It is frankly a bit scary to have this question being asked like this, since this is being asked by the owner of authorized code. Karl Schmitz of IBM has given many presentations to many customers and vendors on system integrity. This is a very basis system integrity question, the answer to which should be well understood before writing authorized code.
You really don't "verify". It is in general impossible to "verify". You can "sanity check" but all that does is let you find some cases that are not valid. You still need to access data in the caller's key. Either use the MVCSK instruction (or use MVCDK if writing to it) or switch to the caller's key for the reference (SPKA instruction or MODESET macro) and then use that key to load into registers and switch back to your key for saving the data. It doesn't typically matter where you do the access as long as is done by authorized code and you copy (using the key) the data to protected storage that the unauthorized caller cannot modify and subsequently reference from that copy (unless you make sure that every reference is done in the unauthorized caller's key). I'm not sure what you mean by the "caller's interface routine". If it is something that runs in user state and key it cannot do any true validation. Only sanity checking (which you would typically have to re-do after you get to the target routine where you are authorized and where you can avoid a time of check to time of use exposure). Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN