IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Under review
Workspace IBM i
Categories Security
Created by Guest
Created on May 28, 2025

RELATED IDEAS

UID for IBM i Digital Certificate Manager

I would like to bring to your attention a potential enhancement opportunity concerning the IBM i Digital Certificate Manager (DCM).

During the process of Certificate Signing Request (CSR) creation, we have observed that there is no available field to include a UID (User Identifier). This limitation could pose compatibility issues when integrating with certain external certificate authorities or systems, where the inclusion of a UID attribute is a standard or mandatory requirement during certificate generation.

Given the increasing number of integrations with external platforms and the growing emphasis on certificate-based authentication, we kindly request that you consider adding support for the UID field as part of the CSR generation process in DCM.

We believe this enhancement would improve the flexibility and interoperability of IBM i’s certificate management capabilities with broader PKI ecosystems.

Thank you for considering this request.

Idea priority Medium
  • Guest
    May 30, 2025
    Thank you for requesting an enhancement to IBM Digital Certificate Manager for i using IBM Ideas.
    To ensure the enhancement is correctly considered for a future enhancement, more information is needed.

    Searching about the UID attribute, I found information which appears to be related to LDAP (Lightweight Directory Access Protocol) names using object identifier 0.9.2342.19200300.100.1.1, but I am unsure what is expected for the content of that attribute and how this enhancement might require improved validation.

    See RFC 4519: Lightweight Directory Access Protocol (LDAP): Schema for User Applications at :
    https://www.rfc-editor.org/rfc/rfc4519.html#page-18

    From my understanding of this information in the RFC, the attribute contains the system login names associated with the object (the system defined in the subject fields).  Each name is one value of this multi-valued attribute which implies many user IDs can be specified; similar to how many domain names can be specified for a Subject Alternative Name.

    UID = "QSECOFR"
    "USER1"
    "MYUSRPRF"
    etc...

    I am not aware of how the certificate is different with a UID field specified, but maybe DCM does not get involved at that level.
    Are there restrictions to how a certificate can be used if the subject information contains a UID field? 
    Would this certificate be used for user authentication instead of assigning to application for TLS?
    Do the user IDs specified need to exist on the system where this certificate is being generated; (meaning DCM would pop-up a list of User IDs on the system for selection)? 
    Or would the input field presented by DCM simply be a free-form text input which allows the administrator to enter any content without validating the string?
    Is there some special verification that needs to be done to ensure the certificate is valid by accessing the content of the UID field; what content is needed for success compared to a failure?

    Please provide more context to ensure the UID field is correctly considered for a future enhancement.

    Thank you for your enhancement suggestion.
    IBM Power Development
    1 reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.