Security features

Queue based security is handled internally by WebSphere MQ Everyplace and does not require any specific action by the initiator or recipient of the message. Local and Message-level security must be initiated by an application.

All three categories protect Message data by the application of an MQeAttribute , or a descendent. Depending on the category, the attribute is either explicitly or implicitly applied.

Every attribute can contain any or all of the following objects:

The way these objects are used depends on the category of WebSphere MQ Everyplace security. Each category of security is described in detail later in this chapter.

WebSphere MQ Everyplace also provides the following services to assist with security:

Private registry services
WebSphere MQ Everyplace private registry provides a repository in which public and private objects can be stored. It provides (login) PIN protected access so that access to a private registry is restricted to the authorized user. It also provides additional services so that functions can use the entity's private key, (for digital signature, and RSA decryption) without the private credentials leaving the PrivateRegistry instance.

These services are used by queue-based security and message-level security using MQeTrustAttribute.

Public registry services
WebSphere MQ Everyplace public registry provides a publicly accessible repository for mini-certificates.

These services can be used by queue-based and message-level security.

Mini-certificate issuance service
WebSphere MQ Everyplace provides SupportPac ES03, "WebSphere MQ Everyplace WTLS Mini-Certificate Server", which includes a default mini-certificate issuance service that you can configure to issue mini-certificates to a carefully controlled set of entity names.

These services can be used by queue-based and message-level security.

These services are described in more detail later in the chapter.



© IBM Corporation 2002. All Rights Reserved