Non-repudiation

In addition to specifying a quality of protection, the protected object policy for a queue specifies the audit level for the queue. The audit level can be one of the following:

all
Access Manager for Business Integration generates an audit record for each MQOPEN, MQGET, MQPUT, MQPUT1, and MQCLOSE call on a protected queue.
none
Access Manager for Business Integration generates no audit records for MQI calls.

Although these audit levels are available on all platforms, additional ones are available for use withAccess Manager for Business Integration on AIX(R), Solaris, HP/UX, Linux(R) Intel(R) and Windows 2000/2003/XP:

permit
Records only successful access to Tivoli(R) Access Manager for Business Integration-protected resources
deny
Records only denied requests for access to Tivoli Access Manager for Business Integration-protected resources
admin
Records OPEN, CLOSE, PUT, and GET operations on protected IBM(R) WebSphere(R) MQ queues
error
Records any unsuccessful GET operations which result in messages being sent to the error handling queue.

When an application gets a message from a queue, the audit record for the MQGET call includes the following information:

Although the audit record contains some information about the message, who sent it, and where and when it was received, other evidence that might be used to provide a non-repudiation service with proof of origin is not recorded. In particular, the audit record does not contain: