Explanation of OTMA security data fields
The following information provides additional detail on the content of the security-data section of the message prefix.
- Length
- Specifies the length of the security-data section of the message prefix, including the length field.
- Security Flag
- Specifies the type of security checking to be performed. It is
assumed that the user ID and password are already verified.
- No Security
- Specifies that no security checking is to be done.
- Check
- Specifies that transaction and command security checking is to be performed.
- Full
- Specifies that transaction, command, and MPP region security checking is to be performed.
- Reserved
- After the reserved field, the following three fields can be omitted
or appear in any order. Each field has the following structure:
- Length field
- Field type
- Data field
The length field is not calculated in the length calculation. The actual length of the user ID or profile should not be less than the value specified for the length of each field.
- Utoken Length
- Specifies the length of the user token plus the length of the user token type.
- Utoken Type
- Specifies that this field contains a user token.
- Utoken
- Specifies the user token. The user ID and profile are used to
create the user token. The user token is passed along to the IMS dependent region.
If the client has already called RACF®, it should pass the Utoken with field type X'00' so that RACF is not called again.
- User ID Length
- Specifies the length of the User ID plus the User ID type.
- User ID Type
- Specifies that this field contains a user ID.
- User ID
- Specifies the actual user ID.
- Profile Length
- Specifies the length of the profile plus the length of the profile type.
- Profile Type
- Specifies that this field contains a profile.
- Profile
- Specifies the system authorization facility (SAF) profile. For RACF, this is the group name.
- Network User ID Length
- Specifies the length of the network user ID plus 1 byte length of the network user ID type. The length does not include this length field itself.
- Network User ID Type
- Specifies X'04' to indicate that the following data is the network user ID.
- Network User ID
- Specifies the distributed user ID, which can be up to 246 bytes. For customers using IMS TM Resource Adapter, it is a Distinguish Name (DN) in the X.500 series of standards.
- Network Session ID length
- Specifies the length of the network session ID plus 1 byte length of the network session ID type. The length does not include this length field itself.
- Network Session ID Type
- Specifies X'05' to indicate that the following data is the network session ID.
- Network Session ID
- Specifies the network session ID for the distributed user. It can be up to 254 bytes. For customers using IMS TM Resource Adapter, it is a domain name, realm, or registry name.