Must be a tough market since IBM will give that to you free if you upgrade
In any case the new system allows for external authenticators (exit programs) for many other sorts of added auth, enabling VAR solutions etc.
In all sincerity, it is almost impossible to seriously implement a MFA scenario without OS and hardware assistance to protect the underlying pass/seeds.
For some line of business in the past I've implemented TOTP on the i for some particular RPG application functionality (but the "seeds" were stored in a normal table, totally controlled by a PGM with adopted auth), was functional for our limited case but I'm not sure it will pass the test for "real" security of the stored info, and integration.
TOTP is simple, standard and with little dependencies (a pass and... time, but I guess anyway is hard to avoid that one dependency at the end ; ) ).
I don't like the position of some i.e. external applications nowadays requiring a cell phone, or SMS stuff... now you have created a thing that is difficult to share (say a dept), and maybe requires even a cell contract, plus on a device that is insecure due to complexity and high market for spywares targeting cell phones.
TOTP you can have really dumb hardware (simple, no OS) like credit card sized devices, you click and you get the code and such devices lasts years.
IMHO IBM interpreted correctly such a feature, giving the basics, basic working commands, that should be integrated as per spirit of the system, using RFC 6238 ... pretty neat.
.c
midrange.com
