Connector Application Security
Security operations can be performed by the connector application, or they can be passed on to the foreign computer where the destination queue is located.
Connector applications that pass security operations to the foreign queue are referred to as transparent applications. As a transparent application, the connector application translates the message properties so that they can be understood by the foreign computer, and then passes the translated message properties on to their destination. In this case, the foreign computer must interpret the message properties and perform any required actions.
Connector applications that perform security operations themselves are referred to as nontransparent applications. As a nontransparent application, the connector application receives messages from either the Message Queuing system or the foreign messaging system, interprets the message's properties, and performs any required actions, including one or more data security operations. Then the connector application sends the message on with the appropriate message properties. Because the connector application may be instructed to deliver the message to the foreign system without security or with its own security context, the foreign system must be able to trust the connector application to perform the correct actions.
Several properties are used when creating the signature of the sender. When a transparent connector application translates these properties (in particular the administration and response queue properties) to their new values, it must include both the translated and original values when it passes the message on to its destination. The foreign application needs the original values to authenticate the signature when the message arrives.
A foreign messaging application sending a secure message must retrieve the corresponding representation of the signature properties in the Message Queuing system before it can send the message to the Message Queuing queue.