Application level security
Application level security refers to those security
services that are invoked at the interface between an application and a queue
manager to which it is connected. These services are invoked when the application
issues MQI calls to the queue manager. The services might be invoked, directly
or indirectly, by the application, the queue manager, another product that
supports WebSphere MQ, or a combination of any of these working together. Application
level security is illustrated in Figure 1.
Application level security is also known as end-to-end
security or message level security.
Here are some examples of application level security services:
- When an application puts a message on a queue, the message descriptor
contains a user ID associated with the application. However, there is no data
present, such as an encrypted password, that can be used to authenticate the
user ID. A security service can add this data. When the message is eventually
retrieved by the receiving application, another component of the service can
authenticate the user ID using the data that has travelled with the message. This is an
example of an identification and authentication service.
- A message can be encrypted when it is put on a queue by an application
and decrypted when it is retrieved by the receiving application. This is an example of a confidentiality service.
- A message can be checked when it is retrieved by the receiving application.
This check determines whether its contents have been deliberately modified
since it was first put on a queue by the sending application. This is an example of a data integrity service.