Access control for UDDI registry interfaces

Access control for UDDI registry interfaces

Access to UDDI registry interfaces is controlled by a combination of Java EE declarative security using role mappings, and UDDI properties and policies, such as registering users as UDDI publishers.
Each UDDI registry interface is represented by a security role. The interfaces and their corresponding roles are as follows:

Table 1. Security roles for UDDI registry interfaces

UDDI registry interface Security role
Version 3 SOAP inquiry V3SOAP_Inquiry_User_Role
Version 3 SOAP publish V3SOAP_Publish_User_Role
Version 3 SOAP custody transfer V3SOAP_CustodyTransfer_User_Role
Version 3 SOAP security V3SOAP_Security_User_Role
Version 3 GUI inquiry GUI_Inquiry_User
Version 3 GUI publish GUI_Publish_User
Versions 1 and 2 SOAP inquiry SOAP_Inquiry_User
Versions 1 and 2 SOAP publish SOAP_Publish_User
EJB inquiry EJB_Inquiry_Role
EJB publish EJB_Publish_Role

By default, the inquiry roles are mapped to the Everyone special subject and the non inquiry roles are mapped to the AllAuthenticatedUsers special subject. With these default settings, after you enable WebSphere Application WAS security, you do not need access control to use the UDDI registry inquiry interfaces. However, to use the publish roles and the V 3 custody transfer role, be authenticated using a WAS user ID and password. The V3 security role is a special case, because it uses UDDI registry security instead of WebSphere Application WAS security, and it must be specially configured.
Roles that are mapped to the AllAuthenticatedUsers special subject are further protected, because the user must also be registered as a UDDI publisher to publish data to the UDDI registry. If the user is not registered, an E_unknownUser error is returned in the disposition report. We can register users as UDDI publishers in one of two ways:

Create a new UDDI publisher using the admin console or the Java Management Extensions (JMX) interface.
Set the Automatically register UDDI publishers property of the UDDI node settings so that users are automatically registered as a publisher on their first publish request.

An additional access control, in accordance with the UDDI specification, is that for an entity that is published to the UDDI registry, only the user who originally published that entity can update or delete it.
The UDDI registry also provides some management interfaces that are protected because they require admin permissions for certain operations.

Related concepts

Role-based authorization

Related tasks

Set the UDDI registry to use WAS security
Set UDDI security with WAS security enabled
Set UDDI registry security

Related

UDDI registry Administrative (JMX) Interface
UDDI registry management interfaces

Related information

UDDI Publisher collection
UDDI node settings

UDDI registry interface	Security role
Version 3 SOAP inquiry	V3SOAP_Inquiry_User_Role
Version 3 SOAP publish	V3SOAP_Publish_User_Role
Version 3 SOAP custody transfer	V3SOAP_CustodyTransfer_User_Role
Version 3 SOAP security	V3SOAP_Security_User_Role
Version 3 GUI inquiry	GUI_Inquiry_User
Version 3 GUI publish	GUI_Publish_User
Versions 1 and 2 SOAP inquiry	SOAP_Inquiry_User
Versions 1 and 2 SOAP publish	SOAP_Publish_User
EJB inquiry	EJB_Inquiry_Role
EJB publish	EJB_Publish_Role