WebSphere Application Server Network Deployment, Version 6.1
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

             Personalize the table of contents and search results

UDDI registry security additional considerations

In addition to the configuration of UDDI registry security, other UDDI registry settings can affect the security of the UDDI registry.

Some UDDI property and policy settings can affect the security of a UDDI registry. Other UDDI settings are not specific to security, but can place restrictions on the successful completion of publish requests.

Security specific considerations

UDDI registry interfaces are protected as detailed in Access control for UDDI registry interfaces.

The UDDI registry supports the use of XML Digital Signatures to sign UDDI entities. See Use of digital signatures with the UDDI registry.

Some UDDI property and policy settings can affect the security of a UDDI registry.

To review or change the following property settings, click UDDI > UDDI Nodes > uddi_node_name .
Key space requests require digital signature
This setting determines whether all tModel:keyGenerator requests for key space must be digitally signed. To understand key space, see UDDI registry Version 3 entity keys.
Use authInfo credentials if provided
This setting applies only when WebSphere® Application Server security is disabled. See Configuring UDDI Security with WebSphere Application Server security disabled.
Authentication token expiry period
The authentication token expiry period is the length of idle time (in minutes) allowed before an authentication token is no longer valid.
Default user name
The default user name is used for publish operations when WebSphere Application Server security is disabled and no authentication token data is supplied.

To review or change the following policy settings, click UDDI > UDDI Nodes > uddi_node_name > [Policy Groups] API policies.

Authorization for inquiry
Specifies whether authorization using authentication tokens is required for inquiry API requests.
Authorization for publish
Specifies whether authorization using authentication tokens is required for publish API requests.
Authorization for custody transfer
Specifies whether authorization using authentication tokens is required for custody transfer API requests.

These policy settings apply when UDDI security features are used and WebSphere Application Server security is enabled. If the UDDI service is mapped to the AllAuthenticatedUsers security role, these settings are overridden. See Configuring UDDI Security with WebSphere Application Server security enabled.

Additional considerations

The publish-related actions that a registered UDDI publisher can perform are defined by their entitlements, as described in UDDI registry user entitlements.

Some UDDI property and keying policy settings influence publish behavior. These settings are not specific to security, but you must consider them because they place restrictions on the successful completion of publish requests.

To review or change the following property settings, click UDDI > UDDI Nodes > uddi_node_name .
Automatically register UDDI publishers
Specifies that the UDDI registry requires that publisher entitlements are set before allowing any publish requests. This option automatically registers users with default entitlements.

If this option is not selected, you can register users as UDDI publishers, and specify their entitlements, by using the UDDI publisher settings.

Use tier limits
Specifies that publication tier limits are enforced.

If you select this option, one or more tiers must be configured using the UDDI Tier settings. Also, ensure that registered UDDI Publishers are assigned to a tier by using the UDDI publisher settings.

To review or change the following property setting, click UDDI > UDDI Nodes > uddi_node_name > [Policy Groups] Keying policies.

Registry key generation
If this option is selected, publishers can request key space and, if successful, publish with publisher-assigned keys.



Subtopics
UDDI registry user entitlements
Related concepts
Access control for UDDI registry interfaces
Use of digital signatures with the UDDI registry
Related tasks
Configuring the UDDI registry to use WebSphere Application Server security
twsu_uddisecurity.html
Configuring UDDI registry security
Related information
UDDI node settings
UDDI node API policy settings
UDDI Publisher settings
Tier collection
UDDI Tier settings
UDDI keying policy settings
Concept topic    

Terms of Use | Feedback

Last updated: Feb 25, 2009 9:32:38 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/cwsu_securityadd.html