> A) There would be some learning curve involved in implementing it but > you would only have to learn the basics of it once. > > B) There "should" be no additional charge. Not having to maintain > separate authorization paradigms in each product just about has be less > expensive for the vendor. Certainly there would be an initial startup > cost, but that should be able to be amortized in a short time and then > it's all gravy :-)
This was where I was going a few months ago with the idea of integrating RACF into the base VM. Even given the general awfulness of RACF, at that point IBM would have a basic level of function to depend on, and you could always turn it off and/or replace it since there are fairly clean interface divisions. The other security/authorization vendors could easily implement a RACF compatibility layer, if they haven't done so already (assuming they actually start marketing their VM products again...). In any case, yes, it's long past time to get a consistent and common security and authorization paradigm going on VM. A REXX-callable CSL routine to ask would be goodness too.