Securing access to information is important to any business, especially for business-critical systems that manage sensitive data, as is often the case for systems based on IBM® Customer Information Control System (CICS®). Security becomes even more critical for implementations structured according to service-oriented architecture (SOA) principles, due to loose coupling of services and applications, and their possible operations across trust boundaries.
In this IBM Redbooks® publication, we consider the different ways that CICS Web services can be secured. We consider transport-level security mechanisms such as SSL/TLS and CICS support for the message-based security specifications WS-Security and WS-Trust.
To assist solution and security architects, we outline the main planning considerations and make recommendations on the choice of a security solution. For the systems programmer, we provide detailed setup guidance for configuring common security scenarios. These scenarios include interoperability with WebSphere DataPower and using Tivoli Federated Identity Manager (TFIM) as a Security Token Service.
For each scenario, we provide step-by-step configuration information for CICS and the other involved systems, including WebSphere Application Server, WebSphere DataPower, and TFIM.
Table of contents
Chapter 1. Security for CICS Web services
Chapter 2. SOAP message security
Chapter 3. Elements of cryptography
Chapter 4. Crypto hardware and ICSF
Chapter 5. Security scenarios environment
Chapter 6. Enabling SSL
Chapter 7. Signing the SOAP message
Chapter 8. Identity assertion with WebSphere for z/OS
Chapter 9. Identity assertion with WebSphere DataPower
Chapter 10. Enabling WS-Trust with TFIM
Appendix A. XSLT example
Appendix B. Problem determination
Appendix C. Sample message handler