Administering ActiveSpaces Security

ActiveSpaces provides the as-admin utility to configure and administer the security aspect of ActiveSpaces. You can also use the ActiveSpaces API to manage access to secured metaspaces.

Basic Entities Involved in Security

Configuring and maintaining security involves the following elements:

  • as-admin utility
     Sets discovery parameters, generates and maintains security configuration files.
  • policy files
     Specifies security settings across metaspaces, binds metaspaces to security domains.
  • token files
     Define connection parameters to secured metaspaces.
  • ActiveSpaces API
      Sets up and manages access to secured metaspaces.

Main Tasks for Setting Up Security

Table 36, Tasks for Setting Up Security lists the main tasks for setting up ActiveSpaces security.

Tasks for Setting Up Security
Task See
Create a Policy File Creating a Security Policy File
Edit the Policy file Edit a Security Policy File
Set up Data Encryption TIBCO ActiveSpaces allows you to specify encryption of tuple data for fields that have been defined as secure data fields.

Data encryption is set up in the policy file for each domain and by using the TIBCO ActiveSpaces security API functions.

For detailed information on implementing data encryption, see TIBCO ActiveSpaces Developer’s Guide.

Validate the Security Policy file Validating a Security Policy File
Create a Security Token Creating a Security Token
Validate a Security Token Validating a Security Token File
Set up Authorization If you want to provide granular authorization, ActiveSpaces allows you to use using Access Control Lists (ACLs) to set up authorization scopes, rights, and privileges.

For information on setting up authorization, see TIBCO ActiveSpaces Developer’s Guide.

Start Security Domain Controllers Starting Security Domain Controllers
Start Security Domain Requesters You can start a security domain requestor with a token file, if you have deployed token files for your security installation, or you can start a requestor without a token file if you have implemented security without a token file.

You can start the domain requestor without specifying a security token filename.

For example:

connect name "ms" discovery "tcp://127.0.0.1:50000" listen "tcp://127.0.0.2:50000" security_token "none"

To start security domain requestor with a token file see Starting a Security Domain Requestor with a Token File.

Contents
Search Results