Skip to Main Content
IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Planned for future release
Categories UKO for z/OS
Created by Guest
Created on Feb 1, 2023

Dual Control for key management actions (n/Auth)

A method for dual control is needed in EKMF Web, such that any action (request), for which dual control is required, requires two (or more) users to confirm the request before EKMF Web performs the action.

These actions can be (but not limited to)

 - Key generation, with or without distribution to keystore

 - Key state changes

 - Key install/remove to/from keystore.

 - Key Template changes

 - Keystore changes

 

It should be possible to control which actions require dual control, and which actions can be perform by a single user.

It should be possible to enforce that the people confirming requests must belong to different groups.

A reviewer must be able to view the details of the request before confirming the action.

It must be possible to create the request, add first confirmation, and add second confirmation independently and asynchronously.

Idea priority Urgent
  • Guest
    Reply
    |
    Feb 1, 2023

    This is exactly what we need although it may also be sufficient for 1 person to raise the request and 1 person to review/confirm the request in order to achieve dual control, provided those 2 users must be different (and with all the same requirements around specifying different groups when required, viewing all details before approval and an asynchronous capability).

  • Guest
    Reply
    |
    Feb 1, 2023

    This idea will be crucial to whether we would be able to use the web browser or not. We would require dual control for the vast majority of tasks we would undertake using the browser.