When you secure a service integration bus, you assign it
to a security domain that contains a set of security attributes. There
are three types of security domain: global, cell level and custom.
The type of security domain you use for a particular bus depends on
your security requirements, the bus topology, and the versions of
the bus members.
Global domain
This is the default security
domain, and contains the administrative security settings.
You
must assign the bus to use the global domain if the following conditions
apply:
- The bus contains a WebSphere® Application Server Version 6 bus member, or
might contain a Version 6 bus
member in the future.
- The bus is used for administrative purposes, and must share the
administrative security settings.
You might also choose to use the global security domain if you
have a simple bus topology, and have no need to use multiple security
domains.
Cell level domain
Assigning the bus to the
cell level domain enables the bus to use multiple security domains.
You
might want to assign the bus to use the cell level domain if one of
the following scenarios apply:
- Your company security policy requires that the administrative
user repository is separate from the customer user repository. Using
the cell level domain enables you to configure multiple sets of security
attributes for administrative and user applications within a cell
environment.
- For ease of configuration and maintenance, you want the bus, its
user applications, and servers to share a common security configuration
that is separate from the administrative security settings.
Custom domain
You must assign the bus to
a custom domain if the following scenarios apply:
- You want to guarantee that the bus and its user application can
access the same user realm. In this case, the bus and the user applications
use the same custom domain.
- You want the bus to use a user realm that is dedicated to messaging,
and have a separate user repository each for administrative and customer
accounts.
- You want the bus, and each of its user applications in separate
domains. The application users can interact with the users of the
bus domain, which acts as a bridge between the application domains.
In this case, only the bus requires information about the users in
each domain .