Private registry usage scenario

The primary purpose of MQe's private registry is to provide a private repository for MQe authenticatable entity credentials. An authenticatable entity's credentials consist of the entity's mini-certificate (encapsulating the entity's public key), and the entity's keyring protected private key.

Typical usage scenarios need to be considered in relation to other MQe security features:
Queue-based security with MQeWTLSCertAuthenticator
Whenever queue-based security is used, where a queue attribute is defined with MQeWTLSCertAuthenticator, mini-certificate based mutual authentication, the authenticatable entities involved are MQe owned. Any queue manager that is to be used to access messages in such a queue, any queue manager that owns such a queue and the queue itself are all authenticatable entities and need to have their own credentials. By using the correct configuration options and setting up and using an instance of MQe mini-certificate issuance service, auto-registration can be triggered when the queue managers and queues are created, creating new credentials and saving them in the entities' own private registries.
Message-level security with MQeMTrustAttribute
Whenever message-level security is used with MQeMTrustAttribute, the initiator and recipient of the MQeMTrustAttribute protected message are application owned authenticatable entities that must have their own credentials. In this case, the application must use the services of MQePrivateRegistry (and an instance of MQe mini-certificate issuance service ) to trigger auto-registration to create the entities' credentials and to save them in the entities' own private registries.

Terms of use | WebSphere software

(c) Copyright IBM Corporation 2004, 2005. All rights reserved.