Designing for Solution-Based Security on z/OS

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.

thumbnail 

Published on October 16, 2008

  1. .PDF (5.5 MB)


Share this page:   

ISBN-10: 0738431486
ISBN-13: 9780738431482
IBM Form #: SG24-7344-00


Authors: Patrick Kappeler, Rama Ayyar, Christian Chateauvieux, Arnauld Desprets, Gillian Gainsford, Alain Roessle, Pedro Siena Neto, Mohinze Tidjani and Mark Womack

    menu icon

    Abstract

    This IBM Redbooks publication provides solution designers and architects with a comprehensive view of the security services they can exploit on z/OS, whether their application is hosted by z/OS or by another platform. It also discusses, at a high level, the Tivoli products that team with mainframe security services to provide flexible and extensible security architectures that fit On Demand infrastructure requirements, because implementing optimum solution-based security requires extensive knowledge of what security services and APIs provide on the platforms for which you are developing the solution.

    The book briefly describes data processing security concepts, with a focus on the problems that enterprises face today because of the heterogeneous nature of their platforms and technologies, and the requirement to progress towards an On Demand environment. Next, it explains the security services and APIs that are provided on z/OS, with respect to the security concepts they implement and their seamless integration into distributed environments, as building blocks for optimal solution-based security. This analysis is examined from the perspective of both z/OS solutions and non-z/OS hosted solutions, because non-z/OS hosted solutions can exploit the remote security services that z/OS offers. High level explanations and exploitation considerations are provided for z/OS RACF, LDAP server, Kerberos and PKI support, z/OS Communications Server-specific features (such as embedded IP filtering, IPSec VPNs, and application-transparent TLS), and many other features.

    Table of Contents

    Chapter 1. Some security basics - today's challenges

    Chapter 2. System z platform security and certifications

    Chapter 3. z/OS security services

    Chapter 4. Focusing on the z/OS Security Server (RACF)

    Chapter 5. A brief reminder about System z integrated hardware cryptography

    Chapter 6. Using the LDAP directory as a User Registry

    Chapter 7. Additional considerations about identification, authentication, and authorization services

    Chapter 8. Overview of TCP/IP network security

    Chapter 9. WebSphere Application Server for z/OS and Web services security basics

    Chapter 10. Tivoli products that team with the mainframe

    Chapter 11. Sample configuration - identity provisioning, authentication and authorization

     

    Others who read this also read