Administering ActiveSpaces Security

ActiveSpaces provides the as-admin utility to configure and administer the security aspect of ActiveSpaces. You can also use the ActiveSpaces API to manage access to secured metaspaces.

Basic Entities Involved in Security

Configuring and maintaining security involves the following elements:

as-admin utility: Sets discovery parameters, generates and maintains security configuration files.
policy files: Specifies security settings across metaspaces, binds metaspaces to security domains.
token files: Define connection parameters to secured metaspaces.
ActiveSpaces API: Sets up and manages access to secured metaspaces.

Main Tasks for Setting Up Security

Table 36, Tasks for Setting Up Security lists the main tasks for setting up ActiveSpaces security.

Tasks for Setting Up Security
Task	See
Create a Policy File	Creating a Security Policy File
Edit the Policy file	Edit a Security Policy File
Set up Data Encryption	TIBCO ActiveSpaces allows you to specify encryption of tuple data for fields that have been defined as secure data fields. Data encryption is set up in the policy file for each domain and by using the TIBCO ActiveSpaces security API functions. For detailed information on implementing data encryption, see TIBCO ActiveSpaces Developer’s Guide.
Validate the Security Policy file	Validating a Security Policy File
Create a Security Token	Creating a Security Token
Validate a Security Token	Validating a Security Token File
Set up Authorization	If you want to provide granular authorization, ActiveSpaces allows you to use using Access Control Lists (ACLs) to set up authorization scopes, rights, and privileges. For information on setting up authorization, see TIBCO ActiveSpaces Developer’s Guide.
Start Security Domain Controllers	Starting Security Domain Controllers
Start Security Domain Requestors	You can start a security domain requestor with a token file, if you have deployed token files for your security installation, or you can start a requestor without a token file if you have implemented security without a token file. You can start the domain requestor without specifying a security token filename. For example: connect name "ms" discovery "tcp://127.0.0.1:50000" listen "tcp://127.0.0.2:50000" security_token "none" To start security domain requestor with a token file see Starting a Security Domain Requestor with a Token File.

Creating a Security Policy File
You can create a security policy file to specify security settings across metaspaces, and bind metaspaces to security domains.
Edit a Security Policy File
After you have created a policy file for your security domain, you must edit the settings in the file to specify the security configuration for the domain.
Validating a Security Policy File
Creating a Security Token
A token is an optional configuration file that can be deployed on nodes that have access to or create secured ActiveSpaces resources. The token is created from the security parameter values set in a specified policy file.
Validating a Security Token File
Resetting the Validity for Policy, Token, or Domain Credentials
Starting Security Domain Controllers
Starting a Security Domain Requestor with a Token File

Contents

Index

Search Results

Administering ActiveSpaces Security

Basic Entities Involved in Security

Main Tasks for Setting Up Security