 |
Cams™ FAQ
What is Cams?
The Cams is secure, flexible and affordable web single sign-on software
that centralizes user authentication, access control, administration
and logging. Cams provides security for resources that are hosted
on all leading web and J2EE application server in including Apache,
Microsoft IIS, BEA WebLogic, IBM WebSphere, JBoss, Oracle 9iAS and
Tomcat. Resources protected by Cams can reside on the corporate
intranet, an extranet or the Internet, and can be static documents
and dynamic JSP/servlet, ASP.Net, PHP, Cold Fusion, and CGI web
applications.
What is web single sign-on?
Web single sign-on enables a user to provide authentication credentials
that, if valid, establish a relationship of trust that gives a user
access to all site resources for which they are authorized. Typically,
web single sign-on and access control are conceptually separate
technologies that form part of an access management solution for
a site. Please see our security
glossary for more definitions.
What is web access management?
At a high level, web access management is the centralized implementation
and administration of user authentication and access control to
a web site's resources. Please see our security
glossary for more definitions.
How is Cams different from
competitive products?
There are many differences between Cams and competitive products.
However, the primary differentiating value points include:
- Ease-of-evaluation and integration - Cams is the only product
in its class that you can download and try in minutes. The process
starts with the Cams Tour, which is an interactive tutorial that
includes a Cams policy server, a Tomcat J2EE web server and a
SQL database for the user directory. Cams is also designed from
the ground-up to make installation and use as easy as possible.
You can literally have Cams running at your site within minutes.
Within hours, you can be incrementally deploying Cams web agents
and securing your site resources. Developers are often customizing
Cams within hours of download. Competitive products are not available
on-line and usually require lengthy evaluations, learning and
integration cycles.
- Developer friendly - You can download Cams and begin an evaluation
at any time. Evaluation licenses are free for 30 days and require
no obligations. Cams has open
APIs and documentation
that you can review on our web site and included in the download.
- Affordable - Cams licenses start at $4,995 (US) and are based
on the number of concurrently authenticated users (concurrent
users), not on the total population of your user community. You
only pay for a maximum numer of potential current sessions, not
for the potential of what you could use. You can bump the number
of licensed concurrent sessions at any time, meaning you only
need to buy what you need when you need it. Competive solutions
oten cost at least $100,000 (US) and are usually much more.
- Flexibility - The Cams server provides developers with open
Java APIs to extend and enhance Cams. For example, Cams uses
the Java Authentication and Authorization Service (JAAS) with
its authentication service. You can use JAAS to write your own
login module to handle customized authentication requirements.
In fact, we've had a number of sites write their own login modules
to do authentication against Active Directory or LDAP and role
provisioning using a SQL database. Try to do that with another
product. You can also easily plug code into Cams such as custom
access control rules or code that gets executed when security
events trigger.
- Fine-grained access control - The Cams architecture ensures
that you'll have all the power of J2EE security available to implement
component-level access control in your J2EE applications (this
is known as programmatic security in the J2EE world). Cams also
uses secure HTTP request headers for programming environments
like ASP.Net, Cold Fussion, PHP, and Perl to provide similar capabilities.
This enables you to more easily create applications that are dynamic
based upon a user's identity and roles.
Can I use my existing user
directories with Cams?
Yes. Cams can be easily configured to access user and group information
in your existing user directories. User directory support includes
any LDAP v3 directory
and SQL database. There's no requirement for painful user data
migrations or synchronizations, which means there's no redundant
data or increased management complexity. The Cams design enables
you to authenticate users where they currently exist, even users
are stored in more than one directory.
Is Cams use of cookies for
web single sign-on secure?
Cams uses cookies to enable web single sign-on (SSO) and access
control to static and dynamic web resources. Upon successful authentication
a Cams web agent sends a cookie containing a hashed value that represents
the session token. The cookie is submitted with each subsequent
request enabling Cams to compare the access control policy, the
user and the requested resource. Using this architecture enables
Cams to provides secure web single sign-on as user's browse across
web applications, different web servers (like Apache and Microsoft
IIS), and tiers of web and J2EE application servers in the same
DNS domain.
The Cams session token is encrypted, digitally signed and hashed
by the Cams authentication service. The session token has anti-hijacking
features that are optionally enabled to check for values sent by
the user's browser with the cookie. Cookies are time-stamped to
expire at the end of the user's browser session (they are not saved
to disk). A session timeout also ensures that inactive sessions
are expired on the Cams policy server after a specified time. Finally,
sensitive values passed between Cams web agents and the Cams policy
server are optionally encrypted using proven algorithms such as
Blowfish, DES, and DESede (triple DES).
Do I need to install any
software on clients?
Generally, no. Internet users need nothing more than a standard
web browser to access sites that are secured by Cams. Cookies should
be supported and enabled, as well as SSL for secure connections.
What control does Cams expose
to web developers?
Cams implements fine-grained access control over page content, which
empowers developers to easy control display and use of objects on
a page based on user-specific values. This feature provides much
more flexibility than the page-level access control of most web
servers. Cams provides developers with a rich API that enables developers
to control most Cams features dynamically, as well as to extend
and enhance the current capabilities of Cams.
J2EE has its own security
model, isn't that enough for my Java web applications?
The J2EE security model is container specific, and provides only
for implementation of security at the J2EE web application level.
While this may be sufficient for a single or relatively few number
of web applications, the complexity of implementing J2EE security
greatly increases with the number of applications, servers and tiers.
By definition, J2EE security is only a component of a total security
plan. A good web security system will enable you to use all the
features of J2EE security and provide you with the numerous benefits
of centralized security. This is the at the heart of the Cams value
proposition.
Does
Cams provide roles for authenticated users to J2EE web and EJB servers?
Cams is a security provider of authenticated user roles to J2EE
web servers using the JSP and Servlet APIs. Because Cams does not
have an EJB server agent, it is unable to supply the roles for J2EE
EJB servers. Companies deploying Cams for web applications are advised
to remove all security-constraint settings in the J2EE web server's
web.xml deployment descriptor. The
Cams policy server becomes the policy decision point, rather than
the J2EE web server.
|
|
FAQ
|
