Skip to Main Content
Merative Ideas Portal

Shape the future of Merative!

We invite you to shape the future of Merative, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the Merative team to refine your idea

Help Merative prioritize your ideas and requests

The Merative team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at Merative works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive notification on the decision

Some ideas can be implemented at Merative, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.


Merative External Privacy Statement: https://www.merative.com/privacy

Status Future consideration
Created by Siemon Kamstra
Created on Mar 15, 2022

Implement ability to configure XML-server security on WAS on z/OS

With Curam 8 the Curam XML server has new functionality for secure communication with TLS. The documentation (https://www.ibm.com/docs/en/spm/8.0.1?topic=server-securing-xml) explains how to configure this feature.

Our servertype is Websphere Application Server for z/OS (mainframe), supported by Curam. The configuration of the certificates for the XML server expects a file based keystore (p.e. keystore.p12).

Our admins use the RACF functionality of WAS for z/OS (for managing access to critical resources). RACF works with centrally managed keyrings that contain the keystores (and truststores) for specific resources.

They can not use RACF for configuration of the Curam XML server security. And this is a nuisance, as they have to manually export the desired keystore into a file each time the certificate changes and do this for all instances (server/node) where the XML server is installed.

The admins propose a relative easy solution for this: the use of Java System Properties (p.E. javax.net.ssl.trustStore/keyStore) and a switch property to signal that "WAS for z/OS" is used.

In our view the current implementation of this functionality for WAS for z/OS is not working as expected. We expect it to support the RACF possibilities of WAS for z/OS.

See also: WH00012447.

Regards,
Siemon

Customer Name Dataport, Hamburg, Germany
Persona Based Summary

As a WAS-on-z/OS administrator for Curam applications I want to configure the security feature of the Curam XML server with the existing RACF functionality of WAS-on-z/OS, because the current XML server security feature configure task is very time consuming.

Market Segment Eligibility & Entitlement
Type of Request Customer Requirement
Market Opportunity

Implementation of this small feature will enhance the acceptance of the Curam product for WAS-on-z/OS administrators.

Usage frequency + #/type of users impacted

Every time the XML server is updated the admins have to do all the steps on every server instance.

CURAM:Workarounds + Proposed Solution

1) The workaround is to follow the Curam documentation for "Securing the XML server"

2) Proposed solution: the use of Java System Properties (p.E. javax.net.ssl.trustStore/keyStore) and a switch property to signal that "WAS for z/OS" is used. This would cost the admins a lot less time configurung the XML server.

  • Attach files
  • Guest
    Reply
    |
    Apr 7, 2022

    Hi Siemon,

    We have reviewed your enhancement suggestion. Based on the information provided, our understanding of your request is as follows:

    You are requesting that we support the configuration of the XML server security feature on WAS for z/OS.

    Testing and verifying the usage of the RACF functionality of WAS for z/OS (for configuration of the Curam XML server security feature) is aligned with our current strategy for our product and we have accepted your suggestion as a consideration for a future release.

    Thank you for taking the time to share your ideas with us. We are committed to involving our users in building our product roadmap and appreciate your suggestions. Not all items under consideration will make it into a release. As plans are confirmed, you will be notified when a specific release includes this enhancement.

    Thank you,

    Sheryl Brenton, SPM Product Management Team

  • Guest
    Reply
    |
    Mar 22, 2022

    Hi Siemon,

    Thank you for taking the time to share your ideas with us. We are committed to involving our users in building our product roadmap and appreciate your suggestions.

    We will review the information you have provided and get back to you within 30 days. If additional details are required to complete our evaluation, we will send you a request for more information.

    Thank you,

    Sheryl Brenton, SPM Product Management Team