So your app/framework stands in for the OS for
authentication/authorization?
I view the app/framework as a supplement to OS authentication/authorization
- not a replacement. I hope that makes sense. Green-screen applications
often supplement with rules which are outside the scope of IBM i object
authorities (i.e. which users can run a menu item, User A may see employee
SSN - not User B).
The first problem being another set of credentials for every user.
Web App/frameworks often include a variety of options for authenticating
users:
1. Against a database of users.
2. Against IBM i user profiles and authentication rules (including disabled
profiles, expired passwords, etc.).
3. Against LDAP directories.
4. Against oAuth realms.
My company provides multi-tenant hosting for K-12 schools and school
districts. My user profile is authenticated against my IBM i user profile.
However, we don't set up IBM i user profiles for students and parents (for
example), because they have no need for services such as ACS, telnet, ssh,
ftp, etc. They're only using browser user interfaces. We set up a user
profile for them in an IBM i table, and authenticate against that.
As an Amazon Associate we earn from qualifying purchases.