> Bundle RACF??? That might be a blow to the users of VM:Secure and other > ESMs.
Is it? Let's think about that: 1) The major difference between RACF and the alternatives is that all of the alternatives are easier to use, administer, operate and understand. How does bundling RACF change that? 2) Installing RACF or any of the alternatives involves a CP mod. Removing RACF and installing an alternative isn't any more complicated than removing the dummy RPI modules and replacing them with your chosen substitute. 3) How many of the alternatives are getting more than life-support style maintenance? CA doesn't promote VM:Secure any longer (not the "strategic" solution), and ACF2/VM isn't exactly healthy either. What else is left? 4) RACF (with all it's grotesque hideousness) shares (or can share) development costs with the z/OS version. Is it really worth asking IBM to duplicate that effort in CP just to get ESM functionality, or invent something else (implying all the development, testing, documentation and support) when it's a question of figuring out how to license something that already exists? 5) There are a fair number of places where CP and CMS command logging and authorization is inconsistent or REALLY hard to understand (take SFS auth for starters), and a lot of effort is performed to kludge around the absence of an ESM. Even a horrible ESM like RACF is better than no ESM. Why can't we kick up the base level a notch, if there's a fairly easy way to do it? It just strikes me as a waste of effort to keep kludging around with the base CP security model and inventing half a dozen different ways to do command authorization and logging if we can do it by asking IBM to step up the base model with something that doesn't require them to do (and maintain) new development. -- db
