Validation list objects

Validation list objects provide a method for applications to securely store user authentication information.

You can use validation list objects to perform the following tasks:

Validation list objects provide a method for applications to securely store user authentication information.

For example, the Internet Connection Server (ICS) uses validation lists to implement the concept of an internet user. Validation lists allow ICS to perform basic authentication before a web page is served. Basic authentication requires users to provide some type of authentication information, such as a password, PIN, or account number. The name of the user and the authentication information can be stored securely in a validation list. The ICS can use the information from the validation list rather than require all users of the ICS to have a system user ID and password.

An internet user can be permitted or denied access to the system from the web server. The user, however, has no authority to any system resources or authority to signon or run jobs. A system user profile is never created for the internet users.

Validation list objects are available for all applications to use. For example, if an application requires a password, the application passwords can be stored in a validation list object rather than a database file. The application can use the validation list APIs to verify user passwords, which are encrypted, rather than the application performing the verification itself.

For more information on validation list objects, see Chapter 7, "Planning the use of validation list objects" in the iSeries™ Security Reference.