Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Mapping of Distributed Computing Environment Identities to MVS Userids

IP.com Disclosure Number: IPCOM000116158D
Original Publication Date: 1995-Aug-01
Included in the Prior Art Database: 2005-Mar-30
Document File: 2 page(s) / 123K

Publishing Venue

IBM

Related People

Rass, AK: AUTHOR [+2]

Abstract

A method for enabling Distributed Computing Environment (DCE) servers to efficiently associate DCE clients with MVS userids is disclosed. An administrator creates a set of Identity Mappings, which associates DCE clients with MVS userids. An Identity Mapping may be specific to one DCE server, or may be valid for any DCE server residing on the MVS machine. During server initialization the Identity Mapping file is hashed into memory to maximize lookup performance. Identity Mappings that are specific to other DCE servers are discarded. When a client makes a request, the server uses a hash function to retrieve the MVS userid associated with that client.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 47% of the total text.

Mapping of Distributed Computing Environment Identities to MVS Userids

      A method for enabling Distributed Computing Environment (DCE)
servers to efficiently associate DCE clients with MVS userids is
disclosed.  An administrator creates a set of Identity Mappings,
which associates DCE clients with MVS userids.  An Identity Mapping
may be specific to one DCE server, or may be valid for any DCE server
residing on the MVS machine.  During server initialization the
Identity Mapping file is hashed into memory to maximize lookup
performance.  Identity Mappings that are specific to other DCE
servers are discarded.  When a client makes a request, the server
uses
a hash function to retrieve the MVS userid associated with that
client.

      IBM* OpenEdition Distributed Computing Environment Base
Services MVS (OE DCE/MVS) servers may wish to access MVS subsystems
on behalf of their clients.  For example, the Application
Support/CICS (AS/CICS) server executes CICS transactions on behalf of
client requests.  Clients make requests via a DCE Remote Procedure
Call (RPC).  The AS/CICS server knows the DCE identity of the client,
but CICS requires the client's MVS userid to determine if the client
is authorized to execute the transaction.  Thus, AS/CICS servers must
map DCE identities to MVS userids.  Other DCE servers may also have
the same requirement.  The implementation used by AS/CICS to map DCE
identities to MVS userids is described below.

      The Identity Mappings are stored in a binary Identity Mapping
file.  The AS/CICS administrator creates this file by running the
Identity Mapping utility (ASUIDMAP) against an Identity Mapping Input
file.  The Identity Mapping Input file contains a set of Identity
Mappings, each separated by a blank line.  An Identity Mapping
consists of the following items:
  DCE identity - A DCE principal name.  If the DCE principal
   resides in a foreign cell, the cellname must also be specified.
  MVS userid - An MVS userid that is associated with the DCE
   principal.
  Server name (optional) - The name given to the DCE server in
   DCE's Cell Directory Service (CDS).

If the Identity Mapping contains a Server name, the mapping is called
a Server Specific Identity Mapping.  Otherwise, it is called a
Generic Identity Mapping.  A Server Specific Identity Mapping is only
valid for the specified server, while a Generic Identity Mapping is
valid for all DCE servers.  For a given DCE identity, there may be at
most one Generic Identity Mapping, and one Server Specific Identity
Mapping per DCE server.

      The Identity Mapping utility (ASUIDMAP) is run against the
Identity Mapping input file to generate a binary Identity Mapping
file.  For each Identity Mapping, ASUIDMAP obtains the DCE
principal's Universal Unique Identifier (UUID) from the DCE Security
Registry.  This UUID, instead of the principal's string name, is
stored in the binary Identity Mapping file.  The Identity Mapp...