Today, many transactions that execute on z/OS® subsystems originate from the Internet and are initiated by users who authenticate their identities on Web-based, or distributed, application servers. When a distributed application server passes a transaction to a z/OS subsystem, the transaction might be associated with the identity of the distributed application user, as defined in a user registry where the transaction originated, or it might be associated with a shared RACF® user ID that was assigned by the z/OS subsystem.

To be effective, applications that audit user activities on z/OS subsystems need both the RACF user ID associated with a z/OS subsystem transaction and the user identity that was presented when the user originally accessed the distributed application server. When you implement distributed identity filters, you map the user's distributed identity to a RACF user ID. This allows both user identities to be recorded in the SMF records that are written during the execution of supported transactions, providing more complete auditing for z/OS subsystems.