Some thoughts on WAS security

Here are some thoughts on best practices on WAS security

1. PKI certificates are architecturally cleaner to be installed at local load balancer such as F5 BIGIP (SL Termination is the ability for a load balancer to establish a secure tunnel with the client thus in most cases replacing the requirement for the web server to perform SSL).
   
2. Single Sign on as part of Web Access Management is better handled at Web Server layer by Siteminder. Though WebSphere provides this SSO capability, this is a more streamlined design in architecture and also it allows the best in class specialized solution such as Siteminder to play a critical function.
   

Both of the above have the benefit letting WebSphere Application Server does what it does best - providing an execution environment for JEE applications.