Skip to main content

Securing CICS Web Services

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.


Published on 01 December 2008, updated 02 December 2008

  1. .PDF (3.6 MB)

Share this page:   

ISBN-10: 0738431664
ISBN-13: 9780738431666
IBM Form #: SG24-7658-00

Authors: Nigel Williams, Carsten Andersen, Arnaud Desprets, Tommy Joergensen and James O'Grady

    menu icon


    Securing access to information is important to any business, especially for business-critical systems that manage sensitive data, as is often the case for systems based on IBM® Customer Information Control System (CICS®). Security becomes even more critical for implementations structured according to service-oriented architecture (SOA) principles, due to loose coupling of services and applications, and their possible operations across trust boundaries.

    In this IBM Redbooks® publication, we consider the different ways that CICS Web services can be secured. We consider transport-level security mechanisms such as SSL/TLS and CICS support for the message-based security specifications WS-Security and WS-Trust.

    To assist solution and security architects, we outline the main planning considerations and make recommendations on the choice of a security solution. For the systems programmer, we provide detailed setup guidance for configuring common security scenarios. These scenarios include interoperability with WebSphere DataPower and using Tivoli Federated Identity Manager (TFIM) as a Security Token Service.

    For each scenario, we provide step-by-step configuration information for CICS and the other involved systems, including WebSphere Application Server, WebSphere DataPower, and TFIM.

    Table of Contents

    Chapter 1. Security for CICS Web services

    Chapter 2. SOAP message security

    Chapter 3. Elements of cryptography

    Chapter 4. Crypto hardware and ICSF

    Chapter 5. Security scenarios environment

    Chapter 6. Enabling SSL

    Chapter 7. Signing the SOAP message

    Chapter 8. Identity assertion with WebSphere for z/OS

    Chapter 9. Identity assertion with WebSphere DataPower

    Chapter 10. Enabling WS-Trust with TFIM

    Appendix A. XSLT example

    Appendix B. Problem determination

    Appendix C. Sample message handler


    Others who read this also read