On 3/8/2012 6:40 AM, Charles Mills wrote:
From a non-technology point of view, we need some sort of industry agreement
on what is good behavior in an authorized program. I am thinking of something
like a standardized set of questions that a vendor could answer and have an
officer certify: "Mr./Ms. Customer, we are asking for APF authorization. I
certify under penalty of fraud that our program uses APF authorization to do
X, and Y, and Z but does not do A, and B, and C."
You have no integrity statement?? Wow! You might consider drafting one...
Here is IBM's you can use as a template:
http://www.ibm.com/systems/z/os/zos/features/racf/zos_integrity_statement.html
--
Edward E Jaffe
Phoenix Software International, Inc
831 Parkview Drive North
El Segundo, CA 90245
310-338-0400 x318
edja...@phoenixsoftware.com
http://www.phoenixsoftware.com/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN