WebSphere MQ Everyplace provides an integrated set of security features
that enable the protection of data when held locally and when it is being transferred. There are three different
categories of security:
- Local security
- Local security provides protection for any WebSphere MQ Everyplace
data.
- Queue-based security
- Queue-based security automatically protects WebSphere MQ Everyplace message data between the initiating queue manager and queue, on the
queue, and between the queue and the receiving queue manager. This protection is independent of whether the target queue
is owned by a local or a remote queue manager.
- Message-level security
- Message-level security provides protection for message data between an
initiating and receiving WebSphere MQ Everyplace application.
Queue based security is handled internally by WebSphere MQ
Everyplace and does not require any specific action by the initiator or
recipient of the message. Local and Message-level security must be
initiated by an application.
All three categories protect Message data by the application of an
MQeAttribute. Depending on the category, the attribute is either explicitly or
implicitly applied.
Every attribute can contain any or all of the following objects:
- Authenticator
- Cryptor
- Compressor
- Key
- Target Entity Name
The way these objects are used depends on the category of WebSphere MQ
Everyplace security. Each category of security is described in detail
later in this chapter.
WebSphere MQ Everyplace also provides the following services to assist with
security:
- Private registry services
- WebSphere MQ Everyplace private registry provides a repository in which
public and private objects can be stored. It provides (login) PIN
protected access so that access to a private registry is restricted to the
authorized user. It also provides additional services so that functions
can use the entity's private key, (for digital signature, and RSA
decryption) without the private credentials leaving the PrivateRegistry
instance.
These services are used by queue-based security and message-level security
using MQeTrustAttribute.
- Public registry services
- WebSphere MQ Everyplace public registry provides a publicly accessible
repository for mini-certificates.
These services can be used by queue-based and message-level
security.
These services are described in more detail later in the chapter.
© IBM Corporation 2002. All Rights Reserved