Skip to Main Content
Integration


This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Not under consideration
Created by Guest
Created on May 20, 2013

Provide information to applications to allow them to validate that AMS was active.

AMS applications currently have no way to validate that an AMS policy was enforced. They have to trust that the policy configuration was correct. If policy enforcement is disabled then unsigned or unencrypted messages could be passed to the application without it knowing that fact.

An ability to query reserved MQ property values could resolve this issue. The application could query the property after receiving the message to determine whether the message had been signed and/or encrypted.

Alternatively, an MQOPEN option could be defined (MQOO_ENFORCE_ENCRYPTION, MQOO_ENFORCE_SIGNING) for example. If the option was set, the queue or topic open would only succeed if the corresponding AMS policy was being enforced.

Idea priority Medium
RFE ID 35059
RFE URL
RFE Product IBM MQ
  • Guest
    Reply
    |
    Jan 7, 2022

    We recognise that this is a valid requirement. However it doesn't fit with our delivery plans for the next couple of years.

    As a result we are declining this Idea. While declined the Idea can still be voted, and commented, upon.

  • Guest
    Reply
    |
    Jun 26, 2019

    This is something we will consider implementing in a future release.

  • Guest
    Reply
    |
    Oct 15, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - WebSphere
    Product family - Integration
    Product - IBM MQ

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Connectivity and Integration
    Product - IBM MQ

  • Guest
    Reply
    |
    Jul 5, 2015

    This is similar to the QMgr setting that prevents ID/password authentication over an unsecure channel, or refusing to run if key database files are world-readable.

    AMS was designed so that an existing application would not need to be modified. Bravo, mission accomplished. But in a security setting, that is the *smallest* use case. For any kind of compliance additional accountability is needed. For apps that so require, an assertion in code or a managed object should be available to ensure the app will not run with AMS disabled, or set below a given protection level.

0 MERGED

Expose signer and signature information from MQ AMS to applications

Merged
AMS enables messages to be signed by the sender, and the policy enforces that only signed messages can be received. However, the receiver does not have access to information about who signed the messages. Please add the ability for applications to...
over 11 years ago in MQ, MQ Advanced & MQ Appliance 2 Not under consideration