Use this task to determine the security requirements for your messaging system before you begin installation.
When planning security for your messaging system you should consider the following points:
A bus as a whole can be marked secure or not secure, depending on server global security, see Enabling and disabling messaging security.
If you are going to use service integration with Web services, refer also to Securing Web services through service integration technologies.
When a bus is created, initial authorization permissions are created with the "AllAuthenticated" group in the Connector role, which means that any user who can authenticate successfully will have permission to connect to the bus. You will probably want to remove this and replace it with the specific users and groups that you want to connect to the bus.
You can define default permissions which apply to all destinations in a bus, although you can also specify that a given destination should not use the default permissions. You should use the default permissions if you want a user, or group of users, to be able to access all the destinations in a bus, for example you might want to grant the mediations user permission to send to all destinations in a bus by adding this user to the default Sender role, see Administering default roles.
If you publish and subscribe to topics, the topics will exist in a topic space. You must add all users who you want to publish on a topic to the Sender role on the topic space, and all users who you want to subscribe to a topic to the Receiver role on the topic space, see Administering topic space root roles. By default, there is also a check on authorization permissions at the topic level (as well as on the topic space). You must either decide to turn this off, or decide which users you want to access specific topics.
When a bus is created, initial default permissions are created with the "AllAuthenticated" group in the Sender, Receiver and Browser roles. This allows all authenticated users to access all destinations and topics in the bus. You will probably want to remove these default permissions and either have no defaults, or grant default permissions to a restricted set of users, such as the mediations user. You should then add specific users and groups to specific roles on destinations and topics within the bus, see Administering destination roles and Administering topic roles.
For further information, see Configuring connections and Securing messages between messaging buses.
The Inbound ID replaces the user ID in all messages flowing over the link into your bus, and it will be used for access control decisions involving these messages within your bus. You would typically set this if the foreign bus were in a different security domain from yours, if it were insecure, or simply to make access control of these messages easier to manage by making them all use the same user ID.
The Outbound ID replaces the user ID in all messages flowing over the link out of your bus. You would typically set this if you wanted to prevent the message senders' real user IDs from being carried in the messages on the foreign bus.