CICS Transaction Gateway can perform authentication and authorization checks at different points during the processing of requests
Authentication verifies that the user is who they say they are. Depending on topology, authentication can be based on the user ID passed with the ECI request, an SSL client certificate, or a distributed identity (identity propagation).
Authorization verifies that a user is allowed to access a particular resource for a given intent. For example to execute a method in a bean or to update a CICS resource.
The following figure shows the locations in a local mode topology where the system performs authentication and authorization. In this topology, WebSphere Application Server and CICS Transaction Gateway are both running on Windows. The EJB application in WebSphere uses the ECI resource adapter and the Client daemon to access the CICS COMMAREA application.
The following authorization options are available in this topology:
The following data integrity and confidentiality option is available in this topology: