Configuring the UDDI registry to use WebSphere Application Server security

You can configure the UDDI registry to determine whether users are allowed access to services, and to determine security of data at the transport level.

Before you begin

About this task

The UDDI registry uses two aspects of WebSphere Application Server security:
Authorization
Authorization determines whether users are allowed access to services. WebSphere® Application Server determines authorization by mapping users, or groups of users, to roles. UDDI uses two WebSphere Application Server special subjects: Everyone (all users are allowed access) and AllAuthenticatedUsers (only valid WebSphere Application Server registered users are allowed access).
Data confidentiality
Data confidentiality determines security at the transport level. Data confidentiality for WebSphere Application Server services can be either none, where HTTP is used as the transport protocol, or confidential, where the use of SSL is required and HTTPS is used as the transport protocol.
When WebSphere Application Server security is enabled, the default settings in the UDDI Version 3 Application and Web deployment descriptors produce the following results:
  • Publish, Custody Transfer, and Security services are mapped to the AllAuthenticatedUsers special subject, and data confidentiality is enforced through HTTPS. Authentication uses the standard WebSphere Application Server security facilities and the UDDI registry does not have a separate registration function. To use publish functions, users must supply their WebSphere Application Server user name and password (unless you modified the supplied publish role), and must also be registered UDDI publishers. By registering users as UDDI publishers, you control which users in the AllAuthenticatedUsers subject can update the UDDI registry.
  • Inquiry services are mapped to the Everyone special subject, data confidentiality is not enforced, and HTTP is used. To use inquiry services, users do not have to supply a user name or password, and do not have to be registered UDDI publishers.

You can use the default settings, as described previously. To change the defaults, you map roles to different users or user groups. If you do this, turn on the Automatically register UDDI publishers property of the UDDI node settings so that you do not have to use two mechanisms to give access to a subset of users. If you have a role that is not mapped to any users or user groups, all access to that role is disabled.

For more information about UDDI role mappings, and a list of UDDI registry services and roles, see Access control for UDDI registry interfaces.

To change the default settings, use the following steps:

Procedure




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 30, 2013 8:21:57 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-express-iseries&topic=twsu_wassecurity
File name: twsu_wassecurity.html