× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hi Nathan,

That document says

"AnIBM i useris a person who accesses theIBM ioperating system through one or more connections."

It's the first sentence. There are no qualifications about exchanging credentials of any sort. Nor does it qualify "connections".

So if your IBM i makes a service publicly available via sockets with no credentials exchanged, say to obtain the current price of tiddly winks from Timbuctu, and someone else has a website that uses that service to provide said information to their users, my question is who is the IBM i user?  The actual user on the non-IBM i website?  Or the non-IBM i website?

In either case, you could get a boatload of connections lasting 1-2 seconds each that would be non-concurrent, so if you got a license for oh I don't know, 5 users?, how many non-concurrent connections could you handle in a day?

Of course, I'm not a lawyer, but if you choose to believe the second sentence

"The user exchanges credentials (user identifications) either directly with the operating system, or indirectly through application or middleware software that is supported by the operating system."

has something to do with the definition of an IBM i user, then I would point out that in the above scenario, no user credentials were exchanged, except once by the socket server job.

And one last thing - if I were really concerned about this, I'd get a good lawyer to look at the actual legal contract, not just some IBM website.

--
*Peter Dow* /
Dow Software Services, Inc.
909 793-9050
petercdow@xxxxxxxxx <mailto:petercdow@xxxxxxxxx>
pdow@xxxxxxxxxxxxxx <mailto:pdow@xxxxxxxxxxxxxx> /




On 11/17/2017 11:25 AM, Nathan Andelin wrote:
On Fri, Nov 17, 2017 at 11:39 AM, Rob Berendt <rob@xxxxxxxxx> wrote:
Steve already did with his first post:
<snip>
The user exchanges credentials (user identifications) either directly
with the operating system, or indirectly through application or
middleware software that is supported by the operating system.
</snip>
https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_73/rzam8/
rzam8userentitlements.htm

Rob,

That document makes it clear that user-entitlements are based on:

1. An "IBM i user", who "exchanges credentials" with the "operating system".

For some reason, it appears that you and Steve have extrapolated IBM's
definition of "a user" and "user-entitlement" to mean any person who
connects to the IBM i HTTP server.

IBM's language seems clear to me. If you're challenging my interpretation
of it, then it appears to me that you've come up with your own private
definition of what it means to "exchanges credentials", with the "operating
system".


However, since it does not agree with your views and desires, you find
that it does not back up his assertions.

Why are you saying that it "does not agree" with my views. I say that I DO
agree with it.

It doesn't agree with your views. For some inexplicable reason you
evidently have a different opinion about the definition of an IBM i user
being defined as a person who exchanges credentials with the operating
system.

It seems clear to me that the definition of exchanging credentials with the
operating system means a person who has IBM i credentials, who exchanges
them with the operating system via some interface that is built into IBM i,
and used for that purpose.


Which I find odd since his
assertions are merely a cut and paste of IBM clearly stated policy.

My point exactly, back to you. Why are you suggesting that anyone who
connects to the HTTP server, be viewed as a user, even though they may not
have ANY IBM i credentials, may not have exchanged ANY with the operating
system, may not have not been authenticated, nor used in ANY object-level
authority checking?

You evidently have a different definition of "a user", than what has been
defined by IBM.


I am sure however that you will still disagree up to the time (and
probably still after, even after paying the fine) of your first IBM audit.
And I suspect this is why Steve has graciously replied to the others but
you're hearing silence from him.

In a previous post, you also implied that user-based entitlements are
required for HTTP connections - that if you configured an HTTP server to
support many connections, then IBM requires "unlimited user entitlements".
What do you base that on?


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.