Securing CICS Web Services

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.

thumbnail 

Published on December 01, 2008, updated December 02, 2008

  1. .PDF (3.6 MB)


Share this page:   

ISBN-10: 0738431664
ISBN-13: 9780738431666
IBM Form #: SG24-7658-00


Authors: Nigel Williams, Carsten Andersen, Arnaud Desprets, Tommy Joergensen and James O'Grady

    menu icon

    Abstract

    Securing access to information is important to any business, especially for business-critical systems that manage sensitive data, as is often the case for systems based on IBM® Customer Information Control System (CICS®). Security becomes even more critical for implementations structured according to service-oriented architecture (SOA) principles, due to loose coupling of services and applications, and their possible operations across trust boundaries.

    In this IBM Redbooks® publication, we consider the different ways that CICS Web services can be secured. We consider transport-level security mechanisms such as SSL/TLS and CICS support for the message-based security specifications WS-Security and WS-Trust.

    To assist solution and security architects, we outline the main planning considerations and make recommendations on the choice of a security solution. For the systems programmer, we provide detailed setup guidance for configuring common security scenarios. These scenarios include interoperability with WebSphere DataPower and using Tivoli Federated Identity Manager (TFIM) as a Security Token Service.

    For each scenario, we provide step-by-step configuration information for CICS and the other involved systems, including WebSphere Application Server, WebSphere DataPower, and TFIM.

    Table of Contents

    Chapter 1. Security for CICS Web services

    Chapter 2. SOAP message security

    Chapter 3. Elements of cryptography

    Chapter 4. Crypto hardware and ICSF

    Chapter 5. Security scenarios environment

    Chapter 6. Enabling SSL

    Chapter 7. Signing the SOAP message

    Chapter 8. Identity assertion with WebSphere for z/OS

    Chapter 9. Identity assertion with WebSphere DataPower

    Chapter 10. Enabling WS-Trust with TFIM

    Appendix A. XSLT example

    Appendix B. Problem determination

    Appendix C. Sample message handler

     

    Others who read this also read