Security for OTMA IMS-to-IMS TCP/IP connections

For OTMA ALTPCB messages sent to a remote IMS system on an IMS-to-IMS TCP/IP connection, transaction authorization is performed by the remote IMS system.

When an application program running in the local IMS system sends a message to a remote system by issuing an ISRT ALTPCB call, the user ID of the application program is included in the prefix of the message.

You can also specify a user ID in the OTMA destination descriptor in the OTMA DFSYDTx member of the IMS.PROCLIB data set. If a user ID is specified in an OTMA destination descriptor, the remote IMS system uses the user ID in the OTMA destination descriptor instead of the user ID of the application program that issued the ISRT call.

You can secure the TCP/IP connection by implementing RACF® PassTicket user authentication in IMS Connect. IMS Connect authenticates a RACF PassTicket when a connection is first established. When persistent sockets are used, after the initial authentication is performed, all messages received on the connection are treated as coming from a trusted user and no further authentications is performed as long as the connection persists.