WebSphere brand IBM WebSphere Presence Server, Version 7.0

Planning authentication security using the Trust Association Interceptor

The Trust Association Interceptor security component is intended to enhance the overall authentication security for the IBM® WebSphere® software for Telecom. An implementation scenario describes how you can deploy the TAI for Presence Server.

About the scenario

The following section depicts a common system configuration in which components are deployed in a production scenarios. The scenario is presented with the following conditions:

Presence Server implementation scenario

The following diagram illustrates the scenario. Three Presence Server nodes, with the Trust Association Interceptor deployed on each one, receive SIP traffic that flows through a converged proxy.
Presence Server configuration scenario for TAI
Note:
  • The WebSphere Application Server converged proxy or any third-party load balancer may be deployed pair-wise (for HA reasons).
  • The converged proxy must be used for SIP traffic to maintain session affinity.
  • The Trust Association Interceptor detects authenticated user identity from inbound messages.
  • IBM Tivoli Composite Application Management (ITCAM) users communicate directly with the Presence Server node for purposes of collecting PMI data from that node.
  • The S-CSCF is the reverse proxy security server (RPSS) and performs authentication.
  • The S-CSCF adds a P-asserted identity header to the SIP message.



Terms of use
(C) Copyright IBM Corporation 2009. All Rights Reserved.