The following CSIv2 features are available in IBM WAS: message layer authentication, identity assertion, and security attribute propagation.
- Identity Assertion
Supports a downstream server in accepting the client identity that is established on an upstream server, without having to authenticate again. The downstream server trusts the upstream server.
- Message Layer Authentication
Authenticates credential information and sends that information across the network so that a receiving server can interpret it.
- Security attribute propagation
Supports the use of the authorization token to propagate serialized Subject contents and PropagationToken contents with the request. We can propagate these objects using a pure client or a server login that adds custom objects to the Subject. Propagating security attributes prevents downstream logins from having to make user registry calls to look up these attributes.
Propagating security attributes is also useful when the security attributes contain information that is only available at the time of authentication. This information cannot be located using the user registry on downstream servers.
Security attribute propagation
Message layer authentication
Identity assertion to the downstream server