On Thursday, 04/09/2009 at 03:02 EDT, Richard Troth <vmcow...@gmail.com> wrote: > Hmmm... > If you think about it, all access controls (for a Class G virtual > machine) are mandatory by nature. The virtual machine cannot > discretionarily circumvent those limits which are mandatorily placed > on it by the hypervisor. This would be true for RACF or for any other > ESM ... even "none". (No comments from the man from Endicott.)
Sorry...bzzzt... :-) Those terms are from the system's point of view, not a person's. o "Mandatory" means that there is No Free Will; the system obeys a *policy* that will govern ALL relevant behavior. All other considerations are secondary. The crew is expendable. o "Discretionary" means that, where permitted by policy, a Choice may be made and that Individuals may make the Choice. I think the Oracle (no, not the database) was right: you can't see past the Choices you don't understand, so mandatory controls are required to maintain the Balance. And the reason companies often separate "security" from "system programming" is to ensure that the Balance between "No Problem, Boss!" and "The computer is plugged in - we are at risk" is maintained. Sysprogs are also usually not tasked with the job of saving the company from its own stupidity or ignorance. Alan Altmark z/VM Development IBM Endicott