Customers require different levels of security between
WSRR and DataPower®, particularly
in the area of SSL. The IBM® SOA
Policy Gateway Pattern supports
3 levels of SSL communication between the configuration scripts and DataPower when using theSOA Policy Gateway Basic Runtime, SOA Policy Gateway Basic Runtime
Sample,
and SOA Policy Gateway Advanced Runtime patterns.
If SSL is not required
If you do not require
SSL to be used, the public key and private keys for the curl client
are not provided and left as
Unset
.
Note: If no SSL is used,
all data sent to DataPower is
unencrypted, including user and password information. This presents
a security vulnerability. Passwords used in SOMA calls to DataPower do not support encryption,
and are therefore are transported to the DataPower appliance unencrypted. Therefore,
use server side authentication is used at a minimum to ensure security.
Mutual authentication between the DataPower applications and the scripts
in the Basic and Advanced Patterns
If you require that mutual
authentication occur between the DataPower applications
and the scripts in the Basic and Advanced Patterns:
- The public key and private keys for the curl client must be provided.