The arguments that Timothy Sipples makes against Paul Gilmartin's <begin extract> Of course, "turn on" implies commiting the CPU (micro)cycles to peform the encryption </end extract>
are, in their way, persuasive; but there is another, non-economic argument that is even more persuasive to some IT managements: you are exposing not just your company but your own jobs to grave danger. Heads roll after each of these security-breach fiascos, and one of them may be yours. John Gilmore, Ashland, MA 01721 - USA On 7/18/12, Timothy Sipples <timothy.sipp...@us.ibm.com> wrote: > Paul Gilmartin writes: >>Of course, "turn on" implies commiting the CPU (micro)cycles to peform >>the encryption. > > Yes it does. Google and Microsoft (to pick two examples) made the resource > commitment years ago, when computing power cost a lot more, and their > customers are far more secure. > > Training airline pilots costs money, too. Putting seat belts in automobiles > costs money. Testing a new pharmaceutical costs money. > >>And, again, is that "LDAP" an LDAP client or an LDAP server. If IT >>management has decreed that IDs should be managed via LDAP >>hosted on, e.g., a Linux server, z/OS needs not an LDAP server but >>an LDAP client in order to play well with others. With such a decision >>a fait accompli, that management will be little moved by arguments >>of the technical superiority of Tivoli. > > It's called Tivoli Directory Server for z/OS. Granted, software names > aren't always perfect, but server means server. But yes, it also includes > an LDAP client. I'll quote from IBM redbook SG24-7849: > > "The IBM Tivoli Directory Server for z/OS deliverable that ships with the > base of z/OS provides a Version 3 LDAP client and server. The z/OS LDAP > client contains C APIs and command line utilities used to add, delete, > modify, rename, compare, and search entries in an LDAP directory." > > C APIs are, of course, callable from practically anything -- COBOL, Java, > PL/I, Assembler, etc. (There are additional middleware options if you don't > even want to do that.) So yes, your z/OS-based applications can access > some/any other LDAP V3 server(s) for their authentication and/or > authorization needs if that's the way your IT department wants to roll, via > exits and/or directly. And that's base z/OS -- every z/OS licensee has that > capability today, even if you don't have the z/OS Security Server (RACF). > > Here's the link to the redbook for more information: > > http://www.redbooks.ibm.com/redbooks/pdfs/sg247849.pdf > > You can also use Java as your LDAP client environment on z/OS if you > prefer. Java (the IBM SDK) is also a no additional charge feature of base > z/OS, and you can use JNDI methods to access LDAP servers (including the > Tivoli Directory Server for z/OS). > > -------------------------------------------------------------------------------------------------------- > Timothy Sipples > Resident Enterprise Architect (Based in Singapore) > E-Mail: timothy.sipp...@us.ibm.com > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
