Securing access to information is important to any business, especially for business-critical systems that manage sensitive data, as is often the case for systems based on IBM® Customer Information Control System (CICS®). Security becomes even more critical for implementations structured according to service-oriented architecture (SOA) principles, due to loose coupling of services and applications, and their possible operations across trust boundaries.

In this IBM Redbooks® publication, we consider the different ways that CICS Web services can be secured. We consider transport-level security mechanisms such as SSL/TLS and CICS support for the message-based security specifications WS-Security and WS-Trust.

To assist solution and security architects, we outline the main planning considerations and make recommendations on the choice of a security solution. For the systems programmer, we provide detailed setup guidance for configuring common security scenarios. These scenarios include interoperability with WebSphere DataPower and using Tivoli Federated Identity Manager (TFIM) as a Security Token Service.

For each scenario, we provide step-by-step configuration information for CICS and the other involved systems, including WebSphere Application Server, WebSphere DataPower, and TFIM.

Chapter 1. Security for CICS Web services

Chapter 2. SOAP message security

Chapter 3. Elements of cryptography

Chapter 4. Crypto hardware and ICSF

Chapter 5. Security scenarios environment

Chapter 6. Enabling SSL

Chapter 7. Signing the SOAP message

Chapter 8. Identity assertion with WebSphere for z/OS

Chapter 9. Identity assertion with WebSphere DataPower

Chapter 10. Enabling WS-Trust with TFIM

Appendix A. XSLT example

Appendix B. Problem determination

Appendix C. Sample message handler