• Web Based Authentication: The product provides a default method, using a traditional challenge and response mechanism, to authenticate users.

• Support for Java EE Web Application Server Security: The supported Java EE Web Application Servers can integrate into several internal and external security stores to provide authentication services. The product can use those configurations, to liaise via Apache Tomcat, to authenticate users for online and Web Services based security.

• Operating System Security: For non-online and non-web service-based channels, the product utilizes the operating system security (including any additional products used to enhance the base operating system security).

• Non-Cookie Based Security: After authentication, the user's credentials form part of each transaction call to correctly identify the user to the internal authorization model to ensure the user is only performing permitted actions. This support is not browser cookie based.

• Secure Transport Support: Transmission of data across the network can utilize the secure encryption methods supported for the infrastructure.

• Inter-component Security: Calls within the product and across the tiers are subject to security controls to ensure only valid authenticated and authorized users using Java Authentication and Authorization Services (JAAS).

• Inbuilt Authorization Model: Once a user is authenticated, the internal authorization model is used to determine the functions and data the user has access to within the product.

• Native Web Services Security: The web services available from the product are natively available from Apache Tomcat. A wide range of security policies are available.

• Keystore Support: Keys for encryption can be externalized in JCEKS based keystore.