Security strategy

[RICHARD RUTA]

We are rolling out an application that will be very lightly used by 65 remote users. I guess I will call the application anonymously. But I need a security strategy. Does anyone have a suggestion?

[Scott Klement]

Can you explain a little bit more about the situation?

What is it that you need to secure? Why are you using anonymous, and how does it assist you in this situation?

[RICHARD RUTA]

I would not like to create 65 profiles on the Iseries. But I would also like to have some security for people accessing the system.

[Scott Klement]

Sorry, when I asked for more information I didn't explain what I wanted to know. From your last message, I'm guessing that by "security" you're referring to the sign-on (as opposed to something like encryption).

Can you tell me which of these types of applications you're trying to secure?

• 5250 application running in Genie
• Rich Display application running in Genie
• Rich Display application running in a Profound UI session
• Rich Display application running in Atrium
• Genie macro session running in Atrium
• RPGsp application

Will the application be used from 'public' (or shared) devices or PCs?

Do you plan to use browser authentication?

What would be your ideal method of user authentication? A validation list containing the users? Kerberos? LDAP? A physical file containing the users/passwords? This might give me some insight into what you're looking to do.

[RICHARD RUTA]

It's going to be a pui application running in a web browser. Up to this point, I've created profiles on the Iseries for a limited number of users.