Usage scenario

The primary purpose of WebSphere MQ Everyplace's private registry is to provide a private repository for WebSphere MQ Everyplace authenticatable entity credentials. An authenticatable entity's credentials consist of the entity's mini-certificate (encapsulating the entity's public key), and the entity's keyring protected private key.

Typical usage scenarios need to be considered in relation to other WebSphere MQ Everyplace security features:

Queue-based security with MQeWTLSCertAuthenticator
Whenever queue-based security is used, where a queue attribute is defined with MQeWTLSCertAuthenticator, mini-certificate based mutual authentication, the authenticatable entities involved are WebSphere MQ Everyplace owned. Any queue manager that is to be used to access messages in such a queue, any queue manager that owns such a queue and the queue itself are all authenticatable entities and need to have their own credentials. By using the correct configuration options and setting up and using an instance of WebSphere MQ Everyplace mini-certificate issuance service, auto-registration can be triggered when the queue managers and queues are created, creating new credentials and saving them in the entities' own private registries.

Message-level security with MQeMTrustAttribute
Whenever message-level security is used with MQeMTrustAttribute, the initiator and recipient of the MQeMTrustAttribute protected message are application owned authenticatable entities that must have their own credentials. In this case, the application must use the services of MQePrivateRegistry (and an instance of WebSphere MQ Everyplace mini-certificate issuance service ) to trigger auto-registration to create the entities' credentials and to save them in the entities' own private registries.

Secure feature choices

WebSphere MQ Everyplace does not provide support for any alternative secure repository for an authenticatable entity's credentials. If queue-based security with MQeWTLSCertAuthenticator or message-level security using MQeMTrustAttribute are used, private registry services must be used.



© IBM Corporation 2002. All Rights Reserved