1. Technical Field
This disclosure relates generally to securing resources in a distributed computing environment, such as a transaction processing environment.
2. Background of the Related Art
Security systems associated with complex, multi-component computing environments are designed to permit selective and controlled access by active entities (such as users) to static entities (such as data sources).
A representative multi-component system of this type, wherein components work together cooperatively to form a larger system, is the IBM® HyperText Transfer Protocol (HTTP) and Web Services processing environment, which may be implemented using IBM mainframe computers, such as the IBM z196 family of computing machines. This environment typically includes IBM's WebSphere® Application Server (WAS) middleware platform software product, working in conjunction with one or more transaction processing products, such as IBM Customer Information Control System (CICS®) and/or IBM Information Management System (IMS), a message processing product, such as IBM WebSphere MQ, and a relational database, such as the IBM DB2® database. An objective of a multi-component environment is to provide a high performance transaction processing computing system or environment accessible to client end-users via Internet browsers using HTTP or other Web Services. In this environment, the client end-user making the HTTP or Web Services request communicates directly with the application server. Typically, to fulfill the transaction request from the distributed client end-user, the application server invokes the services of one or more other components in the environment. One of more of these components typically execute on an operating system, such as IBM z/OS® operating system, which is often referred to as a “mainframe” operating system platform.
In such an environment, the transaction processing, messaging, and database components typically are executing within a mainframe computer that includes a framework for managing security within the environment. The framework includes a security server. In a representative z/OS implementation, the security framework is provided by z/OS Security Server, which includes the IBM Resource Access Control Facility (RACF®) as its security engine. RACF allows an administrator to set rules for controlling access to resources by defining what is protected at what level and determining who can access protected resources. In a typical mainframe operating environment (e.g., z/OS), RACF is used to identify and verify users' authority to access data and to use system facilities.
The above-described products and technologies expose interfaces that can be used by permitted entities, such as system administrators, to monitor and manage resources that are being protected by the system.
In addition, relational database technologies such as described above support various encryption methods for data stored in the database tables. Thus, for example, IBM InfoSphere® Guardium® Data Encryption for DB2 and IMS Databases implement EDITPROC security, which uses an Integrated Cryptographic Services Facility (ICSF) to provide encryption at the table level of the database. Consequently, all application users, developers and DB2 system administrators (SYSADMs) can access sensitive data if they have DB2 security and RACF access to the table granted by the SYSADM. This facility, however, does not provide any masking of sensitive data. Alternatively, DB2 includes built-in encryption security, which uses ICSF and is implemented at the column level of the database. This approach, however, requires extensive application changes, and passwords have to be defined and maintained by the application owner's independently of the SYSADMs. Further, passwords have to be defined and used by applications to access data, and no masking of sensitive data is provided. Another known approach is to use an encryption method that uses a User Defined Function (UDF) to afford application users access to sensitive data, although no masking of sensitive data is provided in this approach either.
Currently, however, there are no clearly-defined lines between the roles needed to implement and use cryptographic technology in relational databases such as DB2 z. The lack of well-defined roles and a comprehensive security model causes administrative confusion. It is desirable to provide a more comprehensive security model that may be enforced across the entire relational database management system. This disclosure addresses this need.