MQe provides several levels of security:
- Local security
- Local security provides protection for any MQe data.
- Queue-based security
- Queue-based security is handled internally by MQe and does not require
any specific action by the initiator or recipient of the message.
- Message-level security
- Message-level security provides protection for message data between an
initiating and receiving MQe application.
- Queue-manager based security
- Security features can be added at the queue-manager level by configuring
the queue manager and its private registry.
- Channel level security
- When data is sent between a queue manager and a remote queue, the queue
manager opens a channel to the remote queue manager that owns the queue.
By default, if the remote queue is protected, for example with a cryptor,
the channel is given exactly the same level of protection as the queue.
Note: Throughout the world there are varying government regulations concerning
levels and types of cryptography. You must always use a level and type of
cryptography that complies with the appropriate local legislation. This is
particularly relevant when using a mobile device that is moved from country
to country. MQe provides facilities for this, but it is the responsibility
of the application programmer to implement it.
Queue based security is handled internally by MQe and does not require
any specific action by the initiator or recipient of the message. Local and
Message-level security must be initiated by an application.
All three categories protect Message data by the application of an MQeAttribute , or a descendent. Depending on the category, the
attribute is either explicitly or implicitly applied.
Every attribute can contain any or all of the following objects:
- Authenticator
- Cryptor
- Compressor
- Key
- Target Entity Name
The way these objects are used depends on the category of MQe security.
Each category of security is described in detail in other topics.