MQe provides an integrated set of security features enabling the protection
of message data both when held locally and when being transferred.
MQe provides security under three different categories:
- Local security
- Protects message-related data at a local level
- Message-level security
- Protects messages between the initiating and receiving MQe application
- Queue-based security
- Protects messages between the initiating queue manager and the target
queue
Local and message-level security are used internally by MQe and are also
made available to MQe applications. MQe queue-based security is an internal
service.
The MQe security features of all three categories protect message data
by use of an attribute, for example MQeAttribute. Depending on the category,
the attribute is applied either externally or internally.
Each attribute can contain the following:
- Authenticator
- Provides additional controls to prevent access to the local data by unauthorized
users
- Cryptor
- Controls the strength of protection required
- Compressor
- Optimizes the size of the protected data
- Key
- Controls access by requesting a password
- Target entity name
- Requests the target queue name
These elements are used differently, depending on the MQe security
category, but in all cases the MQe security feature's protection is applied
when the attribute attached to a message is invoked. See
Security for
more information on the above elements, and
Writing authenticators describes
how to write your own authenticator.