Applications that run in WebSphere® ESB are secured by authentication and by access control. In addition, the data that is transferred during the invocation of an application is kept secure by various mechanisms; these mechanisms ensure that the data cannot be read or altered in transit. The final element of security is the propagation of security information through various systems, so that the user need not repeatedly enter a user name and password.
A user who wants to use an application must provide a user name and password from the user registry.
A user must have permission to invoke the application. Roles are associated with invocation of the application. An authenticated user must be part of the appropriate role; otherwise, the application will not run.
Data sent over the network cannot be altered in transit.
Data sent over the network cannot be intercepted and read in transit.
The final element of security is one of propagation of identity, which is achieved through Single sign on.
When a client request needs to flow through several systems within the enterprise, the client is not forced to provide authentication data multiple times. The single sign on method is used to propagate the authentication information to downstream systems, which can, in turn, apply access control.