Territory Gateway ACLs
A territory gateway allows a Broker in one territory to retrieve information from Brokers in another territory. You can set up ACLs on a territory gateway so that the Broker requesting information from a territory other than its own must be granted authorization to receive data.
When you set up a territory gateway ACL, the user name ACL on the local gateway contains one entry: the basic authentication identity or SSL identity of the Broker Server on which the remote gateway resides. After permission is granted, information flows from the remote Brokers on the other side of the gateway.
Note:
A territory gateway ACL is not shared between the two sides of a gateway connection. Each gateway requires its own ACL.
Normally, when you configure for SSL authentication, you do not need to attach an authenticator name ACL to a territory gateway. However, if the Broker identity from the other territory used a different certification authority, then you must import the trusted root of each territory into the truststore of the other.
The following figure shows the setup of a territory gateway ACL for a one-way flow of information. In the figure, an ACL containing the identity of the Brokers in territory Y is attached to a requesting Broker from territory X.
How a Territory Gateway ACL Works
For information about setting up an ACL for this type of configuration, see
Setting Permissions to Connect to Remote
Brokers across a Territory Gateway.