IBM Z Hardware and Operating Systems Ideas Portal
This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
consist of 3 different requirements. After looking at the 3 requirements and determining which z/OS component is
responsible for each requirement, we are declining this Idea and ask that you
1) Regarding the requirement "Provide a command to display the certificates that were selected/cached by ATTLS",
AT-TLS is part of the z/OS Communications Server product, so this requirement needs to be evaluated by that
product team. In a recent discussion with the Communications Server team, we learned this requirement is also
included in Idea https://ibm-z-hardware-and-operating-systems.ideas.ibm.com/ideas/ZRACF-I-17, which your
company also opened, and which is currently being evaluated by the Communications Server team. Given that,
please refer to that Idea for the disposition of this requirement.
2) Regarding the requirement "Don't stop processing the keyring after the first match, but rather
process the entire keyring and cache all valid matches". From what we can gather, you are requesting that
System SSL take into account all certificates within a keyring when building the certificate chain. In particular
if an expired certificate is encountered, do not stop processing but continue processing the certificates on the
keyring to determine if there is a suitable certificate to be used. If this is correct, please open a new requirement
requesting System SSL to take into account all certificates and not stop on the first match when the certificate
is expired.
3) Regarding the requirement "If a certificate in the ATTLS cache expires, automatically refresh the keyring", we discussed the
requirement with the Communications Server team. They said they would reject this requirement because many customers
"stage" changes into SAF keyrings before putting the changes into effect for their applications. If AT-TLS were changed to
automatically pick up changes on a keyring, it would remove the ability to do such staging. However, there is an open
requirement to provide a command to cause AT-TLS refresh a keyring without having to modify and refresh the AT-TLS
policy (which is required today). This requirement is consistent with the way many customers manage their keyrings and,
in most cases, it would great simplify the process to achieve the AT-TLS refresh. If you would like to vote for this requirement,
you can do so here: https://ibm-z-hardware-and-operating-systems.ideas.ibm.com/ideas/ZOS-I-429