Ijrde-Single Sign On. Innovative Mainframe Cics Application
Ijrde-Single Sign On. Innovative Mainframe Cics Application
Ijrde-Single Sign On. Innovative Mainframe Cics Application
ABSTRACT The authentication and authorization have been constant areas of concern to reduce password fatigue and security threats. Mainframe systems have been the most relied solution so far for bulk data management and processing. But when user friendliness needs to be incorporated with security, single sign on proves to be an effective quick fix for mainframe applications. In mainframes, we can implement SSO by using EIBTRMID and EIBTIME variables. These variables enable us to get the system terminal ID and time. When the session time expires, a login page opens if we request to traverse through a particular application. The login page is opened even when our terminal ID changes. We store the terminal ID in the table. Whenever the system generates a terminal ID, it is moved to host variable and updated in the table. In a new session , when the user
requests for the application , the login page opens since the terminal ID is new and it does not match with the one in the table. When the same user tries to request for some other application within the same session and before the session expires, logging-in is not required as the terminal ID is the same. To add on to security of single sign on, we have amalgamated it with Single Sign Out which reinforces the authoritative aspects for an authenticated user. Embracing the application with Single Sign Out completes the circle assuring that the user is automatically signed out from the related applications once he logs out from any one of the applications. Keywords CICS security, mainframes, single sign on, single sign out. 1. Introduction.
IT systems have proliferated into resplendent enterprise support solutions and enhancements. An enterprise is a collection
International Journal for Research and Development in Engineering (IJRDE) www.ijrde.com of vivid applications. The interfacing and integration of applications are becoming increasingly abstruse to software developers. Consequently the most important challenge which has emerged is to support interactive and opportune environment yet not compromising with the security. For the past four decades , Mainframes have substantially proved the fact that they are the most powerful systems for bulk data processing with unparalleled speed and efficiency. Moreover , the reliability and serviceability are such reflective and obvious features that they are being used unceasingly in consumer statistics, enterprise resource planning and transaction processing applications where even a small mismanagement of data leads to irreversible catastrophic results. The user needs to sign in time and again into each application individually leading to complexity in password management and help desk up-keeping. Hence Single Sign On is one of the solutions which could be incorporated in mainframe applications to ensure security compliance along-with convenience. It's inclusion in applications minimizes the need of authenticating the user in related tasks being dealt with. It authenticates the users for all the applications, that they have been given rights to access and eliminates further prompts when they switch applications during a particular session. Uniform enterprise authentication, end to end user audit and reduction in help desk costs are some of the exquisite advantages of including SSO . Authentication of a user as the topmost priority so that integration of correct data at requisite places under Vol.1: Issue.2, October-November 2012 pp- 7-10 appropriate permutations is the factor that drives for Single Sign On. Single Sign On also enables administrators to manage user accounts in a coordinated manner to avoid security threats. The low risk information is gained through this mechanism. But the Single Sign On systems require very good data governance. The Single Sign On implementation in mainframes involves the creation of maps and calling the respective programs by using XCTL calling command in CICS. The XCTL command is used to call programs that are in the same level. There are two types of SSO based on architecture: 1. 2. Web based Non web based.
Some of the primary implementations associated with SSO are: 1.1 Session Time: Session time is the time duration which governs signing in and out. This can be implemented in mainframes by the use of EIBTIME variable. If the time limit exceeds the predefined session time the login page is automatically thrown, whereas if the session has not expired the user can access any application assigned without signing in again. This is done by saving the time in the database at the time of logging-in and the difference is calculated with current time. 1.1.1 EIBTRMID EIB stands for Execute Interface Block . It contains system build variables like EIBCALEN, EIBCPOSN, EIBTRMID etc. EIBTRMID refers to the terminal id of the
International Journal for Research and Development in Engineering (IJRDE) www.ijrde.com transaction being used currently. It changes every time a new session is opened. 1.1.2. EIBTIME Initially EIBTIME contains the time when the transaction started . In order to get the current time, we need to issue the ASKTIME command which populates the time field with the current system time. 1.2 Single Sign Out: To enhance the security Single Sign On is implemented along with Single Sign Out. In Single Sign Out, if the user clicks on logout, he/she is automatically logged off from all the applications being used. It is not needed to logout individually from each application. Now if he/she tries to open any application, it is needed to log-in again. 2. Algorithm Some of the important algorithms that have been implemented are: 2.1. Single Sign On: It is a technique by which a user needs to login only one time to use multiple applications till the session time expires. It prevents users from remembering multiple passwords and promotes customer friendliness. The steps are as follows: 2.1.1. Take a record of the time when the user logs in for the first time(T1). 2.1.2. Maintain a session time of 10 minutes for the user. 2.1.3. If the user opens any other application, take a record of the current time (T2). Vol.1: Issue.2, October-November 2012 pp- 7-10 2.1.4. Convert both the times T1 and T2 into minutes. T(minutes) = T(hours) * 60 + minutes Where T = hh:mm:ss 2.1.5. Take the difference of the two times. DT = T2 T1 2.1.6. If the difference DT is greater than 10 minutes, set login time of the administrator to current time and make him login again. 2.1.7. If the difference DT is less than 10 minutes, he does not need to login and the desired application opens directly for him. 2.1.8. This algorithm also works when the administrator logs in from two different terminals by taking record of both the terminal id and the time of log in. 2.2. Single Sign Out: It is a technique which is used to allow the administrator to log off from the system. It involves the following steps: 2.2.1 When the administrator clicks on the log off button, we set the time of login in the database as 00:00:00. 2.2.2 For logging in to the system the next time, it is checked that if the time save is either 00:00:00 or the difference has exceeded 10 minutes. 2.2.3 In both the cases the administrator has to login again.
International Journal for Research and Development in Engineering (IJRDE) www.ijrde.com Vol.1: Issue.2, October-November 2012 pp- 7-10 [2]. Mike Ebbers , John Kettner , Wayne O'Brien , Bill Ogden Introduction to new mainframes : z/OS [3]. Michael Workman , Daniel C. Phelps , John N. Gathegi. Information security for managers
3.
Conclusion
In this competitive world where cyber crimes have spread their claws everywhere, the need of the hour is to have sophisticated security systems that cannot be breached into. One of the effective solutions is implementation of Single Sign On and Single Sign Out. SSO makes the application very handy and user friendly for managing things systematically and conveniently along-with security as the topmost priority. This way the authenticated user does not need to login again and again for using the related applications that provide the same gateway of access. Moreover the account is automatically logged off preventing the resources from unauthorized access. Various web based and network based applications have started incorporating SSO as a basic feature , considering threats offer illicit access to sensitive data which may affect the business. SSO is being used in various sites on .php,.jsp,.aspx etc and using simple programs, we can install the feature of single sign on in mainframe applications! 7. References: [1]. Roul Mendes, Doug Lowe. Murachs CICS for COBOL Programmers.
10