On Mon, 26 Mar 2012 05:31:42 -0500, Josef Boeck <[email protected]> wrote:
>It's possible to sign a program with a certificate. If you enable the >certification this program is verified during LOAD for integrity and you can >be sure as program author >that the program ist the one you created and is not modified. > >If you copy the program from a PDSE to a normal PDS no verification can take >place cause the information nessesary to verify is not kept the PDS. > >As far everithing works as documented. > >My question: Am I able to verify if the program runs as "signed program" and >is verified or if the program runs without verification. I didn't find any >hint in documentation. As far as I know, no, the program cannot tell. It is the administrator's responsibility in the current implementation to determine which programs must be signed and which actions the system should take if one of them is not properly signed. It is also the administrator's responsibility to control access to the libraries containing the programs, and enforce which libraries the users will use to run the programs. The programs are not expected to do their own verification. -- Walt Farrell IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
