Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Example z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
Jamal's Bank has contracted with VeriSign to provide certificates to its customers and its account representatives. Both customers and account representatives access the company's systems through SSL. Customer SSL connections go through system A (SYSID=SYSA) and are only allowed access to general information about the company's offerings. Account representatives connect through system B (SYSID=SYSB) and need access to confidential customer information. Both systems A and B share the RACF® database. The application that serves the company's data invokes initACEE and
passes user certificates with information about the SSL encryption
level used by each user to connect to the system. This information
is passed to initACEE as a variable called ENCRLVL,
and the following values are assigned by the application based on
the SSL encryption strength of the connection:
The RACDCERT MAP and DIGTCRIT commands shown in Figure 1 set up an issuer's name filter that
uses multiple user IDs based on SYSID and ENCRLVL. In this example,
there is a certificate available for use as a model in data set 'JAMALDC'.
The certificate contains the following issuer's name.
Figure 1. Sample RACDCERT
MAP and RDEFINE commands using multiple criteria
The issuer's name filter created in Figure 1 associates
the following user IDs:
|
Copyright IBM Corporation 1990, 2014
|