Message level security

Message-level security facilitates the protection of message data between an initiating and receiving MQe application. Messages are encrypted by the application, using MQe services, and passed to MQe for transport in a fully protected state. MQe delivers the messages to a target queue, from which they are removed by an application and subsequently decrypted, again using MQe services. Since the messages are fully protected when being directly handled by MQe, they can be flowed over clear channels and held on unprotected intermediate queues.

Message-level security is an application layer service. It requires the initiating MQe application to create a message-level attribute and provide it when using putMessage() to put a message to a target queue.

The receiving application must set up and pass a matching message-level attribute to the receiving queue manager so that the attribute is available when the application invokes getMessage() to get the message from the target queue.

Messages are decrypted by the queue manager owning the target queue when a get operation is performed. It is therefore recommended that the receiving application should be run on the machine where the target queue reside.

Like local security, message-level security exploits the application of an attribute on a message, an MQeFields object descendent. The initiating application's queue manager handles the application's putMessage() with the message Java™ dump method or C API, which invokes the attached attribute's Java encodeData() method or C API to protect the message data. The receiving application's queue manager handles the application's getMessage() with the message's Java 'restore' method or C API, which in turn uses the supplied attribute's decodeData() method to recover the original message data.


Terms of use | WebSphere software

(c) Copyright IBM Corporation 2004, 2005. All rights reserved.