IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

Clear

RACF

Add Extended key usage parameter to RACDCERT GENCERT command

TLS v1.3 needs clientAuth/serverAuth/any parameter in digital certificate's extended key usage used to, but RACDCERT GENCERT command doesn't have this attribute, and you have to generate this certificate outside of z/OS and then import it.
21 days ago in z/OS / RACF Future consideration

z/OS Unix commands for RACF

Just like ZOAU did with a lot of z/OS functionality it would be useful if RACF had Unix commands, it would be a good opportunity to undo the dumb design descisions the original commands had by not repeating them with the Unix commands as well. I o...
about 1 month ago in z/OS / RACF Not under consideration

option to evaluate the serial number or the hash value of a certificate in a name filter entry

The certificate could be uniquely identified. This is not reliably possible with issuer and subject distinguished name as the only criteria.
about 1 month ago in z/OS / RACF Not under consideration

Ability to create a User ID enabled for Enhanced PassTickets with no password and not subject to revoke logic

We request an enhancement to RACF to allow a user ID enabled for Enhanced PassTickets to operate without a password and without being subject to revoke logic. Our solution relies on a PassTicket‑only technical ID to authenticate storage management...
about 1 month ago in z/OS / RACF Not under consideration

TOD clock correction for passtickets on systems with modified UTC time.

With the "Version 2.3 July 2025 refresh" of Z Multi-Factor Authentication, IBM supplied a new feature referred to as "TOD Clock Time Correction".The TOD Clock Time Correction allows an installation to account for the difference between the system ...
about 2 months ago in z/OS / RACF Not under consideration

Make R_ADMIN consistent. Creating a the command line string gives an invalid string

I want to recreate the profiles for various RACF profiles. I can use R_ADMIN EXTRACT to get the information into memory. I can blindly copy all the fields into the structure required for ADMN_ADD_USER. I specify • '10000000'b – ADMN_FLAGS_NORUN – ...
2 months ago in z/OS / RACF Not under consideration

supervisor state is too strong for non update request to r_admin

I want to pass in a structure of definitions, and get back the RACF command that is generated - without issuing the command. There is no update ... just a string generated I want to use User administration, add user, and set the bits A series of o...
2 months ago in z/OS / RACF Future consideration

Warning message when set resource audit when its class is not in audit mode

In order to warn to security administrators to know that this resource audit will not be recorded, because the racf class which it belongs, is not in setropts audit.
2 months ago in z/OS / RACF Not under consideration

Support for multiple DNS, IP and EMAIL fields in RACDCERT GENCERT

Why is it useful? This is not just useful—it is absolutely essential for DB2 data sharing environments that run secure JDBC connections with the following settings: enableSysplexWLB=TRUE sslConnection=TRUE sslClientHostnameValidation=TRUE (default...
3 months ago in z/OS / RACF Not under consideration

Support for multiple DNS, IP and EMAIL fields in RACDCERT GENCERT

Why is it useful? This is not just useful—it is absolutely essential for DB2 data sharing environments that run secure JDBC connections with the following settings: enableSysplexWLB=TRUE sslConnection=TRUE sslClientHostnameValidation=TRUE (default...
3 months ago in z/OS / RACF Not under consideration

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.