The primary purpose of WebSphere MQ Everyplace's private registry is
to provide a private repository for WebSphere MQ Everyplace authenticatable
entity credentials. An authenticatable entity's credentials
consist of the entity's mini-certificate (encapsulating the entity's
public key), and the entity's keyring protected private key.
Typical usage scenarios need to be considered in relation to other
WebSphere MQ Everyplace security features:
- Queue-based security with MQeWTLSCertAuthenticator
- Whenever queue-based security is used, where a queue attribute is defined
with MQeWTLSCertAuthenticator, mini-certificate based mutual authentication,
the authenticatable entities involved are WebSphere MQ Everyplace
owned. Any queue manager that is to be used to access messages in such
a queue, any queue manager that owns such a queue and the queue itself are all
authenticatable entities and need to have their own credentials. By
using the correct configuration options and setting up and using an instance
of WebSphere MQ Everyplace mini-certificate issuance service,
auto-registration can be triggered when the queue managers and queues are
created, creating new credentials and saving them in the entities' own
private registries.
- Message-level security with MQeMTrustAttribute
- Whenever message-level security is used with MQeMTrustAttribute, the
initiator and recipient of the MQeMTrustAttribute protected message are
application owned authenticatable entities that must have their own
credentials. In this case, the application must use the services of
MQePrivateRegistry (and an instance of WebSphere MQ Everyplace
mini-certificate issuance service ) to trigger auto-registration to create the
entities' credentials and to save them in the entities' own private
registries.
WebSphere MQ Everyplace does not provide support for any alternative secure
repository for an authenticatable entity's credentials. If
queue-based security with MQeWTLSCertAuthenticator or message-level security
using MQeMTrustAttribute are used, private registry services must be
used.
© IBM Corporation 2002. All Rights Reserved