single sign on - What are the differences between Web Access Management (WAM) and Identity Management(IdM)? -

i'm researching ca single sign-on software (formerly ca siteminder®) , came across 2 new definitions me:

• web access management (wam)
• identity management (idm)

on wikipedia state these definitions:

idm: "in computing, identity management (idm) describes management of individual principals, authentication, authorization, , privileges within or across system , enterprise boundaries goal of increasing security , productivity while decreasing cost, downtime , repetitive tasks."

wam: "web access management form of identity management controls access web resources, providing authentication management, policy-based authorizations, audit , reporting services (optional) , single sign-on convenience".

despite of these 2 definitions seem clear, more read them more confused because don't catch tasks exclusively of wam , of idm. boundaries? in moment interact? on charge of sso? both definitions talk authorization , authentication , confuses me.

i'm asking because according liferay wiki "computer associate’s (ca) siteminder centralized web access management system enables user authentication , single sign-on, policy-based authorization, identity federation, , auditing of access web applications , portals."

if reach "architectural use cases: simple deployment" section (implementation guide -> architectural considerations) you'll see diagram. if ca siteminder wam: why authorization , authentication? not tasks belong idm? ca sso identity access manager? why exist product called ca identity manager?

thanks.

ps: feel free correct grammar or semantic mistake, i'm not english-speaking ;-)

identity management (idm) concerned identity. think of digital wallet, contains information you. information can used other applications , used access manager control security. idm not manage security directly.

access manager (am) can type of proxy system. example, use novell, leverages reverse-proxy configuration. access manager responsible security , controls access 1 or more resources authenticated user. in addition, can provide ssl, secure vpn, single sign-on services, saml, , federated support.

you need both component build complete access management system organization.