On Tue, 7 Jul 2020 19:25:46 +0800, Timothy Sipples <[email protected]> wrote:
>Have those "powers that be" offered a list of acceptable alternatives? No, of course not. >Unless they insist, I don't think NTLM over HTTP is a good protocol idea I don't think so either. >nowadays for a variety of reasons, so can we skip that one? Probably not. See above… :-( >The IBM HTTP Server for z/OS supports TLS client certificate >authentication with RACF. That's not basic authentication, so it >ostensibly qualifies. It's also widely accepted. Have you considered that >option? Not yet, because it opens a different can of worms: that of having to manage the client certificates. I am not sure I want to do that… But I agree: it would be a good alternative. >Or you could adopt a token-based approach. The classic way is forms-based >authentication, i.e. some application-based mechanism. Hmmmm…. That would mean I need to code to interrogate RACF, with all the problems of running authorised (z/OS lingo) code. I don't want to go there unless I really, really, *really* have to. > Another, widely >accepted choice is OAuth 2.0. However, OAuth 2.0 would require either a >custom, additional module or an authenticating proxy arrangement of some >kind. I don't know that one. But does look as a lot of hassle for something where basic authentication over HTTPS is all I really need. Thanks for the suggestions. At the very least, they give me some ammunition… Cheers, Jantje. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
