MQZIC (Identity context) on IBM i
The MQZIC structure is used on the MQZ_AUTHENTICATE_USER call for the IdentityContext parameter.
The MQZIC structure contains identity context information, that identifies the user of the application that first put the message on a queue:- The queue manager fills the UserIdentifier field with a name that identifies the user, the way that the queue manager can do this depends on the environment in which the application is running.
- The queue manager fills the AccountingToken field with a token or number that it determined from the application that put the message.
- Applications can use the ApplIdentityData field for any extra information that they want to include about the user (for example, an encrypted password).
Suitably authorized applications may set the identity context using the MQZ_AUTHENTICATE_USER function.
A Windows systems security identifier (SID) is stored in the AccountingToken field when a message is created under IBM MQ for Windows. The SID can be used to supplement the UserIdentifier field and to establish the credentials of a user.
Fields
- StrucId (MQCHAR4)
- Structure identifier.
The value is:
- MQZIC_STRUC_ID
- Identifier for identity context structure.
For the C programming language, the constant MQZIC_STRUC_ID_ARRAY is also defined; this has the same value as MQZIC_STRUC_ID, but is an array of characters instead of a string.
This is an input field to the service.
- Version (MQLONG)
- Structure version number.
The value is:
- MQZIC_VERSION_1
- Version-1 identity context structure.
The following constant specifies the version number of the current version:
- MQZIC_CURRENT_VERSION
- Current version of identity context structure.
This is an input field to the service.
- UserIdentifier (MQCHAR12)
- User identifier.
This is part of the identity context of the message.
UserIdentifier specifies the user identifier of the application that originated the message. The queue manager treats this information as character data, but does not define the format of it. For more information on the UserIdentifier field, see UserIdentifier (MQCHAR12).
- AccountingToken (MQBYTE32)
- Accounting token.
This is part of the identity context of the message.
AccountingToken allows an application to cause work done as a result of the message to be appropriately charged. The queue manager treats this information as a string of bits and does not check its content. For more information on the AccountingToken field, see AccountingToken (MQBYTE32).
- ApplIdentityData (MQCHAR32)
- Application data relating to identity.
This is part of the identity context of the message.
ApplIdentityData is information that is defined by the application suite that can be used to provide additional information about the origin of the message. For example, it could be set by applications running with suitable user authority to indicate whether the identity data is trusted. For more information on the ApplIdentityData field, see ApplIdentityData (MQCHAR32).
C declaration
typedef struct tagMQZED MQZED; struct tagMQZED { MQCHAR4 StrucId; /* Structure identifier */ MQLONG Version; /* Structure version number */ MQCHAR12 UserIdentifier; /* User identifier */ MQBYTE32 AccountingToken; /* Accounting token */ MQCHAR32 ApplIdentityData; /* Application data relating to identity */ };Parent topic: Installable services interface reference information on IBM i