Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 4 Implementing ActiveSpaces Security : Security Policy Files

Security Policy Files
A security policy file contains the security settings for one or more security domains. Security domain requestors use a security token file that you generate from a security policy file to connect to a metaspace contained in the Metaspace Access List for a security domain that is defined in the security policy file.
The basic steps for creating and using a security policy file are:
1.
See Creating a Security Policy File for information on how to create a security policy file.
2.
3.
4.
5.
6.
7.
8.
See the ASDomainController example program for each supported programming language to see how the security API is used to connect to a metaspace using a security policy file.
9.
Applications that connect to a metaspace listed in the Metaspace Access List for a security domain in a security policy file use the security policy file to become security domain controllers for the metaspace.
Applications that connect to a metaspace listed in the Metaspace Access List for a security domain in a security policy file, but do not use the security policy file to connect to the metaspace, become security domain requestors for the metaspace.
In general, you should require the security domain requestor to connect to a metaspace using a security token file that is generated from the security policy file. See 'Security Domain Requestors and Security Token Files for more information on security domain requestors and security token files.
You can also choose the less secure method of allowing connections without a security token. This is a weaker security solution, but is easier to deploy.
Creating a Security Policy File
You generate security policy files using the Admin CLI. You then edit the settings for each security domain within the security policy file to fit your particular security needs. The following example shows the Admin CLI command to create a security policy file for a policy named mypolicy and a security domain named mydomain:
as-admin> create security_policy
policy_name "mypolicy/mydomain"
policy_file "mypolicy.txt"
If you do not specify a domain name, ActiveSpaces creates a domain named AS-DOMAIN in the security policy file.
See Chapter 2, “Administering ActiveSpaces with the Admin CLI” in the TIBCO ActiveSpaces Administration Guide for information on the define | create security_policy command.
Security Domain Settings
A security policy file contains the following security settings for one or more security domains:
Some of the security settings work in conjunction with the TIBCO ActiveSpaces security API. For a more detailed discussion of how to use each setting, see the section for the setting in this chapter.
Validating a Security Policy File
You validate security policy files using the Admin CLI. After you have finished editing the security settings for the security domains included in the security policy file, validate the file to make sure that your edits to the file seem reasonable before you try to actually use the file. The following example shows the Admin CLI command to validate a security policy file:
validate policy_name "mypolicy" policy_file "mypolicy.txt"
Security Policy File Keys and Certificates
For each security domain, the security policy file also contains:

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved