Security Considerations › CA Top Secret Interface › How the Security Interface Works

How the Security Interface Works

When a file transfer request is received, the system and interface perform the following actions:

• CA XCOM Data Transport first ensures that the user ID and password supplied by the remote user is valid. This is done with the RACINIT macro. The password sent across the line is encrypted. In addition to the user ID, the VTAM APPLID and the VTAM LU name fields are passed to the RACINIT macro via the APPL and TERMID operands. A new password can be specified by the user to change the current password.
• CA XCOM Data Transport also passes the VOLSER of the volume where the requested data set resides.
• The CA XCOM Data Transport CA Top Secret interface requests that an ACEE be created and saved by the RACINIT macro for use by the authorization routine.

  Note: User ID/password validation is done for data files and job type transfer requests, but not done for report type transfer requests.

• The CA XCOM Data Transport CA Top Secret Interface then passes the ACEE to the RACHECK macro that determines whether the user ID has access privileges.

  Three types of allocation checking are done for data set access requests. The allocation type used depends on the level of access requested:

  • READ authority
  • WRITE authority
  • CREATE authority
• The ACEE is deleted by using the RACINIT ENVIR=DELETE command after access checking. This purges the user ACEE from the system.