You can configure the UDDI registry to determine whether
users are allowed access to services, and to determine security of
data at the transport level.
About this task
The UDDI registry uses two aspects of WebSphere Application Server security:
- Authorization
- Authorization determines whether users are allowed access to services. WebSphere Application Server
determines authorization by mapping users, or groups of users, to
roles. UDDI uses two WebSphere Application
Server special subjects: Everyone (all users are allowed
access) and AllAuthenticatedUsers (only valid WebSphere Application Server
registered users are allowed access).
- Data confidentiality
- Data confidentiality determines security at the transport level.
Data confidentiality for WebSphere Application
Server services can be either none, where HTTP is used as the transport
protocol, or confidential, where the use of SSL is required and HTTPS
is used as the transport protocol.
When WebSphere Application
Server security is enabled, the default settings in the UDDI Version
3 Application and Web deployment descriptors produce the following
results:
- Publish, Custody Transfer, and Security services are mapped to
the AllAuthenticatedUsers special subject, and data confidentiality
is enforced through HTTPS. Authentication uses the standard WebSphere Application Server
security facilities and the UDDI registry does not have a separate
registration function. To use publish functions, users must supply
their WebSphere Application
Server user name and password (unless you modified the supplied publish
role), and must also be registered UDDI publishers. By registering
users as UDDI publishers, you control which users in the AllAuthenticatedUsers
subject can update the UDDI registry.
- Inquiry services are mapped to the Everyone special subject, data
confidentiality is not enforced, and HTTP is used. To use inquiry
services, users do not have to supply a user name or password, and
do not have to be registered UDDI publishers.
You can use the default settings, as described previously.
To change the defaults, you map roles to different users or user groups.
If you do this, enable the Automatically register UDDI
publishers property of the UDDI node settings so that
you do not have to use two mechanisms to give access to a subset of
users. If you have a role that is not mapped to any users or user
groups, all access to that role is disabled.
For more information
about UDDI role mappings, and a list of UDDI registry services and
roles, see the topic about access control for UDDI registry interfaces.
To
change the default settings, use the following steps: