× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2007

RES: i5/OS external entitlement definition

Chris,

That's almost exactly how our "external" application works, IBM says we need
unlimited external entitlement for that but I don't think so... Microsoft
also don't think so...

We have 600 member companies wich "authenticate" against our webserver to
get some specific information... Theoretically (absurd again such was
security breech example) I can "filter" each one automatically based on
their IP addresses (stating they're fixed) and forget all about
"authentication"...

About MS, I have their extremely clear and defined proposal right here, they
list all needed software to replace our old iSeries with several details,
including third party SW for some specific applications. There are options
to charge per processor or per user, as we are small (less than 50 users)
per user option is preferable ($$$) than per processor.

Less than 50 users defines a 515 with reasonable costs and compare well to
Wintel servers, on the other hand, less than 50 users and unlimited external
users rises costs to limits only reached by Wintel servers with unlimited
users (but those include internal and external) or per processor options
(both extremely $$$).

If I can't really compare pros and cons on i5 x Wintel, worst is to compare
SW costs needed on one side and not needed on the other. Notice that i5/OS
unlimited external authentication always costs about US$ 5.500 on an i515
(small or big configuration).

Thanks,

Rubens

-----Mensagem original-----
De: midrange-l-bounces+rubens=abinee.org.br@xxxxxxxxxxxx
[mailto:midrange-l-bounces+rubens=abinee.org.br@xxxxxxxxxxxx]
Em nome de Chris Bipes
Enviada em: quinta-feira, 30 de agosto de 2007 12:27
Para: Midrange Systems Technical Discussion
Assunto: RE: i5/OS external entitlement definition

Do not make up user profiles for your external users. The
application server should run under a profile with enough
authority to read/update the data, not delete the objects.
Then your application needs to have an external user logon
validated against a validation list object. You then
generate some sort of temporary session id with an inactivity
timeout that identifies the external user. You use some sort
of identifying key field that never goes to the remote user
but is used in the applications.

For example:
1. External user database with unique key for each user.
This database hold who the user is and what access they have.
Perhaps user name, email address, customer number/code,
Customer level access, (admin, user, purchaser, etc.) 2.
Validation list: includes logon name/password and unique key
for each user.
3. Active session DB - includes unique session id, session
create timestamp, session last activity timestamp.

When a user logs on, you create the unique session id and
write a record to the active session DB. Whenever the user
submits a form/transaction/inquiry, you check this file and
see if the session has expired, if not, update the last
activity timestamp and retrieve the user ID. You then check
the user id against the user file to see get their real
identification, ie. Customer number, and see if they have
authority for the inquiry.

Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rubens
Sent: Thursday, August 30, 2007 5:36 AM
To: 'Midrange Systems Technical Discussion'
Subject: RES: i5/OS external entitlement definition

Eric,

I've read those old threads and again found several opinions.

But still no clear documented definitons, all material found
at IBM website, depending on the reader, can result on
sligtly different meanings.

My problem ($$$) is related exactly on that unlimited
"external" access, I don't think we need it for our
Webserver, Microsoft says we don't need it, IBM included it
on our proposal but can't give a detailed explanation on why.

I5/OS costs for unlimited "external" access is about the same
of a complete Wintel Server, if we get a Wintel server for
web serving, there's no reason to get a new 515 for other
applications, as our old box can manage most of them.

--
This is the Midrange Systems Technical Discussion
(MIDRANGE-L) mailing list To post a message email:
MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change
list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting,
please take a moment to review the archives at
http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.