Designing for Solution-Based Security on z/OS
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
Published on 16 October 2008
ISBN-10: 0738431486
ISBN-13: 9780738431482
IBM Form #: SG24-7344-00
Authors: Kappeler Patrick, Rama Ayyar, Christian Chateauvieux, Arnauld Desprets, Gillian Gainsford, Alain Roessle, Pedro Siena Neto, Mohinze Tidjani and Mark Womack
This IBM Redbooks publication provides solution designers and architects with a comprehensive view of the security services they can exploit on z/OS, whether their application is hosted by z/OS or by another platform. It also discusses, at a high level, the Tivoli products that team with mainframe security services to provide flexible and extensible security architectures that fit On Demand infrastructure requirements, because implementing optimum solution-based security requires extensive knowledge of what security services and APIs provide on the platforms for which you are developing the solution.
The book briefly describes data processing security concepts, with a focus on the problems that enterprises face today because of the heterogeneous nature of their platforms and technologies, and the requirement to progress towards an On Demand environment. Next, it explains the security services and APIs that are provided on z/OS, with respect to the security concepts they implement and their seamless integration into distributed environments, as building blocks for optimal solution-based security. This analysis is examined from the perspective of both z/OS solutions and non-z/OS hosted solutions, because non-z/OS hosted solutions can exploit the remote security services that z/OS offers. High level explanations and exploitation considerations are provided for z/OS RACF, LDAP server, Kerberos and PKI support, z/OS Communications Server-specific features (such as embedded IP filtering, IPSec VPNs, and application-transparent TLS), and many other features.
Chapter 1. Some security basics - today's challenges
Chapter 2. System z platform security and certifications
Chapter 3. z/OS security services
Chapter 4. Focusing on the z/OS Security Server (RACF)
Chapter 5. A brief reminder about System z integrated hardware cryptography
Chapter 6. Using the LDAP directory as a User Registry
Chapter 7. Additional considerations about identification, authentication, and authorization services
Chapter 8. Overview of TCP/IP network security
Chapter 9. WebSphere Application Server for z/OS and Web services security basics
Chapter 10. Tivoli products that team with the mainframe
Chapter 11. Sample configuration - identity provisioning, authentication and authorization