Security features

WebSphere MQ Everyplace provides an integrated set of security features that enable the protection of data when held locally and when it is being transferred. There are three different categories of security:

Local security
Local security provides protection for any WebSphere MQ Everyplace data.

Queue-based security
Queue-based security automatically protects WebSphere MQ Everyplace message data between the initiating queue manager and queue, on the queue, and between the queue and the receiving queue manager. This protection is independent of whether the target queue is owned by a local or a remote queue manager.

Message-level security
Message-level security provides protection for message data between an initiating and receiving WebSphere MQ Everyplace application.

Queue based security is handled internally by WebSphere MQ Everyplace and does not require any specific action by the initiator or recipient of the message. Local and Message-level security must be initiated by an application.

All three categories protect Message data by the application of an MQeAttribute. Depending on the category, the attribute is either explicitly or implicitly applied.

Every attribute can contain any or all of the following objects:

The way these objects are used depends on the category of WebSphere MQ Everyplace security. Each category of security is described in detail later in this chapter.

WebSphere MQ Everyplace also provides the following services to assist with security:

Private registry services
WebSphere MQ Everyplace private registry provides a repository in which public and private objects can be stored. It provides (login) PIN protected access so that access to a private registry is restricted to the authorized user. It also provides additional services so that functions can use the entity's private key, (for digital signature, and RSA decryption) without the private credentials leaving the PrivateRegistry instance.

These services are used by queue-based security and message-level security using MQeTrustAttribute.

Public registry services
WebSphere MQ Everyplace public registry provides a publicly accessible repository for mini-certificates.

These services can be used by queue-based and message-level security.

These services are described in more detail later in the chapter.



© IBM Corporation 2002. All Rights Reserved