WebSphere WebSphere Application Server Network Deployment, Version 6.0.x Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Security considerations for service integration buses

There are a number of considerations that apply to service integration buses. Messaging security ensures that users are authenticated, resources are protected by security checks and messages are secure when they are in transit.

This topic describes the key security considerations for service integration buses. For more general information about security issues, see Learning about service integration security.

You can enable bus security so that access to the bus itself and to all destinations on the bus must be authorized. For bus security to be enabled, WebSphere Application Server global security must also be enabled. Refer to Messaging security for more information.

When a bus is created, an initial set of authorization permissions is created. These permissions grant all authenticated users access to the bus and to all local destinations. Refer to Administering authorization permissions for more information about controlling access to bus resources.

When bus security is enabled, you must set the Inter-engine authentication alias property to control the authentication of messaging engines joining the bus and for secure communication between messaging engines. Similarly, the Mediations authentication alias property is used for mediations that access the bus. Refer to Adding a bus for further information.

You can use secure transport connections to ensure confidentiality and integrity of messages in transit between application clients, the bus, and between messaging engines. This is achieved by defining transport chains and then referencing the transport chain name as follows: For more information, see Secure transport considerations.

In the routing definitions for connections to foreign buses, the user ID applied to messages entering or leaving the foreign bus can be replaced by values specified by the Inbound user ID and Outbound user ID properties. For more information, see Adding a foreign bus.

The ability to authenticate access to a foreign bus is provided by the Authentication alias property of the service integration bus link . An authentication alias is defined at both ends of the foreign bus link between two secure buses. The user ID specified on the foreign bus link must be the same at both ends of the foreign bus link for authorization purposes. For example, consider a scenario where two messaging engines are connected by a foreign bus link. Messaging engine A presents the user ID and password to messaging engine B so that messaging engine B can authenticate messaging engine A. For details about creating a foreign bus link, see Adding a service integration bus link.

Related tasks
Planning a bus topology
Planning a multiple-bus topology
Planning a topology that includes WebSphere MQ
Connecting buses

Concept topic

Terms of Use | Feedback

Last updated: 15 Mar 2007
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.pmc.nd.doc\concepts\cjj0009_.html

© Copyright IBM Corporation 2004, 2007. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)