The External Security Feature (ESF) lets Enterprise Server for .NET rely on other facilities, such as the operating system and LDAP directories, to make security decisions.
These facilities, or External Security Managers, can participate in verifying user credentials, configuring user account properties (user group membership and attributes such as idle timeout), and making resource access decisions - whether a task is allowed a certain level of access to a specific resource, such as a file or program.
ESF includes a security manager which is built into Enterprise Server for .NET, various APIs, and pluggable modules known as ESM modules which are used to communicate with External Security Managers.
Enterprise Server for .NET includes some ESM modules, and others can be developed by Micro Focus, customers, or third parties such as Systems Integrators.
ESF is modeled on IBM's SAF (Secure Access Facility) for zOS, and to some extent on IBM's RACF (which is a SAF provider), but it does not try to provide exact mainframe compatibility. Some mainframe APIs are supported in a fashion similar to those available under zOS.
ESF in Enterprise Server for .NET is based on ESF for the native version of Enterprise Server, but because it is a completely separate implementation (due to the different requirements of Enterprise Server for .NET) it may not always behave identically.
This release supports only a subset of the native ESF features.
For example, note that it does not provide:
This will be improved soon.
(These are mostly used in native ES to support single-sign-on between MFDS and ESMAC. There is no equivalent need in Enterprise Server for .NET.)
It does, however, provide:
Regions can be configured so that application code executes under the identity of the user running the job (for JES) or submitting the transaction (CICS).