GUI, select Configuration→ Properties to set the
value for the password expiration interval to 90 days or less. Use the Information
Center for help in completing the task.
4.2.11 Enable password editing
A CC-evaluated implementation of Tivoli Identity Manager requires password
editing to be enabled for authorized administrators and users who are allowed to
edit their own passwords. For a CC-evaluated system, passwords are not allowed
in e-mail notifications, and cannot be displayed by any other means.
Administrators must be allowed to define passwords manually for users.
Chapter 4. Configuring evaluated security functionality 25
Action:
In the Tivoli Identity Manager GUI, select Configuration→ Properties to enable
password editing. Use the Information Center for help in completing the task.
26 IBM Tivoli Identity Manager: Common Criteria Guide
4.3 Provisioning
The following items represent the required conditions for secure provisioning
management on a CC-evaluated implementation of Tivoli Identity Manager.
Task list:
v “4.3.1 Disable remote password synchronization” on page 27
4.3.1 Disable remote password synchronization
The remote password synchronization feature can be de-configured by using the
WebSphere Administrative Console to switch off the service.
4.4 Event notification
The following items represent the required conditions for secure event notification
management on a CC-evaluated implementation of Tivoli Identity Manager.
Task list:
v “4.4.1 Event notification must be disabled” on page 27
4.4.1 Event notification must be disabled
Unsolicited service notification of adapters (remote password synchronization) and
of identity feeds are not supported in the evaluated configuration of Tivoli Identity
Manager. The DSML and IBM Tivoli Directory Integrator identity feeds are
operated by using their reconciliation functionality.
A CC-evaluated implementation of Tivoli Identity Manager requires that event
notification be disabled.
Action:
To remove event notification, open the web.xml file located at:
WAS_HOME\installedApps\IBMXGLFR\enRole.ear\app_web.war\WEB-INF\
Note: To conform to the requirements of Common Criteria for this product, you
must not edit any other lines in the web.xml file other than those mentioned
in the following list.
Remove the UnsolicitedNotificationHandler, DSML2EventServlet, and
ResponseNotificationHandler servlets by deleting the following lines from the file:
<servlet id="Servlet_1125360617303">
<servlet-name>UnsolicitedNotificationHandler</servlet-name>
<description>Servlet To receive unsolicited events via DAML over https.
</description>
<servlet-class>com.ibm.itim.remoteservices.provider.directory.notifications.
UnsolicitedNotificationHandler
</servlet>
<servlet id="Servlet_1125360617304">
<servlet-name>DSML2EventServlet</servlet-name>
<description>Servlet To receive unsolicited events via DSML2 over http(s).
</description>
<servlet-class>com.ibm.itim.remoteservices.provider.dsml2.event.DSML2EventServlet
</servlet-class>
</servlet>
<servlet id="Servlet_1125360617305">
<servlet-name>ResponseNotificationHandler</servlet-name>
Chapter 4. Configuring evaluated security functionality 27
<description>Servlet To receive data from RemoteServices like Agent</description>
<servlet-class>com.ibm.itim.remoteservices.provider.directory.notifications.
ResponseNotificationHandler</servlet-class>
</servlet>
28 IBM Tivoli Identity Manager: Common Criteria Guide
Appendix A. Support information
This section describes the following options for obtaining support for IBM
products:
v “Searching knowledge bases”
v “Obtaining fixes” on page 30
v “Contacting IBM Software Support” on page 30
Searching knowledge bases
If you have a problem with your IBM software, you want it resolved quickly. Begin
by searching the available knowledge bases to determine whether the resolution to
your problem is already documented.
Search the information center on your local system or
network
IBM provides extensive documentation that can be installed on your local
computer or on an intranet server. You can use the search function of this
information center to query conceptual information, instructions for completing
tasks, reference information, and support documents.
Search the Internet
If you cannot find an answer to your question in the information center, search the
Internet for the latest, most complete information that might help you resolve your
problem. To locate Internet resources for your product, open one of the following
Web sites:
v IBM Tivoli Identity Manager Performance Tuning Guide
Provides information needed to tune Tivoli Identity Manager Server for a
production environment. It is available on the Web at:
http://publib.boulder.ibm.com/tividd/td/tdprodlist.html
Click the I character in the A-Z product list, and then, click the IBM Tivoli
Identity Manager link. Browse the information center for the Technical
Supplements section.
v Redbooks and white papers are available on the Web at:
http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliIdentityManager.html
Browse to the Self Help section, in the Learn category, and click the Redbooks
link.
v Technotes are available on the Web at:
http://www.redbooks.ibm.com/redbooks.nsf/tips/
v Field guides are available on the Web at:
http://www.ibm.com/software/sysmgmt/products/support/Field_Guides.html
v For an extended list of other Tivoli Identity Manager resources, search the
following IBM developerWorks Web site:
http://www.ibm.com/developerworks/
© Copyright IBM Corp. 2005 29
Obtaining fixes
A product fix might be available to resolve your problem. You can determine what
fixes are available for your IBM software product by checking the product support
Web site:
1. Go to the IBM Software Support Web site
(http://www.ibm.com/software/support).
2. Under Products support pages A to Z, select the letter for your product name.
3. In the list of specific products, click IBM Tivoli Identity Manager.
4. Under Self help, you find a list of fixes, fix packs, and other service updates
for your product.
5. Click the name of a fix to read the description and optionally download the fix.
To receive weekly e-mail notifications about fixes and other news about IBM
products, follow these steps:
1. From the support page for any IBM product, click My support in the upper-left
corner of the page.
2. If you have already registered, skip to the next step. If you have not registered,
click register in the upper-right corner of the support page to establish your
user ID and password.
3. Sign in to My support.
4. On the My support page, click Edit profiles in the left navigation pane, and
scroll to Select Mail Preferences. Select a product family and check the
appropriate boxes for the type of information you want.
5. Click Submit.
6. For e-mail notification for other products, repeat Steps 4 and 5.
For more information about types of fixes, see the Software Support Handbook
(http://techsupport.services.ibm.com/guides/handbook.html).
Contacting IBM Software Support
IBM Software Support provides assistance with product defects.
Before contacting IBM Software Support, your company must have an active IBM
software maintenance contract, and you must be authorized to submit problems to
IBM. The type of software maintenance contract that you need depends on the
type of product you have:
v For IBM distributed software products (including, but not limited to, Tivoli,
Lotus, and Rational products, as well as DB2 and WebSphere products that run
on Windows or UNIX operating systems), enroll in Passport Advantage in one
of the following ways:
– Online: Go to the Passport Advantage Web page
(http://www.lotus.com/services/passport.nsf/WebDocs/
Passport_Advantage_Home) and click How to Enroll
– By phone: For the phone number to call in your country, go to the IBM
Software Support Web site
(http://techsupport.services.ibm.com/guides/contacts.html) and click the
name of your geographic region.v For IBM eServer software products (including, but not limited to, DB2 and
WebSphere products that run in zSeries, pSeries, and iSeries environments), you
can purchase a software maintenance agreement by working directly with an
IBM sales representative or an IBM Business Partner. For more information
30 IBM Tivoli Identity Manager: Common Criteria Guide
about support for eServer software products, go to the IBM Technical Support
Advantage Web page (http://www.ibm.com/servers/eserver/techsupport.html).
If you are not sure what type of software maintenance contract you need, call
1-800-IBMSERV (1-800-426-7378) in the United States or, from other countries, go to
the contacts page of the IBM Software Support Handbook on the Web
(http://techsupport.services.ibm.com/guides/contacts.html) and click the name of
your geographic region for phone numbers of people who provide support for
your location.
Follow the steps in this topic to contact IBM Software Support:
1. Determine the business impact of your problem.
2. Describe your problem and gather background information.
3. Submit your problem to IBM Software Support.
Determine the business impact of your problem
When you report a problem to IBM, you are asked to supply a severity level.
Therefore, you need to understand and assess the business impact of the problem
you are reporting. Use the following criteria:
Severity 1 Critical business impact: You are unable to use the program,
resulting in a critical impact on operations. This condition
requires an immediate solution.
Severity 2 Significant business impact: The program is usable but is
severely limited.
Severity 3 Some business impact: The program is usable with less
significant features (not critical to operations) unavailable.
Severity 4 Minimal business impact: The problem causes little impact on
operations, or a reasonable circumvention to the problem has
been implemented.
Describe your problem and gather background information
When explaining a problem to IBM, be as specific as possible. Include all relevant
background information so that IBM Software Support specialists can help you
solve the problem efficiently. To save time, know the answers to these questions:
v What software versions were you running when the problem occurred?
v Do you have logs, traces, and messages that are related to the problem
symptoms? IBM Software Support is likely to ask for this information.
v Can the problem be re-created? If so, what steps led to the failure?
v Have any changes been made to the system? (For example, hardware, operating
system, networking software, and so on.)
v Are you currently using a workaround for this problem? If so, please be
prepared to explain it when you report the problem.
The Tivoli Identity Manager serviceability tool assists in gathering information for
working with an IBM Software Support representative. The tool collects Tivoli
Identity Manager related log files, performs a check of the product JAR files,
gathers some limited configuration details, and creates a compressed file that
contains this information. The compressed file can then be transferred or e-mailed
to a support representative.
Appendix A. Support information 31
Use this tool only when directed to by your support representative. For more
information, refer to the IBM Tivoli Identity Manager Problem Determination Guide.
Submit your problem to IBM Software Support
You can submit your problem in one of two ways:
v Online: Go to the ″Submit and track problems″ page on the IBM Software
Support site (http://www.ibm.com/software/support/probsub.html). Enter
your information into the appropriate problem submission tool.
v By phone: For the phone number to call in your country, go to the contacts page
of the IBM Software Support Handbook on the Web
(http://techsupport.services.ibm.com/guides/contacts.html) and click the name
of your geographic region.
If the problem you submit is for a software defect or for missing or inaccurate
documentation, IBM Software Support creates an Authorized Program Analysis
Report (APAR). The APAR describes the problem in detail. Whenever possible,
IBM Software Support provides a workaround for you to implement until the
APAR is resolved and a fix is delivered. IBM publishes resolved APARs on the
IBM product support Web pages daily, so that other users who experience the
same problem can benefit from the same resolutions.
For more information about problem resolution, see Searching knowledge bases
and Obtaining fixes.
32 IBM Tivoli Identity Manager: Common Criteria Guide
Appendix B. Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user’s responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not give you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing, to:
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106-0032, Japan
The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS
PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or
implied warranties in certain transactions, therefore, this statement may not apply
to you.
This information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
© Copyright IBM Corp. 2005 33
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged should contact:
IBM Corporation
2ZA4/101
11400 Burnet Road
Austin, TX 78758
U.S.A.
Such information may be available, subject to appropriate terms and conditions,
including in some cases, payment of a fee.
The licensed program described in this information and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement, or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on development-level
systems and there is no guarantee that these measurements will be the same on
generally available systems. Furthermore, some measurements may have been
estimated through extrapolation. Actual results may vary. Users of this document
should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of
those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
Trademarks
The following terms are trademarks or registered trademarks of International
Business Machines Corporation in the United States, other countries, or both: IBM,
IBM logo, AIX, DB2, Domino, Lotus, SecureWay, Tivoli, Tivoli logo, Universal
Database, WebSphere.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of
Microsoft Corporation in the United States, other countries, or both.
Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation
in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Linux is a trademark of Linus Torvalds in the U.S., other countries, or both.
SAP is a trademark or registered trademark of SAP AG in Germany and in several
other countries.
34 IBM Tivoli Identity Manager: Common Criteria Guide
Java and all Java-based trademarks are trademarks of Sun
Microsystems, Inc. in the United States, other countries, or
both.
Other company, product, and service names may be trademarks or service marks
of others.
Appendix B. Notices 35
36 IBM Tivoli Identity Manager: Common Criteria Guide
Index
Aaccessibility
pdf format, for screen-reader software viii
statement for documentation viii
text, alternative for document images viii
accessing publications online 7
assumed security threats 16
assumptions, security policyconnectivity policy 14
personnel policy 13
physical policy 13
system policy 13
audience, who should read this book v
audit records 20
Bbooks
see publications viii
CCC-evaluated, definition 2, 5
CCMRA 1
common criteriaabout evaluated version of Tivoli Identity Manager 5
accessing publications online 7
assumed security threats 16
CC-evaluated 5
CC-evaluated, definition 2
component specifications 6
configuring evaluated security functionality 19
definition 1
EAL 3+ 5
evaluated security functionality 10
guidance and references 7
how to obtain evaluated product 5
implementation roadmap 2
installation and configuration conditions 14
security policy assumptions 13
Security Target document 9
technical documentation library 7
what this guide describes 2
component specifications 6
conditions, installation and configurationadapter 15
documentation 16
general 14
configuring evaluated security functionality 19
auditing system activity 20
viewing audit records 20
identification and authentication 20
client-to-Web server SSL 23
enable HTTPS on WebSphere 24
enable password editing 25
J2EE security required 24
maximum invalid logon attempts 25
no passwords in e-mail notifications 21
password challenge/response 21
password expiration period 25
configuring evaluated security functionality (continued)identification and authentication (continued)
required password policies 22
server-to-adapter SSL 23
shared secret not allowed 22
identity feeds 27
disable event notification 27
provisioning 27
disable remote password synchronization 27
conventionsHOME directory
ITIM_HOME x
WAS_HOME x
typeface ix
UNIX variable, directory notation ix
used in this document ix
customer supportsee Software Support 30
Ddirectory
installationWebSphere Application Server base product x
ITIM_HOME x
names, UNIX notation ix
WAS_HOME x
disabilities, using documentation viii
documentsrelated viii
Tivoli Identity Manager library v
Ee-mail notification of password changes 21
EAL 3+ 5
environment variableUNIX notation ix
evaluated security functionality 10
audit of activities 10
authorization (access control) 10
identification and authentication 10
provisioning 11
service reconciliation and identity feeds 11
evaluation assurance level 5
Ffixes, obtaining 30
Gguidance and references 7
Hhome directories
ITIM_HOME x
WAS_HOME x
© Copyright IBM Corp. 2005 37
Iimplementation roadmap 2
information centers, searching to find software problem
resolution 29
installationdirectory
WebSphere Application Server base product x
installation and configuration conditionsadapter 15
documentation 16
general 14
Internet, searching to find software problem resolution 29, 30
ISO 15408 1
ITIM_CLIENT role 14
ITIM_HOMEdefinition x
directory x
Kknowledge bases, searching to find software problem
resolution 29
Mmanuals
see publications viii
Oobtaining evaluated product 5
online publicationsaccessing viii
Ppassword notification 22
password policies 22
path names, notation ix
pdf format, for screen-reader software viii
problem determinationdescribing problem for IBM Software Support 31
determining business impact for IBM Software Support 31
submitting problem to IBM Software Support 32
publicationsaccessing online viii
related viii
Tivoli Identity Manager library v
Rreferences and guidance 7
Ssecurity functionality, evaluated 10
audit of activities 10
authorization (access control) 10
identification and authentication 10
provisioning 11
service reconciliation and identity feeds 11
security functionality, not evaluated 11
security policy assumptionsconnectivity policy 14
security policy assumptions (continued)personnel policy 13
physical policy 13
system policy 13
Security Target document 9
security threats, assumed 16
Software Supportcontacting 30
describing problem for IBM Software Support 31
determining business impact for IBM Software Support 31
submitting problem to IBM Software Support 32
specifications, component 6
SSL, configuring 23
Ttechnical documentation library 7
text, alternative for document images viii
Tivoli software information center viii
typeface conventions ix
WWAS_HOME
definition x
WebSphere Application Server base installation
directory x
38 IBM Tivoli Identity Manager: Common Criteria Guide
����
Program Number: 5724-C34
Printed in USA
SC32-1486-00