On Tuesday, 12/11/2007 at 08:45 EST, David Boyes <[EMAIL PROTECTED]>
wrote:
> This was where I was going a few months ago with the idea of integrating
> RACF into the base VM.
> Even given the general awfulness of RACF, at that
> point IBM would have a basic level of function to depend on, and you
> could always turn it off and/or replace it since there are fairly clean
> interface divisions. The other security/authorization vendors could
> easily implement a RACF compatibility layer, if they haven't done so
> already (assuming they actually start marketing their VM products
> again...).
The interface for authentication, authorization, and audit between a guest
and an ESM is fully defined by RACROUTE. The CP-ESM interface ("ACI") was
updated in z/VM 5.3 to include a RACROUTE REQUEST=AUTH-style of call so
that we could begin to standardize CP requests based on resource class and
resource name. In that way we can implement new requests without having
to change the ACI.
> In any case, yes, it's long past time to get a consistent and common
> security and authorization paradigm going on VM. A REXX-callable CSL
> routine to ask would be goodness too.
The paradigm exists. The problem is that nothing is using it and I have
been derelict in my duty to crack the whip. :-( Git along, li'l
dogies....
Alan Altmark
z/VM Development
IBM Endicott
