Securing service integration

Messaging security protects a service integration bus from unauthorized access. When administrative security is enabled for the application server, by default messaging security is also enabled for the bus. You can also manually administer messaging security for the bus.

Before you begin

Review the security requirements for the bus. For guidance, see Service integration security planning.

About this task

New feature New feature: In this release, the procedure to administer role-based authorization for service integration security is simplified by the introduction of a number of new and updated administrative console panels.newfeat
Providing administrative security is also enabled, messaging security enforces a security policy that prevents unauthorized client applications from connecting to the bus, and accessing bus resources. There might be circumstances when you do not require messaging security, for example on a development system. In this case, you can disable messaging security.
You can customize the security configuration for the bus by using the administrative console, or wsadmin scripting commands. The security configuration controls the following aspects of bus security:
  • Authorizing groups of users in the user registry to undertake selected operations on bus destinations.
  • The transport policies that maintain the integrity of messages in transit on the bus.
  • The use of global, and multiple custom security domains.
  • The integrity of links between messaging engines, foreign buses and databases.

Use the following tasks to administer messaging security:

  • Securing buses

    Securing a service integration bus provides the bus with an authorization policy to prevent unauthorized users from gaining access. If a bus is configured to use multiple security domains, the bus also has a security domain and user realm to further enforce its authorization policy.

  • Disabling bus security

    If you do not require messaging security, you can choose to disable messaging security. Any new buses added after messaging is disabled are not secured.

  • Enabling client SSL authentication

    You can configure a service integration bus to allow connecting client JMS applications to authenticate by using Secure Sockets Layer (SSL) certificates.

  • Adding unique names to the bus authorization policy

    How to update the authorization policy for the service integration bus with unique name entries.

  • Administering authorization permissions

    Service integration messaging security uses role-based authorization. When a user is assigned to a role, the user is granted all of the permissions that the role contains. By administering authorization permissions, you can control user access to a bus and its resources when messaging security is enabled.

  • Administering permitted transports for a bus

    Use these tasks to configure a transport policy for a service integration bus, and to administer the transports chains that remote applications clients can use to connect to a service integration bus.

  • Securing messages between messaging buses

    Use these tasks to administer the access control security associated with sending messages between buses.

  • Securing access to a foreign bus

    You can secure the link between a local bus and a foreign bus.

  • Securing links between messaging engines

    For a mixed-version bus, when security is enabled, you must define an inter-engine authentication alias so that the messaging engines can establish trust.

  • Controlling which foreign buses can link to your bus

    Use this task to control which foreign buses are allowed to link to your bus.

  • Securing database access

    You can protect the data store from access by unauthorized users.

  • Securing mediations

    Use the following tasks to secure mediations at an operations level. For example, a mediation inherits its identity from a the messaging engine, but you might want to specify an alternative identity for the mediation to use.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Jun 11, 2013 8:40:09 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=tjr9999_
File name: tjr9999_.html