Authentication and Authorization: Why? Part 1: Access

Typography

Smaller Small Medium Big Bigger
Default Helvetica Segoe Georgia Times
Reading Mode

Access control is the core of the identity and access management task.

Editor’s note: This chapter is excerpted from chapter 4 of Identity Management: A Business Perspective.

Once we have correctly provisioned user data into the enterprise’s identity service, we can leverage it for access control. This leads us into the fascinating world of authentication and authorization.

Access Control Technology

Authentication and authorization refer to access control technologies. They allow us to manage who can get access to our computer systems, computer programs, and protected resources.

The line between the two functions is fuzzy, so we will start with the two ends of the authentication-authorization spectrum, shown in Figure 4.1.

Figure 4.1: Access control spectrum

Authentication

Authentication is the act of confirming that a user is who they purport to be before granting them access to corporate resources. There are various ways to achieve this, but it usually entails a lookup on a directory service to determine the user’s authority to access the requested service. A common use case is a network login process whereby a user enters their account name and password, the system then checks the directory service to see if the user has an active account and, if they do, provides access to the requested resource. In a Windows environment, once “logged in,” a user will be granted access to any Windows resource on the network to which they are permitted access without having to “authenticate” individually for each requirement, provided Windows authentication has been enabled.

The term authentication is also used to describe access to a computer system— that is, system administrators “authenticate” to a server. This gives them access to operating system functions and the ability to manage the server.

Sometimes the term is used to describe the logon to an application, although this is now getting closer to “authorization.” For instance, a user will sometimes be requested to “authenticate” to SharePoint, though in effect, the system is determining the user’s access to one or more team sites within SharePoint. Thus, a more accurate description would be that the user is “authorized” to SharePoint.

Authentication Levels

It is important to understand levels of authentication. There is a vast difference between a Google ID or Facebook login and a secure corporate login via the company’s identity management environment. The level of authentication will be determined by a risk analysis that evaluates “what can go wrong” if someone is inappropriately given access to an application.

The US National Institute of Standards and Technology (NIST)¹ provides guidance on the determination of the authentication mechanism for a desired level of assurance. A four-level model has been used for the past few years, but since most jurisdictions’ privacy regulations mandate that anonymous or pseudonymous transactions must be supported, a five-level model is recommended, as shown in Figure 4.2.

Figure 4.2: Levels of authentication

As the level of risk increases, the authentication strength must be increased.

Level 0 is for anonymous transactions where it is not necessary to identify the user (e.g., the purchase of theatre tickets). It might be necessary to collect a name for fulfillment of the transaction, but the customer should be free to choose a pseudonym if they want to.

Level 1 is for low-assurance logins. Many public access systems are at level 1. They access information and may require a contact, but there is no sensitive information to be accessed by the user. A basic username and password are satisfactory.

Level 2 is still for low-assurance logins but typically for corporate applications. Since there is little sensitive information to be accessed by the user, a usernameand password will be required, and the company will typically impose a password policy that enforces a password of sufficient strength.

Level 3 is for medium-assurance applications where the user might be exposed to intellectual property of the organization or be able to access protected resources. In this instance, a higher-level authentication will be required, possibly protected by a biometric login or a digital certificate.

Level 4 is for high-assurance environments whereby significant damage could result if an incorrect authentication occurred. Industrial computer systems or military environments fit into this category. Public key infrastructure (PKI) or multi-factor authentication is appropriate.

Connecting a person’s identity-defining attributes and the person him or herself is the identity proofing task. This is typically a non-trivial task depending of the level of registration required. For high-security environments at level 3, a substantial registration process will be required because the issuance of a certificate should not be made lightly if the certificate will be used to access sensitive, protected information. On the other hand, if it’s simply to pay vehicle license fees, for example, a lower proofing level is satisfactory. Possibly this task could be outsourced to a public identity service by accepting social logins.

The steps then are:

User submits application for
Uniqueness is verified, and proofing documentation checks are
Identity-proofing documents are
An identity assurance level is

Levels of Assurance

Determining the level of assurance involves a risk management approach based on an assessment of what could go wrong if a person accesses the target application fraudulently. In the event that serious consequences may occur, a high level of assurance should be assigned to the application. If consequences are slight or of no consequence, there’s no point in engaging in a robust authentication process.

A typical evaluation process will be based on a four-level evaluation:

Low	Little confidence in the accuracy or legitimacy of a claimed identity Appropriate for transactions with minimal consequences to the organization or community from registration of a fraudulent identity
Medium	Some confidence in the claimed identity Appropriate for transactions where there may be low-level consequences if someone with a fraudulent identity is registered and accesses a service to which they are not eligible. Some minor consequences to the community may occur.
High	High confidence in the claimed identity Appropriate for transactions in which serious consequences could result from a fraudulent registration, such as inappropriate access to sensitive information or protected computer systems that could cause harm to the community
Very High	Very high confidence in the claimed identity Appropriate for transactions with very serious consequences associated with a fraudulent registration that has significant consequences to the community, such as the fraudulent issuance of a document commonly used as evidence of identity

Authorization

Once a user is authenticated, authorization provides access to computer programs (applications) commensurate with the user’s authenticated identity. This typically involves a lookup of the user’s record in the identity repository to determine their access rights within the requested application. There are several ways to achieve this.

Coarse-grained authorization is often achieved via AD groups. A number of AD groups will be established for an application, and the requesting user’s AD group membership will determine the access they are granted in the application. For instance, if a user is in the Project Manager AD Group, the user will be authorized to the project management system as a manager. If a user is in one of the Project Team Member groups, he or she will be authorized to the appropriate project(s) at the user level.

Fine-grained authorization is completely different. It usually involves an authorization server that relies on a directory for attributes on users who request access to a protected resource, but it extends to a full dynamic attribute-based access control (ABAC) solution incorporating a decision point, one or more information points, and multiple enforcement points. The benefit that fine-grained authorization provides is the ability to establish centrally managed policies to provide governance over the authorization task.

This is a critical activity for any organization, but it becomes particularly important for a company with high-security requirements.

Access Control Types

Now it’s time to change tack and consider authentication and authorization from another viewpoint. There are basically two approaches to enabling access control: a role-based approach that is usually used in the authentication task, and attribute-based access control that is the core of an authorization approach.

Authentication based on AD groups is a type of role-based access control. Users are provisioned into specific AD groups based on the workgroup in which they work or the department they belong to. In this way, they get access to systems and applications based on their “role” within the organization.

In an attribute-based access control system, shown in Figure 4.3, access is granted based on user attributes that are compared against policies that control who should get access to an application. The policy decision point (PDP) compares attributes that have been provisioned against a user in the identity repository, as well as context attributes such as the time of day, to determine the level of access a user should receive in the requested application.

Figure 4.3: Attribute-based access control

Role-based Access Control

Role-based access control (RBAC) has served us well and remains a positive and efficient way in which to automate the granting of permissions to users, based on their roles in the organization. When a person joins an organization, their access to systems and protected resources in the organization should be commensurate with their role(s). Furthermore, when one or more of their roles change, their access to systems should change accordingly. For instance, if a person is a finance manager, they should have access to the financial management system at a manager level. If they then act as the chief finance officer (CFO) for two weeks while their manager is on vacation, they should be given access to the CEO meeting documentation for that period of time. If the manager is then transferred from Finance to HR, they should lose access to the Finance system and be given access to the HR system. This should happen automatically with human intervention limited to managing exceptions.

RBAC is therefore an efficient way to manage staff access to protected resources. RBAC becomes difficult, however, if there are too many roles. Over time, these lists become bloated and result in inherent risks to the organization. Often it is necessary for the organization to conduct a thorough assessment of the current assigned roles, which may lead to a consolidation and reduction of roles to those which are essential.

RBAC Example

Although there are many variants, all RBAC environments use a person’s role information to grant access to applications. Let’s look at an example, illustrated in Figure 4.4.

Figure 4.4: RBAC example

In Figure 4.4, John Smith is a Toronto-based staff member working in Ottawa. He gets access to the Finance application because he is in the Finance group. During provisioning, this group can be populated automatically from the Dept attribute in the organization’s directory. The application’s access control logic is configured to reference the appropriate groups when a user logs in.

In this instance, the project manager’s group is configured for JobCode F1243, so John also gets access to the Project Management Office (PMO) application. This application’s access control logic will perform a lookup on the corporate directory, when authenticating users, to retrieve the appropriate job code for the user in order to connect them to the application’s functionality at the appropriate level.

Finally, John gets provisioned into the email program, as do all staff. Note: John does not get access to the HR application because he’s not in the HR department. If he wants to access his HR record, he must contact someone in HR, unless the company has a self-service tool, with appropriate access control, to allow the user to access their record directly.

The Attribute Approach

In contrast to the RBAC example, attribute-based access control (ABAC) takes a very different approach to authorization. Access to protected resources is based on a user’s having specific attributes—for example, name, date of birth, hire date, address, phone number, job title. This allows a much more fine-grained access control approach that combines not only user attributes but other data, such as location (IP address or GPS) and time of day, in the access control decision. It allows unprecedented control of access to restricted resources based on fine- grained attributes evaluated at runtime. Rather than just using the role of a user to decide whether or not to grant them access to a system or protected resource, ABAC can combine multiple attributes to make a context-aware decision in regard to individual requests for access.

Privacy Considerations

A rules-based approach to access control can leverage identity attributes to incorporate privacy requirements such as:

Data minimization, where only personal data that is required for the provision of the requested product and service should be collected by an organization. It is not permissible to collect data that “might be” useful at some point in the future.
Ensuring that anonymity is preserved if a person’s identity is not needed for a It is only permissible to identity someone if doing so is required for the requested transaction.
Restrictions on outsourcing personal data (e.g., several jurisdictions expressly prohibit personal data disclosure to a jurisdiction without similar privacy legislation)
Enforcing use of personal data for only the express purpose for which it was collected and ensuring that any secondary purpose includes the collection of the individual’s consent
Ensuring government identifiers are not used for indexing
Ensuring identity data is periodically updated to maintain its currency or is If effort is not put into refreshing identity data on members of the public, in most jurisdictions it is illegal to keep this data.

ABAC holds significant promise for organizations that have a good identity management environment; it allows access to protected resources to be more fine-grained. That means that better overall security and improved data protection are achieved, and data governance is improved.

ABAC Example

There are various approaches to ABAC, but they all rely on a rich data store of attributes generally aggregated from multiple authoritative sources. The core principle is to adhere to a published policy that determines the attributes required to gain access to protected resources.

In the ABAC example shown in Figure 4.5, John will again get access to the finance application because he’s in the finance department, but only on a view basis because that’s all an F1** job code allows. He is also restricted to access during business hours. The access control system will allow him to access the PMO application but only the Ottawa projects.

Figure 4.5: ABAC example

While John can’t modify an HR system record, the use of ABAC supports a more fine-grained access to the application that allows him to view his own HR record. For HR staff, access can be segmented to roles; for example, if an HR person has a recruiting job function, they should get access to the recruiting subsystem; HR managers would get access as an administrator.

The benefits of an ABAC approach are significant:

Access decisions are centrally managed via policies rather than by individual application managers. This means that they are consistent across the organization, and administered by business managers rather than controlled by IT personnel.
Software development is simplified by the removal of access control logic and the incorporation of “policy enforcement point” code, which externalizes the access decision to a “policy decision point.”
Decisions are made at runtime based on attributes that can be combined to form fine-grained decisions; changes in access status are immediately recognized when attributes are updated.

From a business viewpoint, this means a vastly reduced risk profile; access rights will be modified as soon as the source system reflects the change. No longer will “old permissions” stay in the system when an attribute changes or a staff member leaves the organization’s employ. Access rights are no longer based on access control lists that require manual intervention in order to be updated.

It also means lower costs: without manual intervention, there are no recurring costs for updating system access rights. Another benefit is that software development is less expensive because ABAC removes the cost of developing sophisticated access control logic from applications.

There are several considerations when moving to an attribute-based access control environment, and some challenges as well. First, a mature identity and access management environment is a prerequisite because ABAC requires a robust data model with predefined “authoritative sources” and efficient “source of truth” repositories for all attributes. Authentication is a mission-critical service; it must be highly available, and it cannot tolerate excessive network latency. This means that in some cases, a synchronization business model might be required whereby remote data stores are synchronized to a local directory or database.

Historical Note

It is useful to review the history of RBAC and ABAC.

Back in 1992, the US National Computer Security Conference issued a best practice document on RBAC, and in 1995 NIST issued an ITL bulletin indicating how RBAC should be implemented. The intent was to bring some commonality to the business processes associated with access control. These documents represent a seminal endorsement of the RBAC approach to access control.

In 2014 NIST issued SP-800 162 to provide best-practice guidelines for ABAC. The document provides a high-level view of ABAC and emphasizes the benefits associated with fine-grained access control. NIST has not endorsed any one ABAC protocol. While recognizing XACML as the most widely deployed protocol, NIST strongly supports what it calls Next Generation Access Control (NGAC) and has contributed to a functional architecture to support this approach, released as ANSI INCITS 499-2013.

APAM: An ABAC Implementation

ABAC has been with us for many years; it embodies a wide range of systems that control access to protected resources based on the attributes of the requesting party. As the field has developed, there are three characteristics that are most desirable in an ABAC system:

It should externalize decision-making (i.e., not require applications to maintain their own access control logic).
It should be adaptive (i.e., decisions are made in real time).
It should be policy-based (i.e., access permissions should be determined based on evaluation of access control policies).
It should be more than just control: business units become enabled to “manage” user’s access control.

Adaptive policy-based access management (APAM) is a better term to describe a system that embodies these characteristics. It’s adaptive because policies are evaluated at runtime, it’s policy-based, and it’s more than just access control: it’s access management.

Attribute-based systems have several advantages: First, decisions are externalized to dedicated infrastructure that performs the policy evaluation. Decisions are also more fine-grained: if a user is a department manager, an APAM system can also check a user’s department code and so decide, for instance, whether or not to give them access to the financial management system. It can check whether or not they are using their registered smartphone, and it can determine the time of day to make decisions that reduce the risk associated with an access request. Such systems are usually managed via a set of policies that allow business units to determine, for instance, whether or not they want to allow access from a smartphone, and if they do, to elevate the authorization level by using a two-factor mechanism.

The benefits are obvious: no longer are we dependent upon someone in IT to update an AD group, and more sophisticated decisions are possible. APAM systems are also real time. As soon as HR updates a person’s position, their permissions are modified. The very next access request will be evaluated against the same policy set, but the new attributes may return a different decision.

The Configuration

To exploit the potential of APAM, it is necessary to augment one’s IAM infrastructure to include a couple of additional items. Figure 4.6 shows a typical APAM configuration.

Figure 4.6: APAM configuration

The directory store migrates to an “information point,” which provides the necessary data for the decision point to render a permit or deny decision. These decisions are interpreted by the enforcement point, a piece of code that sits on the Web server and controls access to the application in question.

Next time: The Query-Response Language. Want to learn more now? Buy Graham's book today at the MC Press Bookstore.

Graham Williamson is an identity management consultant in Brisbane, Australia. He has 27 years of experience in the IT industry, with expertise in identity management, electronic directories, public key infrastructure, smart card technology, and enterprise architecture. He is a coauthor of Identity Management: A Primer and the author of Identity Management: A Business Perspective.

MC Press books written by Graham Williamson available now on the MC Press Bookstore.


		Identity Management: A Business Perspective Understand all facets of identity management and how to leverage identity data for access control. List Price $49.95 Now On Sale

		Identity Management: A Primer Get a comprehensive overview of the elements required for a properly planned identity environment. List Price $49.95 Now On Sale

Also Read

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Book Reviews

Book Review: Extract, Transform, and Load with SSIS

Do your business apps access different data sources? This book shows you how to make that task easier
Book Review: 21st Century RPG: /Free, ILE, and MVC

David Shirey’s first book is an educational and entertaining read for “modern” and “old” RPG programmers alike
Book Review: Developing Business Applications for the Web--With HTML, CSS, JSP, PHP, ASP.NET, and JavaScript

If you are ready to get into Web application development, take this book along as your guide
Book Review: DB2 10.5 Fundamentals for LUW: Certification Study Guide (Exam 615)

DBAs who use the book will find it very helpful first in their test study and later as a reference book.
Book Review: DB2 11 for z/OS Database Administration—Certification Study Guide

This is a well-written DB2 11 book that could easily stand on its own as a reference manual, not just a certification guide.
Book Review: Free-Format RPG IV, Third Edition

Jim Martin comes through for us again.
Book Review: IBM i Security Administration and Compliance, Second Edition
Book Review: Programming in ILE RPG, Fifth Edition

This book really hits the mark and is a must-read for all RPG developers.
Book Review: DB2 10.1/10.5 for Linux, UNIX, and Windows Database Administration: Certification Guide
Book Review: Subfiles in Free-Format RPG

Whether you're a newbie or a seasoned pro, this book has something for you.
Book Review: Evolve Your RPG Coding: Move from OPM to ILE ... and Beyond

This book provides an amazingly comprehensive introduction to the concepts while at the same time delivering enough technical detail to make you productive very quickly.
Book Review: Database Design and SQL for DB2
Book Review: The Chief Data Officer Handbook for Data Governance

When implemented appropriately, data governance is a powerful framework.
Book Review: DB2 10 for z/OS: The Smarter, Faster Way to Upgrade

Trying to figure out whether to upgrade? Read on.
Book Review: 5 Keys to Business Analytics Program Success
Book Review: DB2 11: The Ultimate Database for Cloud, Analytics, and Mobile
Book Review: Flexible Input, Dazzling Output with IBM i

Today, it's all about input and output. Getting data into the IBM i from non-traditional sources and then displaying it back out again in varied formats. But where can you go to learn all that you need to know about this critical skill?
Book Review: Advanced Guide to PHP on IBM i

Enterprise-level PHP skills and techniques have been adapted for IBM i developers in Kevin Schroeder's new book.
Book Review: Java for RPG Programmers

If you've been putting off learning Java, you have no excuse anymore!
Book Review: DB2 10.1 Fundamentals: Certification Study Guide

Too valuable to be classified as merely excellent certification material, this book should also rightly take its place on DB2 DBA bookshelves as a solid day-to-day DB2 reference.
Book Review: DB2 10 for Z/OS Database Administration: Certification Study Guide

Whether you're trying to get certified or you just need a great reference book, this is the book for you.
Book Review: Developing Web 2.0 Applications with EGL for IBM i

It's everything you need to know, from the bottom up.
Book Review: Advanced Integrated RPG

Isn't it about time somebody told us how to integrate RPG and Java?
Book Review: Managing Without Walls

If you manage remote or satellite teams, this book is a must-read!
Book Review: Managing Without Walls

If you manage remote or satellite teams, this book is a must-read!
Book Review: The Remote System Explorer

This book speaks directly to the thousands of IBM i programmers who develop in RPG, COBOL, CL, and DDS every day.
Book Review: IBM System i APIs at Work, Second Edition

API expert Bruce Vining delivers the only comprehensive guide to APIs.
Book Review: Functions in Free-Format RPG IV

This one short volume manages to essentially be both a general introduction and a detailed reference.
Book Review: DB2 11: The Database for Big Data and Analytics
Book Review: IBM Mainframe Security: Beyond the Basics

Beginners will have a strong foundation after reading this book. Experienced professionals will reference it frequently.
Book Review: IBM InfoSphere: A Platform for Big Data Governance and Process Data Governance

Find out how IBM is addressing the challenges of big data.
Book Review: Fundamentals of Technology Project Management

Projects can be overwhelming, but taken in small, deliberate steps, all projects are achievable.
Book Review: Customer Experience Analytics

Use CEA as a strategic weapon to stay ahead of your competitors.
Book Review: Big Data Analytics: Disruptive Technologies for Changing the Game

The disciplines of data analytics are evolving to meet the new challenges of big data.
Book Review: IBM i Security: Administration and Compliance

If you have any interest in IBM i security, whether as an administrator, a programmer, or an auditor, then this book is the perfect resource.
Book Review: DB2 9.7 for Linux, UNIX, and Windows Database Administration (Exam 541)

This book, written by the creator of the certification exam, reveals exactly what you'll need to know to prep for the test.
Book Review: Selling Information Governance to the Business

Who governs the information that runs your company?
Book Review: You Want to Do WHAT with PHP?

If you're serious about programming in PHP, get a book that treats you that way.
Book Review: The IBM i Programmer's Guide to PHP

Both a primer and a reference, this book is a must-have for anyone who wants to program in PHP.
Book Review: JavaScript for the Business Developer

There's no faster, easier way to become proficient in JavaScript.
Book Review: SOA for the Business Developer

If you want to know how SOA works in the real world, this is your book.
Book Review: DB2 9 Fundamentals

Whether you want to obtain an IBM certified DB2 professional certification or simply become well-rounded in the fundamental concepts of DB2 and general database theory, this is your book.
Book Review: The Modern RPG IV Language, Fourth Edition

This book isn't a training manual; it's a reference book.

Resource Center

Node.js on IBM i Webinar Series Pt. 2: Setting Up Your Development Tools

Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:
Profound Logic Solution Guide

More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
Power10 Power Hour

IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:
Comply in 5! Well, actually UNDER 5 minutes!!

TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Combating Ransomware: Building a Strategy to Prevent and Detect Attacks

Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Top IBM I Security Vulnerabilities and How to Address Them

IT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.
What Most IBM i Shops Get Wrong About the IFS

Can you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:
Backup and Recovery on IBM i: Your Strategy for the Unexpected

Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Manage IBM i Messages by Exception with Robot

Managing messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:
Easiest Way to Save Money? Stop Printing IBM i Reports

The thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:
Hassle-Free IBM i Operations around the Clock

For over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:
Why Migrate When You Can Modernize?

Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
The Power of Coding in a Low-Code Solution

When it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:
Low Code: A Digital Transformation of Supply Chain and Logistics

Supply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:
Resource Center

The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit
Node Webinar Series Pt. 1: The World of Node.js on IBM i

Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.
IBM i Transformation Risks Every Business Leader Should Know

Join us for this hour-long webcast that will explore:
What to Do When Your AS/400 Talent Retires

IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:

Analytics & Cognitive Categories

Latest Analytics & Cognitive News

Career Catgories

Latest Career News

Cloud Categories

Latest Cloud News

IT Infrastructure Categories

Latest IT Infrastructure News

News Categories

Latest News

Programming Categories

Latest Programming News

Security Categories

Latest Security News

Typography

Share This

ABAC Example

Also Read

LATEST COMMENTS

MC Press Online

Support MC Press Online

Book Reviews

Book Review: Extract, Transform, and Load with SSIS

Book Review: 21st Century RPG: /Free, ILE, and MVC

Book Review: Developing Business Applications for the Web--With HTML, CSS, JSP, PHP, ASP.NET, and JavaScript

Book Review: DB2 10.5 Fundamentals for LUW: Certification Study Guide (Exam 615)

Book Review: DB2 11 for z/OS Database Administration—Certification Study Guide

Book Review: Free-Format RPG IV, Third Edition

Book Review: IBM i Security Administration and Compliance, Second Edition

Book Review: Programming in ILE RPG, Fifth Edition