SAP_SolDetail_LTR.

qxd 3/14/02 12:11 PM Page 1

SAP Portals Solution in Detail

SECURITY
IN THE
SAP PORTALS
ENTERPRISE
PORTAL
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 2

© Copyright 2002 SAP Portals, Inc.

All rights reserved.

No part of this publication may be reproduced or transmitted

in any form or for any purpose without the express permission
of SAP Portals. The information contained herein may be
changed without prior notice.

SAP, SAP Portals, mySAP, mySAP.com, the SAP logo and other
SAP products and services mentioned are trademarks or
registered trademarks of SAP AG in Germany and several
other countries.

Other product or service names mentioned are the trademarks

of their respective owners.

2
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 3

CONTENTS
Executive Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Open for Business . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
How It Works – An Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Capabilities.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
– User ID and Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
– Digital Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
– External Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Single Sign-On (SSO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
– SSO and SAP Logon Tickets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
– SSO and Account Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Secure Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Secure Network Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Security At A Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Rock-Solid Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 4
EXECUTIVE SUMMARY
To maintain advantage in today’s global business environment,
leading companies understand the competitive need for an
enterprise portal that unifies company resources into one
cohesive system, providing unprecedented access to information,
applications and services. But when it comes to sharing vital
business information with partners, suppliers and customers –
security remains of the utmost importance.
That’s why the SAP Portals Enterprise Portal employs state-of-the
art security technology that strictly controls access to all of your
enterprise resources. What you get is industry-leading security
measures that protect your systems from nefarious attacks, while
simplifying the user experience and providing safe ground for
you to fully leverage your enterprise resources for maximum
competitive advantage.
OPEN FOR BUSINESS
SECURE FOR COMPETITIVE ADVANTAGE
Your IT systems store a multitude of data and functionality critical
to the success of your business. To remain competitive and capital-
ize on the efficiencies of e-business, your company must expose
these resources to partners, suppliers and customers, while at
that same time maintaining rigorous confidentiality for restricted
business information. That’s why the SAP Portals Enterprise Portal
provides a centralized, simplified security system that strictly
governs user access to applications and data resources – giving
your enterprise the ability to operate both openly and securely.
Security features of the SAP Portals Enterprise Portal include:
• Authentication – Confirms or denies user identity through
user ID and password, X.509 digital certificates or external
authentication services.
• Single Sign-On (SSO) – Authenticates users to multiple data
resources and applications without requiring users to reenter
user credentials.
4
• Authorization – Provides role-defined content and function-
ality to the user, enforcing access control policies for unstruc-
tured information set by a central portal administrator.
• Secure communication – Delivers strong encryption and
integrity protection for all communications among users,
portal components and enterprise applications using security
standards such as the Secure Sockets Layer (SSL) protocol or
the Generic Security Services (GSS-API) interface.
• Integrated user management – Employs directory services
that integrate user information to ensure a universal, seamless
security solution.
HOW IT WORKS – AN OVERVIEW
To access enterprise resources, users must first establish their
identities with the enterprise portal through the Portal Server,
which serves as the main point of contact for accessing the
portal. This is done using a simple login procedure: user ID
and password, digital certificates or any other third party authen-
tication service (Windows authentication, SAP Web Application
Server or R/3 system authentication, Netegrity SiteMinder, and
others). Login information, along with all client-server commu-
nication, can be encrypted using the SSL protocol – allowing
employees, customers, partners and suppliers to access the portal
via the industry-standard encryption protocol.
After establishing user identity, a Single Sign-On (SSO)
mechanism logs the user on to various data resources and appli-
cations based on a ticketing system and account aggregation –
predetermined either by the portal administrator or through
user self-registration. SSO obviates the need to continuously
log onto different applications, vastly improving the end-user’s
portal navigation experience.
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 5
For busy portals serving multiple users, a robust user manage-
ment system helps identify users for the support of authentica-
tion mechanisms, SSO, role assignment and personalization. To
this end, the SAP Portals Enterprise Portal uses directory services
based on the Lightweight Directory Access Protocol (LDAP) to
integrate numerous user data repositories and simplify user
management tasks and responsibilities.
Once authenticated and mapped to the appropriate resources via
SSO, the user is set to access data, applications and services within
the portal. For enterprise applications, user access rights and
authorizations are controlled by the applications themselves. For
SAP Portals Enterprise Portal – Security Features
Secure Communication
Authentication
Portal
Server
User
Directory
User Management
unstructured information, however, the knowledge management
capabilities of the SAP Portals Enterprise Portal control access
rights according to predefined permissions set at the portal level.
Finally, for the secure exchange of sensitive business data, every
portal needs to employ security mechanisms that protect against
interception. To meet this requirement, the SAP Portals Enterprise
Portal employs both the SSL protocol and the GSS-API interface
for encryption, authenticity and integrity protection. Thus, a
secure channel is built for all communications among the user’s
web browser, the enterprise portal and enterprise applications.
Authorization
SAP
System
Single
Sign-On
Third
Party
System
5
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 6

CAPABILITIES
AUTHENTICATION
Because a portal provides access to a wide range of sensitive
business information, the process of authenticating user identity
marks the first and most important step in securing your com-
petitive resources. Failure at this junction could put enterprise
assets in the wrong hands.
Digital Certificates
For environments requiring more stringent security, the SAP
Portals Enterprise Portal enables certificate-based authentication
through the SSL protocol using standard X.509 digital certificates.
This approach eliminates the need for passwords, while providing
a higher degree of security.

SAP Portals understands the central importance of authentica-
tion and provides portal administrators with significant flexibility
for implementing a mechanism that corresponds to the needs of
the enterprise. These include:
• User ID and password
• X.509 digital certificates
• External authentication services:
– Windows 2000 authentication
– SAP Web Application Server or R/3 system authentication
– Netegrity SiteMinder authentication
– A COM interface for connecting to external authentication
services
User ID and Password
Supporting the most widely implemented means of authentica-
tion, the enterprise portal calls on the Portal Server to verify the
user ID and password entered against that stored in a corporate
directory. Based on the Basic Authentication feature of the HTTP
protocol, this mechanism encrypts passwords using SSL. If a user
ID/password match fails against the corporate directory, access
is denied.
Authentication Process: User ID/Password
The process unfolds as follows:
• The client presents a certificate along with a digital signature
of some random data to the web server.
• The web server then determines whether or not a trusted
server has issued the certificate.
• If so, the web server verifies the digital signature by extracting
the public key from the user’s certificate.
Successful verification of the digital signature assures that the
client indeed possesses the correct private key belonging to the
public key contained in the certificate. Thus, the client achieves
authentication. User information can then be extracted from the
certificate and compared against user data stored in the corporate
LDAP directory. If a match is made, portal access is granted.
Authentication Process: Digital Certificates
Certificate and Extract User
Digital Signature Information
Corporate
SSL SSL LDAP
Directory

Portal
User ID/Password Verification Server

Corporate While increasingly popular in a security-minded business world,

SSL SSL LDAP
Directory certificate-based authentication does require the implementation
Portal of a public key infrastructure (PKI) within the portal context. A
Server

6
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 7
PKI creates and manages trust relationships using a Certification
Authority (CA), run by a trust center, which builds links between
people and digital identities using digital certificates.
Before requesting a certificate from a CA, a user must register
with a trustworthy registration authority (RA). Ideally, this
registration process integrates directly into the portal’s user
management solution and provides the ability to pass user data
directly to a trust center. The SAP Portals Enterprise Portal
delivers just this kind of integrated RA functionality – allowing
users to request certificates by passing user data straight to the
SAP Trust Center Service.
Provided free of charge for SAP users, the SAP Trust Center
Service creates a trust community for collaborative business –
issuing X.509 digital certificates and offering simple, secure regis-
tration and revocation functionality. Alternatively, companies
can set up their own internal PKI by installing a CA software
solution from an independent vendor, or using an external trust
center service from one of the numerous service providers
available on the market.
External Authentication
The SAP Portals Enterprise Portal supports the use of external
authentication services for access to the portal itself, making
the reuse of existing mechanisms highly secure and easy to
incorporate. These include:
• Windows 2000 Authentication – For authenticating users
accessing the portal from outside enterprise boundaries, SAP
Portals seamlessly integrates the use of the Windows 2000
Domain Controller. The portal user enters user name and
password information into a browser popup dialog box, and the
Domain Controller manages the authentication process using
the HTTP Basic Authentication feature. In the context of pure
Intranet portals – where access to the portal is granted from
within the enterprise – a previously successful logon to the
Windows operating system can be reused for portal authentica-
tion via the Windows LAN Manager (NT challenge response).
• SAP Web Applications Server or R/3 System
Authentication – By synchronizing with the corporate LDAP
directory, the SAP Portals Enterprise Portal can authenticate
users based on data stored in the SAP Web Application Server
or another SAP R/3 system. Portal users simply enter their
SAP user ID and password information to gain access. In such
a scenario, passwords remain in the previously existing SAP
system and are not written to the corporate LDAP directory.
• Netegrity Authentication – Netegrity SiteMinder is a
solution for securely managing user access to e-business web
sites. SAP Portals seamlessly integrates portal authentication
into existing mechanisms supported by the SiteMinder
product. When used in the portal environment, SiteMinder
authenticates the user and returns a user ID to the Portal
Server as part of the HTTP header. The Portal Server compares
this returned user ID against the user profile stored in the cor-
porate LDAP directory and grants authentication upon finding
a match.
• Third-party External Authentication Services – By way of
an integrated COM interface, the enterprise portal can delegate
authentication to external services. The Portal Server simply
passes user information onto the external service. Once authen-
ticated by the external service, user information is compared
against that stored in the corporate LDAP directory. If a match
is made, access is granted.
7
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 8

SINGLE SIGN-ON (SSO)
Single Sign-On (SSO) provides secure access to multiple systems
without requiring users to reenter ID and password information
for each application. In a portal environment, an SSO mechanism
maps portal authentication information to each application for
which a user holds predefined access permissions. This reduces
user frustration, providing enhanced interaction with enterprise
resources via the portal.
The SAP Portals Enterprise Portal employs two SSO mechanisms,
depending on security requirements and the supported enter-
prise applications: SAP logon tickets and account aggregation.
SSO and SAP Logon Tickets
SAP systems can authenticate users through SAP logon tickets.
Under this mechanism, the user first logs onto the portal using
a portal ID and password, for example. After authentication, the
ID is mapped to the corresponding user ID in the SAP systems.
Stored as a non-persistent cookie on the client side, the ticket
then authenticates the portal user for all subsequent access to
the portal itself as well as to SAP systems – without requiring
further logons.
SAP logon tickets contain the following information:
• Portal user ID – and optionally mapped user ID in SAP systems.
• Validity period – adding an extra element of security
through session expiration parameters defined by the portal
administrator.
• Issuing system – identifying the source.
• Digital signature – ensuring integrity protection and providing
the means for applications to verify the trust status of the
issuing Portal Server.
Notice that SAP logon tickets hold no password information.
Furthermore, all tickets are stored per session in the browser’s
memory rather than on the client’s hard disk, which would run
the risk of unnecessarily exposing authentication information.
Finally, all logon tickets get encrypted via the SSL protocol while
in transport to protect them from unauthorized use by
eavesdroppers.
To assure the utmost security, each enterprise application verifies
the validity of the contents of a ticket when called. This process
requires the digital certificate of the issuing Portal Server. The

Single Sign-On (SSO) Mechanism

Authentication User ID/ Digital Windows SAP Netegrity External

Methods Password Certificate 2000 Web AS SiteMinder Service

Enterprise Ticketing System Account Aggregation

Portal (SAP Logon Tickets) (User ID/Password)

Application Single Sign-On

Access (SSO)

8
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 9
application checks to see if the logon ticket has been issued by a
trusted Portal Server, verifies the digital signature, and extracts
the appropriate user ID.
Portal administrators can implement a similar logon ticket
mechanism for non-SAP systems using two tools integrated into
the SAP Portals Enterprise Portal. First, a web server filter can
perform the necessary verification steps and write the portal ID
into the HTTP header. Second, an application programming
interface (API) and a corresponding verification library allow for
validation of the logon ticket and extraction of the application’s
user ID.
SSO and Account Aggregation
Account aggregation associates a portal user (or group of users)
with a user name and password in an enterprise application,
providing a useful alternative for enterprise applications unable
to take advantage of SAP logon tickets. Once in the portal and
mapped to the appropriate applications, the portal user no longer
needs to manually log in to any external systems. Instead, the
portal components connect directly to the external systems with
the mapped user’s credentials.
User mapping information is entered by the portal administrator,
or directly by the portal user through a provided graphical inter-
face. The portal itself then stores this data in the portal LDAP
directory. For security reasons all password information is
encrypted (Triple DES algorithm).
AUTHORIZATION
Upon achieving authentication, the user needs authorization to
access certain applications or perform specific tasks. To this end,
the SAP Portals Enterprise Portal provides a role-based interface
that simplifies application and information access. An administra-
tor assigns roles to the user, who receives a personalized display
depicting a navigation hierarchy of pages, worksets, iViews,
services, and user interfaces for particular applications – all
corresponding to the permissions defined by the assigned role.
For structured data, authorization is enforced by the correspon-
ding enterprise application, not by the portal. For standard SAP
roles from R/3 systems, SAP Portals provides a migration tool
that imports the roles into the Portal Content Directory (PCD),
including menus of authorized transactions. A synchronization
feature also enables administrators to change or create roles
within the portal environment and export them back to the
SAP R/3 systems where permission definitions ultimately reside.
Through the use of Access Control Lists (ACLs), the knowledge
management capabilities of the SAP Portals Enterprise Portal
control all authorization for unstructured data – files, docu-
ments, web pages, etc. Here, authorizations take the form of
“create”, “read”, “write” and “delete” controls, attributed
either to specific documents or entire folders. New documents
and folders inherit the authorization of the home folder in
which they are created. Additionally, “full control” authoriza-
tion allows administrators to set and change permissions for
specific documents or folders.
SECURE COMMUNICATION
To protect business confidentiality in an enterprise portal envi-
ronment, all exchanges of mission critical business data require
secure channels of communication protected by standards such
as the SSL protocol or the Generic Security Services (GSS-API)
interface.
Both SSL and the GSS-API interface provide the following
security features:
• Confidentiality of communication – Encryption of all
messages between client and server prevents eavesdroppers
from accessing private enterprise content.
• Authenticity – Digital certificates authenticate all messages
between client and server, confirming the identities of
communication partners.
• Integrity – Message Authentication Codes (MACs) provide
integrity protection that allows receiving parties to imme-
diately recognize any manipulation of exchanged messages.
9
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 10

Secure communication between the user and the enterprise User Management – Data Repositories
portal requires SSL and encrypted logon information using Portal
Server
algorithms with strong key lengths. For communication
between the portal and content-providing components, the
security mechanism used is context-specific: HTTP communi-
cations use the SSL protocol whereas communications specific
to SAP-systems (such as RFC) use the GSS-API interface.

Both the corporate and portal LDAP directories, furthermore,

hold highly sensitive user information requiring strong security Corporate Portal Portal
LDAP LDAP Content
measures. Therefore, all messages between the Portal Server and Directory Directory Directory

these directory servers employ SSL.

Basic user data User/group role User Roles (metadata)
assignment
USER MANAGEMENT Basic group data Content role
User group User mapping assignment
Consistent user management requires the integration of the assignment User's personalization
numerous data repositories scattered through the IT enterprise. data

To this end, the SAP Portals Enterprise Portal integrates LDAP

directory services that centrally store user information, simplify-
ing user management in an environment of proliferating
applications.
With simple replication, synchronization and direct access mech-
anisms, LDAP directories provide convenient user management
for distributed systems and easier means for implementing
tighter security. The following shows the data repositories and
their contents as it relates to user management for the SAP
Portals Enterprise Portal.
Prior to the implementation of a portal, many system landscapes
already employ a Corporate LDAP Directory. To avoid redun-
dancy, the SAP Portals Enterprise Portal accesses user information
at its original location in this corporate directory. Where each
company defines a unique attribute schema for storing user infor-
mation in directory servers, the portal maps the logical attribute
names used by the portal to the physical attribute names used by
the corporate directory.
A separate Portal LDAP Directory maintains portal-specific
information such as the assignment of roles to users and groups
and Single Sign-On user mapping information. Because the portal
itself requires write access rights, this directory operates as an addi-
tional store to the corporate LDAP directory. Alternatively, admin-
istrators can set up a separate branch in the corporate directory to
hold portal specific information, assigning write access rights to
the portal for that branch alone.
A third directory – the Portal Content Directory – contains roles
and their metadata, information for the assignment of content to
roles, and user profiles employed for personalization purposes.
This directory uses the existing file system for data storage.
For the user management tasks associated with these directories,
the SAP Portals Enterprise Portal provides easy-to-use tools for:
• Administering role information (metadata)
• Assigning roles to users and groups
• Mapping Single Sign-On user information

10
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 11

The SAP Portals Enterprise Portal also integrates with user man-
agement information defined in pre-existing SAP systems using
the Central User Administration (CUA). This component
enables administrators to store all SAP user data in a central sys-
tem that can be synchronized with the corporate LDAP directory.
SECURE NETWORK ARCHITECTURES
All of the security mechanisms outlined above – Authentication,
Single Sign-On, Authorization, Secure Communication and User
Management – work best in the context of a secure network
infrastructure focused on preventing unauthorized access to
confidential business information. Above and beyond these
mechanisms, corporate security strategists should locate highly
sensitive systems and components – such as the Portal Server
and Unification Server – in a separate area, sealed off from
outside attacks. Likewise, access to sensitive application and
database servers should be granted only through a demilitarized
zone protected by numerous firewalls and proxy gateways serv-
ing different purposes.
In such a configuration, firewalls and the proxy gateway protect
the Portal Server, the Unification Server and persistence layer
data (Repository, portal LDAP directory, Portal Content
Directory) from network attacks. System administrators need
only open a single port on the external firewall, which allows
only TCP connections from client machines to access the port
running the proxy gateway. The proxy gateway translates the
IP address of the server holding the desired information or func-
tionality and opens a separate connection. In this way, client
machines can never directly access sensitive servers and reposito-
ries – greatly reducing the risk of attackers obtaining confidential
business information.

Secure Network Architecture – SAP Portals Enterprise Portal

Front End DMZ Intranet Backend

Application
Servers

Proxy
External Gateway Internal Firewall
Client
Firewall Firewall (optional)
Network
Address Database
Translation Servers

Content Web Servers

Screening Portal Servers Corporate
Unification Servers Directory Server
Persistence Layer

11
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 12

FEATURES
SAP PORTALS SECURITY AT A GLANCE

Portal Feature Description

User ID/password authentication The most widely used authentication mechanism providing standard-level security.

X.509 digital certificates Authentication for environments demanding higher levels of security.

Windows 2000 authentication Integrated to grant portal access through previously successful Windows system logons.

Netegrity SiteMinder authentication Integrated to grant portal access through previously successful SiteMinder authentication.

SAP R/3 and SAP Web Application Portal access mechanism integrated to authenticate users directly against the SAP Web Application
Server authentication Server or another SAP R/3 system.

External authentication services interface An easy-to-use COM interface for connecting to and using external authentication services.

Single Sign-On (SSO) Manages secure access to multiple systems by using SAP logon tickets or mapping user IDs and passwords.

SAP logon tickets Authentication mechanism for SAP systems, integrated into the portal infrastructure to achieve SSO functionality.

Account aggregation Alternative SSO mechanism that aggregates user credentials, mapping them to a portal directory.

Role-base authorization Predefined permissions for accessing applications and content based on the user’s role within the enterprise.

Access Control Lists (ACLs) Tables used to define access rights to applications and information.

Strongly encrypted communication Security for all communication to, from and within the portal using message encryption, digital certificates,
and Message Authentication Codes that ensure integrity.

Encrypted user credentials Protects user credentials for account aggregation using the leading edge Triple-DES algorithm with strong
key length.

Secure Sockets Layer (SSL) Industry standard security measure – used for all HTTP and LDAP communications.

Generic Security Services (GSS-API) An SAP-specific security mechanism – fully supported within the portal environment.
interface

Integrated LDAP directories Central stores for user information that greatly improve user management.

12
SAP_SolDetail_LTR.qxd 3/14/02 12:11 PM Page 13

SAP Portals, Inc.

3410 Hillview Road
Palo Alto, CA 94304
1.800.360.3328
www.sapportals.com

SUMMARY
OPENNESS. FLEXIBILITY. ROCK-SOLID SECURITY.
At a time when the openness of your enterprise defines your
ability to compete, isn’t it good to know that SAP Portals takes
seriously your need for rock-solid IT security? Deploying industry-
leading security mechanisms, the SAP Portals Enterprise Portal
delivers all the promise of an accessible enterprise, along with
cutting-edge controls that firmly dictate access to confidential
business data. And it provides this security with a multiplicity
of options that enable portal administrators to get the job done –
using only those security measures that match the strategic goals
of your enterprise.

With its support for various authentication methods, secure

Single Sign-On, role-based authorization, secure communication,
and integrated user management functionality, the SAP Portals
Enterprise Portal provides an unparalleled security architecture
that protects your most critical enterprise assets. In the end, you
get the openness you need to succeed, the flexibility to meet your
needs – and the security you need to maintain competitive
advantage.

(03/01/02) © Copyright 2001 SAP Portals, Inc. All rights reserved. SAP Portals, SAP, mySAP, mySAP.com, the SAP logo, and other SAP
products and services mentioned herein are trademarks or registered trademarks of SAP AG in Germany and several other countries.
Other product or service names mentioned herein are the trademarks of their respective owners.