Providing your own application level security
You can provide your own application level security services. To help you implement application level security, IBM® MQ provides two exits, the API exit and the API-crossing exit.
The API exit and the API-crossing exit can provide identification and authentication, access control, confidentiality, data integrity, and non-repudiation services, and other functions not related to security.
If the API exit or API-crossing exit is not supported in your system environment, you might want to consider other ways of providing your own application level security. One way is to develop a higher level API that encapsulates the MQI. Programmers then use this API, instead of the MQI, to write IBM MQ applications.
- To hide the more advanced features of the MQI from programmers.
- To enforce standards in the use of the MQI.
- To add function to the MQI. This additional function can be security services.
Some vendor products use this technique to provide application level security for IBM MQ.
- If a security token, such as a digital signature, has been added to the application data in a message, any code performing data conversion must be aware of the presence of this token.
- A security token might have been derived from a binary image of the application data. Therefore, any checking of the token must be done before converting the data.
- If the application data in a message has been encrypted, it must be decrypted before data conversion.