Before you start
A trusted context establishes a trusted relationship between DB2 and an external entity, such as a Web server, application server, or another DB2 server. At connect time, the DB2 server checks to see if the connection matches the definition of a trusted context object in the database. When a match occurs, the database connection is said to be trusted. Using trusted contexts provides greater control while using restricted, sensitive privileges, and allows middle-tier servers or applications to assert the identity of the user to the database server. For additional information on trusted contexts, see the article "Use trusted context in DB2 client applications" (developerWorks, September 2006).
This tutorial takes you through a series of exercises to familiarize yourself with trusted contexts, a new feature in DB2 9.5.
This tutorial follows Part 1 of this series, which covers the concepts and features of DB2 roles. It demonstrates how to take advantage of this new DB2 feature and how roles might be used in combination with other essential e-business technologies such as Web services, Web application server, and DB2 database server.
This tutorial helps familiarize you with concepts and features of trusted contexts in DB2 9.5. In these exercises, learn:
- The basic concepts of trusted contexts
- How to create and manage a trusted context
- How to use trusted contexts in a sample program
- Basic problem determination
This tutorial is written for DB2 specialists whose skills and experience are at a beginning to intermediate level. You should have a general familiarity with using a DB2 command-line, CLI programming, and a working knowledge of the database management.
To run the examples in this tutorial, you need:
- DB2 9.5 Express-C
- Microsoft Windows 2003, XP or Linux (Validated Environment)
- Java® Runtime Environment 1.4.2 or later
Also ensure that your hardware meets the requirements for DB2 9.5. (Refer to the DB2 9.5 system requirements page.)
DB2 9.5 Express C is available from the above link. DB2 9.5 is a full installation, not a fixpack upgrade. By default, DB2 will automatically start after installation unless you request it not to automatically start.
Use the sample scripts and data provided in the accompanying zip file (see the Download section) to demonstrate the concepts in this tutorial. Extract the contents into a subdirectory called DB2TC (C:\DB2TC or home/userid/DB2TC). This directory will be referred to simply as DB2TC throughout the tutorial. This tutorial assumes that you have used the default directories for the DB2 installation. This tutorial requires the creation of a number of userids, and all the exercises will use the ids created.
Trusted contexts introduce the concept of context-sensitive privileges. Context-sensitive privileges allow an organization to have more control over when a privilege becomes available to a user. For example, an organization might want a manager to be able to access the payroll table only when the manager connects to the database from within the company offices, but not when the manager connects from home.
Traditionally, all the interactions with the database server occur through a database connection established by the middle tier, using a combination of a user ID and a credential that identifies that middle tier to the database server. In other words, the database server uses the database privileges associated with the middle tier's user ID for all authorization checking and auditing that must occur for any database access, including those accesses performed by the middle tier on behalf of a user.
Figure 1 illustrates the three-tiered application model. While the three-tiered application model has many benefits, having all interactions with the database server (for example, a user request) occur under the middle tier’s authorization ID raises several security concerns.
Figure 1. Three-tiered application model
The DB2 trusted contexts capability has been designed specifically to address these security concerns. The security is enhanced because it uses the actual user's identity and database privilege to perform database activities. The performance can be enhanced because there is no need for a new connection if you switch user; if the switched user does require authentication, there is no overhead with authenticating the new user at the database server.
In a DB2 trusted context, the trust relationship is based upon the following set of attributes:
- System authorization ID: This is the authorization ID representing the user who establishes a database connection.
- IP address (or domain name): This represents the IP address from which the database connection is established.
- Data stream encryption: This is the encryption level (if any) used to encrypt the data communication between the database server and the connecting user.
When a database connection is established, DB2 compares the attributes of that connection against the definitions of each trusted context object in the database. If the connection attributes match the definition of a trusted context object, that connection is referred to as a trusted connection. A trusted connection allows the initiator of that connection to acquire additional capabilities that are not available to them outside the scope of that trusted connection.