Security Requirements (Sun Java System Reference Configuration Series: Portal Service on Application Server Cluster)

Sun Java System Reference Configuration Series: Portal Service on Application Server Cluster

Security Requirements

Portal services deliver varied content to varied users, often over the public Internet. In many cases, the content is confidential and should only be viewed by authorized users. Hence, the following security features are included in the basic feature requirements for portal services:

Authentication of all users, including remote and wireless client access and mobile access
Role-based access control

In addition, a more general set of security requirements is needed to provide secure access to confidential data. These requirements are shown in the following table.

Table 1–3 Security Requirements for Portal Services


Security Category	Requirement
Physical	Housed within a secure data center to which only authorized personnel have access
Network	Internet firewall protection Subnet design that secures vital services Secure transfer and storage of data
Privacy	All data stored in a manner that follows applicable regulations, corporate security policies, and corporate privacy policies
Transport	Authentication must be secure Compatible with Secure Socket Layer (SSL)-enabled browsers and Transport Layer Security (TLS) Strong encryption

The Portal Service on Application Server Cluster reference configuration is designed to support these security requirements.