Too Cool for Internet Explorer

External Security Managers for z/OS
Identity and access management tools for the mainframe

IBM’s mainframe operating systems, such as z/OS and z/VM, do not include all the security capabilities that might be expected in a commercial off-the-shelf (COTS) OS. IBM’s approach is for a software package to provide access control services for the OS. This package is known generically as either an external security manager (ESM) or a resident security system (RSS).

Three proprietary software products fulfil this role in z/OS, one from IBM: RACF (a component of the SecureWay Security Server); and two from CA (formerly Computer Associates International): eTrust CA-ACF2 and eTrust CA-Top Secret.

The System Authorization Facility (SAF) provides the standard interface between z/OS and any ESM. SAF is a part of the OS. It receives an access request from a resource manager (RM) and directs control to an organization-specified processing routine (or “exit”) or an ESM or both.

In the nomenclature of the OASIS Access Control TC and others, the z/OS RM is a policy enforcement point and the ESM is a policy decision point.

Each z/OS ESM provides a range of capabilities that meet the basic security needs of its users, including:

RACF

RACF originated on MVS in 1976. In 1996 it was incorporated within IBM’s Security Server for OS/390. In 1999 IBM branded Security Server for OS/390 with the SecureWay name common to a number of security products from both IBM and Tivoli Systems. In 2000, SecureWay Security Server was announced as an element of IBM’s new 64-bit z/OS operating system.

RACF-L Discussion List 

eTrust CA-ACF2

ACF2 was developed by Schrager Klemens and Krueger (SKK) and originally marketed by Cambridge Systems Group. UCCEL Corporation acquired Cambridge and was in turn acquired by CA in 1987.

ACF2-L Discussion List 

eTrust CA-Top Secret

TSS was developed by CGA Software Products Group, which was acquired by CA in 1985. TSS has a “user focused” approach that is unusual across access control services on all platforms



Copyleft & Creative Commons (cc) 2000–2008 Ant: This work is dual-licensed under both ―
GFDL The GNU Free Documentation License   Creative Commons License A Creative Commons Attribution-Noncommercial-Share Alike 3.0 License
URL http://homepage.mac.com/antallan/zosesm.html History Last updated Friday 8 August 2008

Made on a MacBuilt with BBEdit In Association with Amazon.co.uk Valid XHTML 1.0! Valid CSS!