Kafka
IBM® Safer Payments can be connected to a Kafka cluster to retrieve messages from Kafka topics.
The settings for connections to a Kafka cluster are made in IBM Safer Payments instance can connect to multiple topics on multiple remote Kafka clusters, which are identified by a target IP and port, and a topic name. Security settings are defined in the definition of the Kafka topic on the Inbound Interface page and in the definition of the Kafka Endpoint on the Cluster Settings page. Whenever a Kafka connection is used to transport sensitive data over a public network, use of the Use SSL encryption option is mandatory for PCI DSS compliance. Also, on the Kafka server side, all connection channels to a broker must be configured to use TLS 1.2 using cipher specifications listed here.
and . EachFor more information about Kafka, see the Apache Kafka website.
The Kafka documentation describes the process of creating a certificate and key that can be used for a Kafka broker. The librdkafka documentation describes the process of creating a client certificate that is required for the Use SSL encryption option in IBM Safer Payments. Apache Kafka is a product that is developed independently from IBM Safer Payments. As such, it cannot be guaranteed that the provided configuration options are always sufficient. Therefore, it is necessary to constantly monitor the Kafka documentation for changes to the software and the security of the used cipher suites for potential security leaks.