Skip to Main Content
IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Categories Open Access TM
Created by Guest
Created on Oct 2, 2020

JWT Token Authentication Support for IMS Connect, TM RA and ICAL

We would like to use JWT (JSON Web Token) as the only method to authenticate against IMS Connect. Similar to what Network Security credential propagation support offers today, but more advanced and specific to JWT. IMS TM RA for inbound should provide a field to allow to set the JWT Token (at least 512 byte, but possibly up to 1024 byte). IMS Connect with HWSJAVAx Exits should be able to extract the JWT Token and place it into an IDTA and do the RACROUTE Call without the users need to write their own IMS Connect security exit or define their own IMS Connect message structures. TM RA and IMS Connect full support is requested. RACF extracts either the RACF Userid from the subject or does identity mapping based on X.500 Distinguished Name and returns an error or an ACEE. IMS Connect then extracts the userid or mapped userid from the ACEE and passes it on to OTMA together with the complete JWT Token in the transaction message prefix. The INQY MSGINFO call should allow to retrieve the complete JWT Token (not only the Common Name). ICAL should transparently support to send out the complete unchanged JWT Token to the external application and TM RA for outbound needs to support the retrieval of the JWT Token.
So the requirement is about JWT authentication and propagation support for IMS (IMS TM RA, IMS Connect, IMS and IMS Callout).

Idea priority High
  • Guest
    Reply
    |
    Jan 11, 2021

    Hi,

    Thank you for your interest in keeping IMS a vital and successful product. Software development has continuously evolved during IMS's lifetime, and so has IMS itself. We have kept pace with, adopted, and implemented many industry standard best practices within our organization, including Continuous Delivery, Design Thinking, and Agile.

    When choosing new features to add from the list of requirements in our backlog, we assess which will bring the most value to as many clients as possible and prioritize those.

    After reviewing our prioritized backlog, we have decided to reject this RFE as we will not be able to get to this in the near future. We have other higher priority items that we are focused on.

    We appreciate your input to IMS, and we hope that you will continue to submit ideas for improvements as customer feedback is a key component to shaping the future direction of IMS.

    Thank you.