| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Authentication, Authorisation, Integrity and Non-repudiation |
« View previous topic :: View next topic » |
| Author |
Message
|
| friedl.otto |
 Posted: Thu Feb 07, 2008 6:32 am Post subject: Authentication, Authorisation, Integrity and Non-repudiation |
 |
|
Centurion
Joined: 06 Jul 2007
Posts: 116
|
I have made some superficial enquiries on this topic in the past.
From these arose the following fairly obvious factoids:
1. SSL ensures 'Data Integrity' between two queue managers.
2. MCAUSER can be sidestepped by means of JVM args, and is thus
effectively useless for Authentication.
*Dons the Carbon Wool suit and Lead Apron*
Since I have never worked on an IBM WebSphere MQ Extended Security
Edition queue manager, and have not found volumes of documentation
detailing the low-down ... could someone (preferably of a Java bent)
perhaps enlighten me.
1. Since we all want X/A, which requires native bindings, how does the
"Extended Security" impact the classic MQ_GET Java code?
2. Can user-level access be managed on all MQ "Objects".
3. Am I dreaming if I mention group-level access?
We may soon be getting licensing for "Extended Security", I would like to
at least put in a brave effort at doing proper end-to-end MQ security with
at least a concerted push toward proper authentication, decent
authorisation, solid data integrity and if at all possible some whiff of non-
repudiation. 
_________________
Here's an idea - don't destroy semaphores unless you're certain of what you're doing!  -- Vitor |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Thu Feb 07, 2008 8:53 am Post subject: Re: Authentication, Authorisation, Integrity and Non-repudia |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| friedl.otto wrote: |
2. Can user-level access be managed on all MQ "Objects".
3. Am I dreaming if I mention group-level access?[/i]
|
2. This is possible but why would you like to define a unique primary group per user (unix)
It might only be feasable in Windows and personally I don't see the point.
3. This should really be the preferred method of granting access. Note that you may need to run refresh security when you are changing the group membership.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
