7.5.1 CSIV2 and SAS
When a client component uses services from the WebSphere EJB container, all the communication goes through the RMI/IIOP protocol. The client component can be either a standalone Java client, a J2EE client container application, or another EJB container; see Figure 7-18.
WebSphere provides a security service which is compliant with Common Security Interoperability version 2, the CSIV2 protocol. There is another service called Security Attribute Service (SAS) which has been used in previous versions before CSIV2. SAS (IBM) is deprecated and it is only kept to provide interoperability with WebSphere versions older than V5.0.
In short, providing Common Security Interoperability, WebSphere basically provides two important services:
Authentication capabilites on the CORBA level.
Transport channel encryption; WebSphere provides IIOP transport channel protection using the SSL protocol. For more details about CSIV2, refer to CSIV2 Security Attribute Service (CSIV2 SAS).
In Figure 7-18, we can see a simple scenario; a J2EE client application needs to invoke some methods in an EJB which runs in Server A. Furthermore, Server A needs to run some methods in EJBs which run in Server B.
Figure 7-18 CSIV2 configurational options