I am an ICSF administrator, but I am not involved in that part of the action. There is both a separation of duties angle as well as it seems that every application does it differently.
I see ICSF as nothing more than an API and a secure key repository. How you use those keys is up to the programmer. ICSF administration would include care and feeding of the key repository clusters, scripts on how to change a master key, and management of the physical hardware. Your mission is more writing the application program that is going to accomplish the business mission. I have seen what looks like facilities to manage application level keys in the TKE doc, but have no idea how they could be used. A step up the ladder is certificate based strategies. Now we mix in RACF as well as the FTP and TN3270 applications. Those can become secure shells for the next step up, which could the application proper. The care and feeding of certificates is a career path all by itself. HTH. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Mark Jacobs Sent: Monday, July 23, 2007 12:16 PM To: IBM-MAIN@BAMA.UA.EDU Subject: ICSF for Dummies Outside of the well written and easily understandable :-) ICSF Administration manual are there any good IBM Redbooks, available education, for the simple howto's of an ICSF administrator? Things like the steps needed to wrap a data encryption key to be able to send it to someone, or be able to receive and install a key they send us. The manual isn't too clear on the how to's, -- Mark Jacobs Technical Services Time Customer Service - Tampa, FL ------ NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html