Security provided by middleware components
The RMA employs the following middleware components, each of which
employs mechanisms to maintain the security of the RMA data:
- WebSphere® Application Server
- Users of the RMA are also WebSphere Application
Server users. These users are authenticated using the (typically LDAP-based)
user authentication capabilities of WebSphere Application Server. The Internet
browser and WebSphere Application
Server communicate using the HTTPS protocol. Each of these users must
be assigned appropriate FTM SWIFT roles.
Each RMA enterprise application uses a special application server user ID, not the user ID of an RMA user, to access other middleware components such as IBM® MQ queues or DB2® tables. This user ID must be granted the appropriate access rights.
- IBM Integration Bus
- The value of the UserIdentifier field in the MQMD of a message identifies the user associated with the message. For a message that was created by RMA, this is the user ID of the broker in which the corresponding RM transfer service runs. This user must be authorized to use all of the services that are involved in processing the message.
- IBM MQ
- The ID under which the WebSphere Application Server runs is used to connect to the IBM MQ queue manager and to open the FTM SWIFT service input queues. This ID must have the IBM MQ access rights needed to use the IBM MQ infrastructure and to set the identity context.
- DB2
- Each RMA uses two distinct DB2 data
sources:
- One data source name for messages and processing data
- One data source name for reference data