SAF Security Overview

As the trend towards distributed computing increases, both across platforms within a company and between partners, security of data has become ever more critical. The Entire Net-Work SAF Security Interface (NETSAF) addresses this issue by providing point-of-access verification of incoming requests.

NETSAF (product code WAF) is a separate, optional product for z/OS environments. It allows Entire Net-Work clients to access SAF data sources. Validation is carried out against the SAF repository, thus maximizing the investment that most z/OS sites have made in their mainframe security repository.

The following features minimize the overhead required for the administration, operation, and execution of a mainframe security system:

  • Categorized Access

    For example, all access from mainframe clients can be verified against the same security profile.

  • Locality of Security Checking

    NETSAF can be activated on a link by link basis. For example, an installation may have several Entire Net-Work nodes, of which only one communicates externally. Security checking can be activated for that node alone and only for the external links.