Global Security Forum

 View Only
  • 1.  benefits of using ISAM on data power

    Posted Fri February 01, 2019 09:36 AM
    Hi,

    We have a client who is using datapower and currently wants to implement mobile SSO. I have never worked on it.

    We want to implement ISAM for authentication, authorization and SSO however I have a confusion.

    Data power seems to provide all the capabilities which ISAM has. Do we really need ISAM along with data power.

    If yes then what are the benefits of using ISAM with data power

    ------------------------------
    Rahil Anwar
    ------------------------------


  • 2.  RE: benefits of using ISAM on data power

    Posted Mon February 04, 2019 05:16 AM
    Hi

    I am not a Datapower expert, but a few years back I worked on a project that implemented DataPower XI50 and XI52 acting as Web Service Proxies or Gateways. Also, we implemented DataPower XC10 caching applications.  They were introduced to support the Mobile applications that used RESTFul services and took the load off of back-end WebSphere servers.

    From my experience on that project, I do not think that Datapower XI50/XI52 appliancess have the same capabilities as ISAM. However, there were quite a variety of Datapower appliances with different features and capabilities.

    Hope this helps!

    Regards,
    Tom

    ------------------------------
    THOMAS FERGUSON
    ------------------------------



  • 3.  RE: benefits of using ISAM on data power

    Posted Mon February 04, 2019 12:17 PM
    Hi,

    ISAM does have a number of benefits here, let me name some (not all...):
    - ISAM has excellent (meaning complete and flexible) support for OAuth and OIDC. This includes user self-service functionality to have users e.g. view/revoke their tokens.
    - If you already use ISAM for authentication, which means your user registries are already integrated with ISAM, then why something else for user authentication? ISAM is _the_ solution for user authentication with capabilities that Datapower cannot easily offer: two-factor authentication, context-based authentication, flexible custom authentication, advanced session management, and so on.
    - It's likely that your mobile use cases include user interactions with an (native mobile) browser during the OAuth/OIDC flows to get the OAuth/OIDC tokens. ISAM has excellent browser session management and authentication features (see the previous point)

    See this link for a discussion on how ISAM can work together with Datapower:  https://www.ibm.com/blogs/security-identity-access/oauth-api-gateways-and-isam/
    A typical setup: ISAM as the Authorization Server that authenticates users/applications and DataPower as the Policy Enforcement Point.

    Datapower/API Connect on the other hand is strong when it comes to API lifecycle management, offering a developer portal, API rate limiting, routing API calls to services, interfacing with billing systems, etc


    Cheers, Peter.

    ------------------------------
    Peter Volckaert
    Sales Engineer
    IBM Security
    ------------------------------



  • 4.  RE: benefits of using ISAM on data power

    Posted Mon February 04, 2019 09:19 AM
    Edited by Connor Costello Mon February 04, 2019 12:42 PM
    Hi @Rahil Anwar

    You might be able to get some good answers in the IAM community as well.

    Hope that helps!

    ------------------------------
    Connor Costello
    ------------------------------



  • 5.  RE: benefits of using ISAM on data power

    Posted Mon February 04, 2019 12:51 PM
    Hi Rahil,

    The ISAM Module in DataPower was deprecated in version 7.7 and is no longer in support.
    The EOS date was 30-September-2018.

    Please see details at http://www-01.ibm.com/support/docview.wss?uid=swg21634531#dr770

    Nick

    ------------------------------
    Nick
    ISAM Level II Support
    ------------------------------



  • 6.  RE: benefits of using ISAM on data power

    IBM Champion
    Posted Tue February 05, 2019 01:05 PM

    You can extended DataPower's capabilities by using the ISAM module which actually gives you integration with ISAM.

    Multi-Factor Authentication for example, isn't something DataPower can do natively but by integrating it with ISAM you can achieve that easily.



    ------------------------------
    Alexey Saltovski
    IBM Champion, Security.
    ------------------------------