Messaging security and multiple security domains
When you secure a service integration bus, we assign it to a security domain containing a set of security attributes. There are three types of security domain: global, cell level and custom. The type of security domain you use for a particular bus depends on the security requirements, the bus topology, and the versions of the bus members.
Global domain
This is the default security domain, and contains the administrative security settings.
We must assign the bus to use the global domain if the following conditions apply:
- The bus contains a WAS v6 bus member, or might contain a Version 6 bus member in the future.
- The bus is used for administrative purposes, and must share the administrative security settings.
We might also choose to use the global security domain if we have a simple bus topology, and have no need to use multiple security domains.
Cell level domain
Assigning the bus to the cell level domain enables the bus to use multiple security domains.
We might want to assign the bus to use the cell level domain if one of the following scenarios apply:
- Your company security policy requires that the administrative user repository is separate from the customer user repository. Using the cell level domain enables you to configure multiple sets of security attributes for administrative and user applications within a cell environment.
- For ease of configuration and maintenance, we want the bus, its user applications, and servers to share a common security configuration that is separate from the administrative security settings.
Custom domain
We must assign the bus to a custom domain if the following scenarios apply:
- You want to guarantee that the bus and its user application can access the same user realm. In this case, the bus and the user applications use the same custom domain.
- You want the bus to use a user realm that is dedicated to messaging, and have a separate user repository each for administrative and customer accounts.
- You want the bus, and each of its user applications in separate domains. The application users can interact with the users of the bus domain, which acts as a bridge between the application domains. In this case, only the bus requires information about the users in each domain .
Related concepts
Service integration security planning Multiple security domains Bootstrap members Bus configurations
Related tasks
Configure the bus to access secured mediations Configure a bus to run mediations in a multiple security domain environment Secure service integration Secure buses Add a secured bus Secure an existing bus by using multiple security domains Secure an existing bus using the global security domain Configure bus security by using an administrative console panel Add an unsecured bus
Related information:
Security domain configuration. [Settings]