With one command, a security administrator can update remote RACF databases without logging on to remote sys- tems. Throughout the enterprise, RACF commands can be sent automatically to synchronize multiple databases. In addition, RACF can automatically propagate RACF data- base updates made by applications. With RACF, users can keep passwords synchronized for specifi c user IDs. When you change one password, RACF can change passwords for your user ID on different systems and for several user IDs on the same system. Also, passwords can be changed automatically for the same user ID on different systems. This way, several RACF databases can be kept synchro- nized with the same password information.

RACF enhancements:

Digital Certifi cates can be automatically authenticated without administrator action.

Administrative enhancements enable defi nition of pro- fi les granting partial authority. Handling of new pass- words and removal of class authority are simplifi ed.

On demand applications require a way to associate more users under a RACF Group defi nition, so RACF allows the creation of a new kind of Group that can con- tain an unlimited number of users.

RACF now allows you to perform RACF installation class updates without an IPL, which can help improve avail- ability

RACF facilitates enterprise password sychronization through RACF password enveloping and notifi cation of password changes using z/OS LDAP

Improved user accountability through RACF’s enforce- ment of unique z/OS UNIX UIDs and GIDs

Improved access control fl exibility and granularity for z/OS UNIX fi les with access control lists

Multilevel security support

Multilevel Security

z/OS 1.5 is the fi rst and only IBM operating system to pro- vide Multilevel Security. This technology can help improve the way government agencies and other organizations share critical classifi ed information. Combined with IBM’s DB2 UDB for z/OS Version 8, z/OS provides multilevel security on the zSeries mainframe to help meet the strin- gent security requirements of government agencies and

nancial institutions, and can help open up new hosting opportunities. Multilevel security technology allows IT administrators to give users access to information based on their need to know, or clearance level. It is designed to prevent individuals from accessing unauthorized informa- tion and to prevent individuals from declassifying informa- tion.

With multilevel security support in IBM’s z/OS 1.5 and DB2 V8, customers can enable a single repository of data to be managed at the row level and accessed by individuals based on their need to know.

SSL

Secure Socket Layer (SSL) is a public key cryptography- based extension to TCP/IP networking which helps to ensure private communications between parties on the Internet. z/OS provides fast and highly secure SSL sup- port, with increased performance when coupled with zSeries server cryptographic capabilities.

64

Page 64
Image 64
IBM z/OS manual Racf enhancements, Multilevel Security