MQZIC - Identity context

The MQZIC structure is used on the MQZ_AUTHENTICATE_USER call for the IdentityContext parameter.

The MQZIC structure contains identity context information, which identifies the user of the application that first put the message on a queue:

  • The queue manager fills the UserIdentifier field with a name that identifies the user, the way that the queue manager can do this depends on the environment in which the application is running.
  • The queue manager fills the AccountingToken field with a token or number that it determined from the application that put the message.
  • Applications can use the ApplIdentityData field for any extra information that they want to include about the user (for example, an encrypted password).

Suitably authorized applications can set the identity context using the MQZ_AUTHENTICATE_USER function.

A Windows systems security identifier (SID) is stored in the AccountingToken field when a message is created under IBM MQ for Windows. The SID can be used to supplement the UserIdentifier field and to establish the credentials of a user.

Table 1. summarizes the fields in the structure.

Field Description
StrucId Structure identifier
Version Version
UserIdentifier User identifier
AccountingToken Accounting token
ApplIdentityData Application identity data


Fields

    StrucId
    Type: MQCHAR4 - input Structure identifier. The value is as follows:

      MQZIC_STRUC_ID
      Identifier for identity context structure. For the C programming language, the constant MQZIC_STRUC_ID_ARRAY is also defined; this has the same value as MQZIC_STRUC_ID, but is an array of characters instead of a string.

    Version
    Type: MQLONG - input Structure version number. The value is as follows:

      MQZIC_VERSION_1
      Version-1 identity context structure.

    The following constant specifies the version number of the current version:

      MQZIC_CURRENT_VERSION
      Current version of identity context structure.

    UserIdentifier
    Type: MQCHAR12 - input

    User identifier. This is part of the identity context of the message. UserIdentifier specifies the user identifier of the application that originated the message. The queue manager treats this information as character data, but does not define the format of it. For more information on the UserIdentifier field, see UserIdentifier (MQCHAR12).

    AccountingToken
    Type: MQBYTE32 - input

    Accounting token. This is part of the identity context of the message. AccountingToken allows an application to cause work done as a result of the message to be appropriately charged. The queue manager treats this information as a string of bits and does not check its content. For more information on the AccountingToken field, see AccountingToken (MQBYTE32).

    ApplIdentityData
    Type: MQCHAR32 - input

    Application data relating to identity. This is part of the identity context of the message. ApplIdentityData is information that is defined by the application suite that can be used to provide additional information about the origin of the message. For example, it could be set by applications running with suitable user authority to indicate whether the identity data is trusted. For more information on the ApplIdentityData field, see ApplIdentityData (MQCHAR32).


C declaration

typedef struct tagMQZED MQZED;
struct tagMQZED {
  MQCHAR4   StrucId;          /* Structure identifier */
  MQLONG    Version;          /* Structure version number */
  MQCHAR12  UserIdentifier;   /* User identifier */
  MQBYTE32  AccountingToken;  /* Accounting token */
  MQCHAR32  ApplIdentityData; /* Application data relating to identity */
};
Parent topic: Installable services interface reference information