Abstract: In a multi-tiered computing environment, a first program may authenticate with a second program using dynamically-generated public/private key pairs. An authentication token is constructed that includes user information and information about the first program and the second program. The first program then digitally signs the authentication token using the dynamically-generated private key, and sends the authentication token to the second program. The second program then verifies the authentication token using the public key corresponding to the first program. Once verified, the first program is authenticated to the second program. The second program may then authenticate to a next-tier program by constructing an authentication token that includes the information in the authentication token received from the first program.

Abstract: An authenticated identity propagation and translation technique is provided based on a trust relationship between multiple user identification and authentication services resident on different computing components of a multi-component transaction processing computing environment including distributed and mainframe computing components. The technique includes, in one embodiment, forwarding, in association with transaction requests, identified and authenticated user identification and authentication information from a distributed component to a mainframe component, facilitating the selection of the appropriate mainframe user identity with which to execute the mainframe portion of the transaction, and creating the appropriate run-time security context.

Abstract: In a multi-tiered computing environment, a first program may authenticate with a second program using dynamically-generated public/private key pairs. An authentication token is constructed that includes user information and information about the first program and the second program. The first program then digitally signs the authentication token using the dynamically-generated private key, and sends the authentication token to the second program. The second program then verifies the authentication token using the public key corresponding to the first program. Once verified, the first program is authenticated to the second program. The second program may then authenticate to a next-tier program by constructing an authentication token that includes the information in the authentication token received from the first program.