Considering security

There are two ways in which security can be implemented

  • The adapter treats the service requestor as a trusted link. The service requestor takes full responsibility for security.
  • The adapter does not treat the service requestor as a trusted link. In this case, security must be implemented in the runtime environment (i.e., CICS®).
Security can be implemented in the CICS Service Flow Runtime using existing facilities in the following components:
  • WebSphere® MQ-CICS bridge
  • CICS RACF®, or other external security manager. See the CICS RACF Security Guide for information on RACF.
  • CICS FEPI

CICS Service Flow Runtime does not require users to sign on before issuing requests for processing. However, you can specify that authentication levels are checked based on the userid or password or both in request messages for CICS programs that are run as part of the runtime environment.