Date:         Fri, 29 May 1998 10:46:10 -0500
Reply-To:     CICS List <CICS-L@UGA.CC.UGA.EDU>
Sender:       CICS List <CICS-L@UGA.CC.UGA.EDU>
From:         "Curtis L. Guy" <curtisg@CENTRAL.BEASYS.COM>
Subject:      CICS TCP/IP Security
Content-Type: text/plain; charset="us-ascii"

When a customer initiates a CICS transaction at a terminal that is
connected to CICS via VTAM the customer's userid and the terminal ID are
placed in various CICS control blocks.  That information can then be used
to secure the CICS environment by way of an external security manager (ESM.)
 
There are customers that are now entering into the same CICS region through
a TCP/IP connection (the CICS TCP/IP Socket Interface to be specific.)  The
transactions started by these customers present a security concern for the
system because the control blocks do not contain a userid or a terminal ID
that can be used by the ESM.
 
This presents a major problem since the TCP/IP connection does not seem to
offer any security capabilities.
 
How can this dilemma be solved?  We want to provide a secure environment
for our customers, but we also want to provide ways of connecting to CICS
other than VTAM.
 
Has anyone ever encountered this problem before and how was it solved?
Does anyone have any suggestions as to how to solve this problem?
 
 
 
 
 
Curtis L. Guy                   Software Engineer
BEA Systems, Inc.               voice:  972-738-6172
17101 Preston Road              fax:    972-738-6111
LB #115, Suite 260              email:  curtis.guy@beasys.com
Dallas, TX 75248-1370   WWW:    http://www.beasys.com