Advanced Message Security interception on message channels
On z/OS®, Advanced Message Security (AMS) interception provides an additional option of security policy protection (SPLPROT) to sender, server, receiver, and requester channels, allowing you to support AMS and to communicate with business partners who do not support AMS.
Taking the example of a clearing house communicating with a bank, Figure 1 shows that, without AMS
interception, both sides of the system need to support AMS.
A key benefit of the AMS interception option is, that if your enterprise has AMS configured, and not all of your business partners support AMS, you can remove protection from outbound messages and protect inbound messages on channels to and from those business partners that do not support AMS.
Using the example of a clearing house and banks, this scenario is shown in Figure 2, where there is a message flow between the
clearing house, banks, and business partners where some institutions have AMS, and others do not.
Typically the channels are TLS enabled.
However, there might be a case where some banks and business partners do not support AMS, and there is a requirement to be able to exchange
messages between all banks and business partners. This scenario is shown in Figure 3