Access control
Access control involves authentication and authorization.
The following list shows the different middleware and Payment Feature Services components that have
security information that is related to the access control security category.
- Control Center
- The Control Center can be used to define and manage groups and users in Payment Feature Services.
- Database
- The FTM database contains configuration, financial, and log information. Ensure that access is limited only to users that are authorized to work with this information.
- File system
- The file system also contains configuration, financial, and log information. Ensure that access to specific files and directories is limited only to users that are authorized to work with the information.
- RESTful web services
- Access control for the web services is done by using the Control Center. Authorized users must assign the permissions that are needed to run the web service requests and commands.
- Web Services
- When a SOAP web service is used, Payment Feature Services does not do access authentication or authorization. Your client application must ensure that the user is allowed to access the function that is being called by the specific SOAP web service.
- WebSphere® Application Server
- The reference implementation uses the WebSphere Application Server internal federated repository to manage users, but other repositories can be used. You can also use single sign-on in WebSphere Application Server for authentication.