Security

User Authentication and Single Sign-On

This section describes the user authentication and Single Sign-On mechanisms available with the SAP NetWeaver technology platform, for example the use of SAML tokens or X.509 client certificates for Single Sign-On.

Identity Management

This section describes the mechanisms available for user and role management on the AS ABAP, the use of the user management engine (UME) for user management on the AS Java, and the integration of user accounts on SAP systems.

Network and Transport Layer Security

This section describes the mechanisms available for transport layer security, for example, the use of the Secure Sockets Layer (SSL) protocol to secure Internet connections and the use of Secure Network Communications (SNC) to secure connections that use SAP-specific protocols.

System Security

This section describes topics that apply to system security, for example: key, key pair and trust management, logging of security-related events using the Security Audit Log, and virus detection using the virus scan interface.

Recommended WS Security Scenarios

This section describes the security mechanisms for Web services available for HTTP transport level or SOAP message level using the OASIS standards WS-Secure Conversation and WS-Security XML-Signature/Encryption.

Digital Signatures and Encryption

This section describes the use of public-key technology for digital signatures and encryption with SAP systems.

Security Developer Documentation

This section includes information for developers. It provides information about how to use the security functions in applications that you develop using the SAP NetWeaver Developer Studio. It also provides secure programming guidelines for both ABAP and Java.