The primary purpose of MQe's private registry is to provide a private repository
for MQe authenticatable entity credentials. An authenticatable entity's credentials
consist of the entity's mini-certificate (encapsulating the entity's public
key), and the entity's keyring protected private key.
Typical usage scenarios need to be considered in relation to other MQe
security features:
- Queue-based security with MQeWTLSCertAuthenticator
- Whenever queue-based security is used, where a queue attribute is defined
with MQeWTLSCertAuthenticator, mini-certificate
based mutual authentication, the authenticatable entities involved are MQe
owned. Any queue manager that is to be used to access messages in such a queue,
any queue manager that owns such a queue and the queue itself are all authenticatable
entities and need to have their own credentials. By using the correct configuration
options and setting up and using an instance of MQe mini-certificate issuance
service, auto-registration can be triggered when the queue managers and queues
are created, creating new credentials and saving them in the entities' own
private registries.
- Message-level security with MQeMTrustAttribute
- Whenever message-level security is used with MQeMTrustAttribute,
the initiator and recipient of the MQeMTrustAttribute protected
message are application owned authenticatable entities that must have their
own credentials. In this case, the application must use the services of MQePrivateRegistry (and an instance of MQe
mini-certificate issuance service ) to trigger auto-registration to create
the entities' credentials and to save them in the entities' own private registries.