Paul,
Standing by when you are ready to collaborate on the PE content. In the meantime, some information for your inquiries:
1) When (if) we transition from:
PERMIT(profile1) DSN(sales.data.set.name) ACCESS(ALL) DSKEY(sales.keylabel.name)
PERMIT(profile2) DSN(sales.data.set.addr) ACC(ALL) DSKEY(sales.keylabel.name) and other various similar rules
to
ALTADD(salesdpt) DSN(sales.) DSKEY(sales.keylabel.name)
What happens to all those permits? There could be 2 or 200?
The permits would have to be revoked and permitted without the DSKEY. When a dataset is opened, DFSMS issues an EXTRACT call. CA Top Secret first searches the permits and, if not found, CA Top Secret searches the ownership.
2) Key Rotation - When the current key needs to be replaced with DSKEY(sales.keylabel.newname) do I?
Revoke and PERMIT all those rules with the new label (if still using the permit option)?'
Yes
or
Will ALTADD(salesdpt) DSKEY(sales.keylabel.newname) work?
Yes
Can the doc be updated to clarify that using ALTADD for replacing a key label with a new key label is the correct process to change keys for an application?
Yes
3) There is only one mention of CSFKEYS in this whole document. There is a significant amount of information missing about support for VSAMSMS and it's need to have access to the CSFKEYS resources to assist in VSAM RLS dataset processing when implementing Pervasive Encryption?
While we work to have more information accounted for in the doc, here is some information from IBM that you might find useful related to this:
https://www.ibm.com/support/pages/apar/OA58159
Talk to you soon!
------------------------------
Kris Horgen
Technical Writer
Broadcom
------------------------------
Original Message:
Sent: 04-03-2020 10:55 AM
From: Kris Horgen
Subject: Top Secret Pervasive Encryption - TechDocs
Hi Paul,
This is not a "techdoc," but rather a topic in the end user documentation. I can work with you directly to incorporate what you need. I don't see any contact details for you here in this forum, but my email is kris.horgen@broadcom.com. Looking forward to chatting with you!
-Kris
------------------------------
Kris Horgen
Technical Writer
Broadcom
Original Message:
Sent: 04-02-2020 08:28 PM
From: Paul Sutton
Subject: Top Secret Pervasive Encryption - TechDocs
I located the current "TechDoc" for Top Secret around a Use-Case for Perviasive Encryption. These used to have ID numbers assocaited with them for identification but now it just seems to be a mystery HTML/PDF doc.
How do you identify them, make comments or offer suggestions for improvement?
This one is lacking significant amounts of detail but with no way to identify the document or contact the author?
Here's a few questions not answered in the document:
1) When (if) we transition from:PERMIT(profile1) DSN(sales.data.set.name) ACCESS(ALL) DSKEY(sales.keylabel.name)
PERMIT(profile2) DSN(sales.data.set.addr) ACC(ALL) DSKEY(sales.keylabel.name) and other various similar rules
to
ALTADD(salesdpt) DSN(sales.) DSKEY(sales.keylabel.name)
What happens to all those permits? There could be 2 or 200?
2) Key Rotation - When the current key needs to be replaced with DSKEY(sales.keylabel.newname) do I?Revoke and PERMIT all those rules with the new label (if still using the permit option)?'
or
Will ALTADD(salesdpt) DSKEY(sales.keylabel.newname) work?
Can the doc be updated to clarify that using ALTADD for replacing a key label with a new key label is the correct process to change keys for an application?
3) There is only one mention of CSFKEYS in this whole document. There is a significant amount of information missing about support for VSAMSMS and it's need to have access to the CSFKEYS resources to assist in VSAM RLS dataset processing when implementing Pervasive Encryption?
That is all for now. I hope that you can address the above concerns as well as how do we probperly identify techdocs in general.
Regards,
------------------------------
Paul Sutton
Information Security Engineer
Wells Fargo
------------------------------