If you are using messaging security, there are a number of considerations that apply to service integration buses.
This topic describes the key security considerations for service integration buses. For more general information about security issues, refer to Learning about security.
You can enable bus security so that access to the bus itself and to all destinations on the bus must be authorized. For bus security to be enabled, WebSphere global security must also be enabled. Refer to Messaging security for more information.
When a bus is created, an initial set of authorization permissions is created. These permissions grant all authenticated users access to the bus and to all local destinations. Refer to Administering authorization permissions for more information about controlling access to bus resources.
When bus security is enabled, you must set the Inter-engine authentication alias property to control the authentication of messaging engines joining the bus and for secure communication between messaging engines. Similarly, the Mediations authentication alias property is used for mediations that access the bus. Refer to Adding a bus for further information.
In the routing definitions for connections to foreign buses, the user ID applied to messages entering or leaving the foreign bus can be replaced by values specified by the Inbound user ID and Outbound user ID properties. For more information, see Adding a foreign bus.
The ability to authenticate access to a foreign bus is provided by the Authentication alias property of the service integration bus link . An authentication alias is defined at both ends of the foreign bus link between two secure buses. The user ID specified on the foreign bus link must be the same as the user ID used at both ends of the foreign bus link for authorization purposes. For example, consider a scenario where two messaging engines are connected by a foreign bus link. Messaging engine A presents the user ID and password to messaging engine B so that messaging engine B can authenticate messaging engine A. The same user ID is used by messaging engine A to authorize Messaging Engine B. For details about creating a foreign bus link, see Adding a service integration bus link.