Leverage IBM's Enterprise Identity Mapping (EIM)

A simple solution to these problems is to leverage IBM's Enterprise Identity Mapping (EIM) infrastructure. EIM is a set of APIs that provide the ability to map employees to their various user identities across many different registries (operating systems, middleware and applications). EIM is integrated into all IBM eServer operating systems, including OS/400 and i5/OS. This addresses the first challenge. With these mappings or associations established, passwords can be eliminated and replaced with other native authentication mechanisms, such as Kerberos tickets. This addresses the second challenge.

TriAWorks, an Identity Management and SSO ISV, has developed a WebSphere plug-in that enables WebSphere to accept an end user's Windows domain credentials, which is actually a Kerberos ticket. The use of Kerberos tickets for authentication eliminates the need to use passwords for authentication. Furthermore, once authenticated to WebSphere, application developers can use a number of different authentication infrastructures to access other registries without being challenged again with a user ID and password prompt. For example, Identity Tokens can be used to access an iSeries, Lightweight Third-Party Authorization (LTPA) tokens can be used to access a Domino Web server, and the Generic Security Services Application Programming Interface (GSSAPI) can be used to access another database, like Oracle.

The end result is the elimination of hard-coded generic or shared application user IDs and passwords, significantly improved transaction control and auditing, and the availability of a very valuable employee mapping to their user identities across the enterprise.

There are a couple of great resources for providing checklists for setting up EIM. You can check out this article that overviews implementing EIM. Additionally, IBM's Pat Botz, eServer Security Architect who invented EIM has given at least two educational webcasts this year on EIM. The first webcast focused on and the second webcast focused on configuring EIM hosted on an iSeries. Lastly, ISV TriAWorks, Inc. has a created a free utility ('SSO Inspector') that an administrator can download to check their systems. The report takes a few minutes to run and will report what each system requires as far as operating system version and PTF levels.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

Rate this Tip To rate tips, you must be a member of Search400.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Web Development Implementing a browser interface in COBOL: Creating your graphic Web page Implementing a browser interface in COBOL: Getting started IBM i shop boosts online sales with RPG-based Web platform Migrating from RPG to EGL on IBM i Groovy programming on IBM i Running PHP open source applications: NOBODY needs authority Zend Web software teams up with IBM System i The best technologies and tools for System i programmers in 2009 Seven IBM i project lessons learned in 2008 AS/400 lessons from the past, present, and future: A holiday tale Web Servers System i no longer the stepchild of IBM's world Connecting WebSphere to AS/400 for image retrieval Weaving in WebSphere SOA enhancements drive IBM WebSphere feature packs SOA means money for IT workers Enable J2EE app on WAS to access DB2 Securing Apache: Keeping patches current IBM runs USOpen.org on Power boxes MoMA's IT makeover a mix of old and new How does RPG talk to a browser? Web Tools Putting data from IBM i on Amazon S3 using i2S3 TAATOOL: Useful tools for programmers on IBM i Programming for the Web on the IBM i, what is possible Zend Web software teams up with IBM System i Using geocoding on AS/400 to enhance your Web presence The iSeries Blog has a new home on IT Knowledge Exchange The best technologies and tools for System i programmers in 2009 Search400.com Products of the Year 2008 Application modernization strategies for System i Natively supported Web applications for Power running i RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary WebSphere Development Studio Client (WDSC)  (Search400.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.