The Physical Location Identifier (PLId) determines the restrictions applied according to the location of a user.
The PLId identifies uniquely the physical location from which a user has attempted logon. A port number is not sufficient, firstly because the port may be connected across a network and therefore the port number may not be unique, and secondly, because there is no guarantee that a connection to a network host from a given location will always be allocated the same port number as port numbers are assigned dynamically at connection time.
The information received in a connection request allows the system to determine the physical location of the originator and construct the Physical Location Identifier (PLId).
The network profile defines the security and other characteristics always applied for a particular PLId or group of PLIds. This can include:
See NETWORK File Maintenance Options for details of setting up this information using SSM option 1.
The format of each PLId is connection-type dependent, but in each case it is designed to reflect the originator's location in a structured way. It consists of a variable number of fields separated by hyphens. The leftmost field specifies the connection type, the next field, a general area, the next field, a more specific area, and so on.
Examples of PLId formats are given in the table below.
| Format | Example |
|---|---|
| CHAR2-Address-Port | CHAR2-152.114.132.39-1100 |
| CHAR-Address-Port | CHAR-49000100112233445501-0203 |
| INET-Address-Session | INET-98.72.0C.0C-2 |
| MPS-Address-Port | MPS-001122334455-0005 |
| NETX-Address | NETX-1442987654 |
| NT-SerialNo-con | NT-123456-con |
| NT-SerialNo-SessionNo | NT-123456-0123 |
| PLAN-SerialNo-Port | PLAN-004000-0012 |
| SLAN-Address-Port | SLAN-56A9D3EE6B27-0426 |
| TNET-Location | TNET-008023050F27-0003 |
| TSRV-Address-Port | TSRV-008023050F27-0008 |
| TYM-Node-Host-Port | TYM-309951-0033-0078 |
| UNET-SerialNo-Name | UNET-200433-support.port11 |
| UNIX-SerialNo | UNIX-123456 |
| UNIX-SerialNo-Port | UNIX-123456-tty06 |
| UNIX-SerialNo-rtSsPp | UNIX-123456-rt0102 |
| UPROC-SerialNo-Process | UPROC-123456-3751 |
|
X25-Address |
|
Refer to Location-Based Security for descriptions of these PLId formats.
There are instances where, in addition to specifying a security profile for a particular location, you may wish to specify a profile for a more general class of location. You achieve this by removing the most specific fields from the PLId until you arrive at the desired level of generality. The resultant item-id is called a partial PLId. For example, for the PLId:
TYM-309951-0033-0078
You could define the following partial PLIds with increasing levels of generality:
TYM-309951-0033
TYM-309951
TYM
You could define items in the NETWORK file for the complete PLId or for some or all of the partial PLIds. The security system always searches for the most specific PLId first, then eliminates fields from the right to search for more general PLIds.
Because the PLId is a fairly unwieldy collection of letters and digits and many existing applications based on port number expect an integer value, each PLId is mapped via the NETWORK file to a Consistent Circuit Identifier (CCI), which is a signed 16-bit integer value (0 - 32767). This means that the CCI can be tailored to user requirement and is flexible enough to provide an easy upgrade for users wishing to migrate their existing applications to a networked environment by using an identifier with a format consistent with port number.
The mapping of PLId to CCI can be one to one, or many to one (that is, one or more related PLIds can map to a single CCI), allowing the option of giving physically close locations the same logical identifier.
When an incoming network call is received, it is allocated a PLId. Only one PLId is associated with any location and that same PLId is always allocated to a call from that location, so that the PLId is unique and consistent.
The system uses the entire PLId as a key (item-id) to access the NETWORK file to find the corresponding network profile for this PLId. If a match is found (that is, an item exists with that name), the CCI contained in that profile is allocated to that connection. If no match is found, the least significant (rightmost) field of the PLId is dropped, and what is left (representing a less specific network location) is used for another lookup attempt. This continues until a match is found. If the key becomes exhausted and a match is not found, then a default CCI of -1 (X'FFFF') is allocated to the process.