WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Access control for UDDI Registry interfaces

Access to UDDI Registry interfaces is controlled by a combination of J2EE declarative security using role mappings, and UDDI properties and policies such as the registering of users as UDDI publishers.

Each of the UDDI Registry interfaces is represented by a security role. The interfaces and their corresponding roles are as follows:
UDDI Registry interface Security role
Version 3 SOAP inquiry V3SOAP_Inquiry_User_Role
Version 3 SOAP publish V3SOAP_Publish_User_Role
Version 3 SOAP custody transfer V3SOAP_CustodyTransfer_User_Role
Version 3 SOAP security V3SOAP_Security_User_Role
Version 3 GUI inquiry GUI_Inquiry_User
Version 3 GUI publish GUI_Publish_User
Versions 1 and 2 SOAP inquiry SOAP_Inquiry_User
Versions 1 and 2 SOAP publish SOAP_Publish_User
EJB inquiry EJB_Inquiry_Role
EJB publish EJB_Publish_Role

By default, the inquiry roles are mapped to the Everyone class of WebSphere Application Server users. The non inquiry roles are mapped to the AllAuthenticatedUsers class. For more information about WebSphere Application Server role mapping and the Everyone and AllAuthenticatedUsers classes, see Role-based authorization. With these default settings, after you enable WebSphere Application Server security you do not need access control to use the UDDI Registry inquiry interfaces, however to use the publish roles and the Version 3 custody transfer role you must be authenticated using a WebSphere Application Server userid and password. (The Version 3 security role is a special case, as this concerns use of UDDI Registry security instead of WebSphere Application Server security, and must be specially configured as described in Configuring the UDDI Registry to use UDDI security.)

For more information about UDDI Registry security roles and how they can be used to control authorization and data confidentiality, see Configuring the UDDI Registry to use WebSphere Application Server security.

The UDDI Registry publish interfaces are further protected in that, having successfully authenticated, the user must also be registered as a UDDI publisher in order to publish data to the UDDI Registry. An E_unknownUser error is returned in the disposition report if the user is not registered. You can register users as UDDI publishers in one of two ways:

In accordance with the UDDI specification, there is additional access control in that an entity which has been published to the UDDI Registry can only be updated or deleted by the user who originally published that entity.

The UDDI Registry also provides some management interfaces which are protected by requiring administrative permissions for certain operations; see UDDI Registry Management Interfaces for details.




Related concepts
Role-based authorization

Related tasks
Configuring the UDDI Registry to use UDDI security
Configuring the UDDI Registry to use WebSphere Application Server security

Related reference
UDDI Publisher collection
UDDI Registry Administrative (JMX) Interface
UDDI node settings
UDDI Registry Management Interfaces

Concept topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/cwsu_access_control.html

© Copyright IBM Corporation 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)