On Fri, Nov 17, 2017 at 11:39 AM, Rob Berendt <rob@xxxxxxxxx> wrote:
Steve already did with his first post:
<snip>
The user exchanges credentials (user identifications) either directly
with the operating system, or indirectly through application or
middleware software that is supported by the operating system.
</snip>
https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_73/rzam8/
rzam8userentitlements.htm
Rob,
That document makes it clear that user-entitlements are based on:
1. An "IBM i user", who "exchanges credentials" with the "operating system".
For some reason, it appears that you and Steve have extrapolated IBM's
definition of "a user" and "user-entitlement" to mean any person who
connects to the IBM i HTTP server.
IBM's language seems clear to me. If you're challenging my interpretation
of it, then it appears to me that you've come up with your own private
definition of what it means to "exchanges credentials", with the "operating
system".
However, since it does not agree with your views and desires, you find
that it does not back up his assertions.
Why are you saying that it "does not agree" with my views. I say that I DO
agree with it.
It doesn't agree with your views. For some inexplicable reason you
evidently have a different opinion about the definition of an IBM i user
being defined as a person who exchanges credentials with the operating
system.
It seems clear to me that the definition of exchanging credentials with the
operating system means a person who has IBM i credentials, who exchanges
them with the operating system via some interface that is built into IBM i,
and used for that purpose.
Which I find odd since his
assertions are merely a cut and paste of IBM clearly stated policy.
My point exactly, back to you. Why are you suggesting that anyone who
connects to the HTTP server, be viewed as a user, even though they may not
have ANY IBM i credentials, may not have exchanged ANY with the operating
system, may not have not been authenticated, nor used in ANY object-level
authority checking?
You evidently have a different definition of "a user", than what has been
defined by IBM.
I am sure however that you will still disagree up to the time (and
probably still after, even after paying the fine) of your first IBM audit.
And I suspect this is why Steve has graciously replied to the others but
you're hearing silence from him.
In a previous post, you also implied that user-based entitlements are
required for HTTP connections - that if you configured an HTTP server to
support many connections, then IBM requires "unlimited user entitlements".
What do you base that on?
As an Amazon Associate we earn from qualifying purchases.