Identity propagation (to SAF identity)

[pinpan]

Introduction Distributed user identity is not known to the mainframe security system and can't be used for actual access to mainframe resources.

Product requirements

• Match user ID's from the distributed side with the user ID known to the concrete mainframe security system
• Create a mainframe (Zowe) access token or passticket

Technical requirements

• Perform APF authorized call to SAF for user identity propagation
• Use the new OIDC scheme to provide credentials with the southbound call to the mainframe services

Design