> -----Original Message-----
> From: IBM Mainframe Discussion List On Behalf Of Charles Mills
>
> [ snip ]
> but what I would REALLY like is what I asked for: some
> "automated" way of getting a user "here" signed on
> automatically "there." It looks like PassTicket will do
> exactly that but I am a little boggled by all of the details
> - it would be great to have a Redbook-style "cookbook" - and
> I'd really like to understand the possible applicability of SSL/TLS.
This is OPINION based primarily on research and VERY LITTLE experience (so
far) with digital certificates and SSL/TLS: For what you propose, I believe
digital certificates (and optionally SSL/TLS) would be simpler than
Passtickets. My perception of Passtickets is that they are better suited
for "live" sign-on since there is a unique Passticket generated every time a
logon or sign-on is attempted, AND both the originating and target systems
must have their clocks pretty-well synchronized for a generated Passticket
to be considered valid by the target system. I believe digital certificates
(with or without SSL/TLS) are better suited for "batch-type" sign-on,
because a digital certificate is valid for a much longer time than ten
minutes (normally) and the disparate system clocks need not be synchronized.
And depending on the relationships between your prospect's system(s) and the
target system(s), your prospect *may* be able to use "self-signed"
certificates (i.e., your prospect could be its own "certificate authority").
-jc-
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
