Start of change
WebSphere Message Brokers
File: ap04010_
Writer: Stephanie J Strugnell

Concept topic

This build: July 31, 2007 21:34:44

Identity

An identity is a piece of information which can uniquely identify an individual or object.

Within the broker identity is held as eight properties, which define two identities in the broker: source and mapped. For both the source and mapped identities, values are held for Type, Token, Password, and IssuedBy properties:

Diagram showing the eight identity properties.

The Type property defines the format of the Token, and can be in the form of username, usernameAndPassword or x.509. The Token property holds the actual token and, in the case of a usernameAndPassword token, the Password field contains the attached password. The IssuedBy field defines where the Token was created. For example, for a x.509 certificate this could be “IBM” (the Common Name of the Certifying Authority). For username and usernameAndPassword formats, this is transport specific unless the IssuedBy property is set on the node. For more information, see Configuring identity

The source identity is always set by the input node. The information to fill these fields is commonly found in the headers of a message but can also be located in the body, provided the node has been configured with an ESQL Path or XPath reference for the various properties. If multiple identities are available (for example through aggregation), the first identity is used. The token extraction is transport specific and can be performed only using transports that support the flow of identities These are currently: MQ, HTTP(S), and SOAP.

The values in the properties are writeable (for example, from ESQL), although it is not recommended to write to the IdentitySource* values. This could be used to create a custom identity mapping routine in ESQL by using the IdentitySource* values to create custom IdentityMapped* values.

Related concepts
Authentication
Identity mapping
Authorization
Identity propagation
Security profiles
Security exception processing
Related tasks
Configuring identity
Configuring authentication
Configuring identity mapping
Configuring a security profile
Configuring authorization
Configuring a message flow for identity propagation
Setting up message flow security
Related reference
mqsicreateconfigurableservice command
mqsideleteconfigurableservice command
mqsichangeproperties command
mqsireportproperties command
MQInput node
HTTPInput node
HTTPRequest node
MQOutput node
JMSOutput node
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2007Copyright IBM Corporation 1999, 2007. All Rights Reserved.
This build: July 31, 2007 21:34:44

ap04010_ This topic's URL is:
End of change