Validated Product - IBM WebSphere Portal V5.0.2

Certificate Date: 23 August 2004

Validation Report Number: CCEVS-VR-04-0069

Product Type: Sensitive Data Protection

Conformance Claim: EAL2

PP Identifiers: None

CC Testing Lab: SAIC Common Criteria Testing Laboratory

Security Target [PDF]
Validation Report [PDF]
CC Certificate [PDF]

PRODUCT DESCRIPTION

The WebSphere Portal (WP) contains the WP Target of Evaluation (TOE). IBM WebSphere Portal (also known as WebSphere Portal Server (WPS)) version 5.0.2 is a software application TOE that enforces access control to portal resources and is provided within the following product sets: WebSphere Portal Enable; WebSphere Portal Extend; WebSphere Portal Express; and WebSphere Portal Express Plus. WP does not change across each of these product sets, only what it is packaged with differs across the product sets.

WP relies upon WebSphere Application Server (WAS) to perform identification and management of users, WebSphere Member Management (WMM) to provide the group membership and a database for the mapping of users to roles and the actions to resources. Neither WAS or WMM are within the scope of evaluation and are therefore part of the TOE environment. WP also relies upon an operating system (OS) and a database to operate. However, WP does not rely upon the either the OS or database to provide any security functionality.

The TOE was tested as installed upon the following Operating Systems (OS):

  • AIX 5.2, and
  • Windows 2000 Server

In the evaluation configuration the TOE can be installed upon the following additional OSs as the evaluation team confirmed that the TOE's security functions are not impacted by the underlying operating system and the test configuration was a representative sample of the list of OSs included in the ST:

  • AIX 5.1;
  • RedHat Linux 8.0 and Advanced Server 2.1 for Intel;
  • Solaris 8;
  • SuSE 7.3 Linux for Intel;
  • SuSE Linux Enterprise Edition (SLES) 7 & 8 for Intel;
  • SuSE Linux Enterprise Edition (SLES) 7 for zSeries;
  • Windows 2000 Advanced Server;
  • Windows 2003 Standard and Enterprise.

The security functionality enforced by the TOE is access control and the administration of the access control to protected resources.

Access control is performed by the Portal Access Control (PAC) component within WP, which is the TOE, herein called simply the WP TOE.

The WP TOE is the single access control decision point within WP. It controls access to specific portal resources. Protected resources are resources that can be accessed by a restricted set of users only. In order to be granted access to a protected resource in a specific way, the user needs a corresponding permission on this resource, e.g. a specific portal page can only be viewed by a specific user, if the user has the permission to perform the action ‘View' on that page. The following types of resources are protected within the portal:

  • Web Modules: Web modules are portlet archives that are installed on WAS. Web modules can contain multiple portlet applications. If a new Web module is installed, it is automatically a child of the Web Modules virtual resource;
  • Portlet Application Definitions: Portlet applications provide a logical grouping of individual portlets. If a new Web module is installed, the portlet applications contained within that Web module are automatically child resources of the Portlet Applications virtual resource. Portlets contained within a portlet application appear as child nodes of that portlet application. A two-layer hierarchy consisting of portlet applications and the corresponding portlets exists beneath the Portlet Applications virtual resource;
  • Portlets (Portlet Definitions): A portlet is an installed portlet having its own portlet configuration. E.g. a Mail portlet can be configured to a specific mail server;
  • Content Nodes (Pages): Pages (also known as content nodes) contain the content that determines the portal navigation hierarchy. A portal page is basically the frame that contains a specific set of individual portlets arranged in a specific layout. If a new top-level page is created, it is automatically a child resource of the Content Nodes virtual resource. If a new page is created beneath an existing page, the new page is automatically a child of the existing page;
  • User Groups: Users can be grouped into user groups (database records). User groups can be nested. Access privileges are propagated with user groups' membership. If a new user group is created, it will appear as a corresponding child resource underneath the virtual resource User Groups.
  • URL Mapping contexts: URL mapping contexts are user-defined definitions of URL spaces that map to portal content. If a new top-level URL mapping context is created, it is automatically a child resource of the URL Mapping Contexts virtual resource. If a new URL mapping context is created beneath an existing context, the new context is automatically a child in the existing context. URL mapping contexts inherit access control configuration from their parent context unless role blocks are used;

Administration (the granting and revoking of access to protected resources) can only be performed by those users with administrative access to resource.

PAC directly supports access control configuration of hierarchical resource topologies through the concept of permission inheritance. This concept reduces the administration overhead for an administrator when controlling access to a large number of portal resources. Inherited permissions are automatically assembled into roles that can be assigned to individual users and user groups, granting them access to whole sets of logically related portal resources. Permission inheritance can be prevented using role blocks. Role blocks can be either inheritance or propagation blocks, which prevent the inheritance of permissions to a child resource, or propagation of the permissions from a resource respectively.

SECURITY EVALUATION SUMMARY

which the WP TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and National and International Interpretations effective on December 5, 2003. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Evaluation Methodology for Information Technology Security Evaluation, Version 1.0. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the WebSphere Portal TOE is EAL 2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Three Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in July 2004. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for WebSphere Portal prepared by CCEVS.

The IBM WebSphere Portal Security Target makes a claim that the TOE can be supported on multiple operating system platforms. The Sponsor provided and the Evaluation team examined test results for the TOE installed upon the Windows 2000 and AIX platforms only. The evaluation team concluded that the test configuration was a representative sample of the list included in the ST. Test results of the TOE installed upon the other claimed operating systems stated in the Security Target were not evaluated in any capacity.

ENVIRONMENTAL STRENGTHS

WebSphere Portal is a commercial product that provides access control and the management of access control to portal resources. The WP TOE provides a level of protection that is appropriate for IT environments that require that access to portal resources be controlled. The WP TOE and the platform upon which it is installed must be appropriately protected from physical attacks.

Vendor Information


IBM Corporation
Guenter Knauer
+49 7031 16-2578
+49 7031 16-4888 (Fax)
gknauer@de.ibm.com

http://www.ibm.com

--->