Movatterモバイル変換

[0]ホーム

Jump to content

Resource Access Control Facility

Edit links

From Wikipedia, the free encyclopedia

Standard security product included in the z/OS operating system

This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Resource Access Control Facility" – news ·newspapers ·books ·scholar ·JSTOR(August 2012) (Learn how and when to remove this message)

Resource Access Control Facility (RACF) is anIBM software security product that provides access control and auditing functions for thez/OS andz/VM operating systems.^[1] RACF was introduced in 1976.^[2] Originally called RACF it was renamed toz/OS Security Server (RACF), although many mainframe professionals still refer to it as RACF.^[3]

Its main features are:^[2]

Identification and verification of a user via user id and password check (authentication)
Identification, classification and protection of system resources
Maintenance of access rights to the protected resources (access control)
Controlling the means of access to protected resources
Logging of accesses to a protected system and protected resources (auditing)

RACF establishes securitypolicies rather than just permission records. It can set permissions for file patterns—that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time.^[4]

Community

[edit]

There is a long established technical support community for RACF based around aLISTSERV operated out of theUniversity of Georgia. The list is calledRACF-L which is described asRACF Discussion List. The email address of the listserv isRACF-L@LISTSERV.UGA.EDU and can also be viewed via a webportal athttps://listserv.uga.edu/scripts/wa-UGA.exe .^[5]^[6]

Books

[edit]

The first text book published (first printing December 2007) aimed at giving security professionals an introduction to the concepts and conventions of how RACF is designed and administered wasMainframe Basics for Security Professionals: Getting Started with RACF by Ori Pomerantz, Barbara Vander Weele, Mark Nelson, and Tim Hahn.^[4]

Evolution

[edit]

RACF has continuously evolved^[7] to support such modern security features asdigital certificates/public key infrastructure services,LDAP interfaces, and case sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such asUnix andLinux. The underlyingzSeries (nowIBM Z) hardware works closely with RACF. For example, digital certificates are protected withintamper-proof cryptographic processors. Major mainframe subsystems, especiallyDb2, use RACF to providemulti-level security (MLS).

Its primary competitors have beenACF2 andTopSecret, both now produced byCA Technologies.^[8]

References

[edit]

^Winnard 1 (December 2015).IBM z/OS V2R2: Security.ISBN 978-0738441276.{{cite book}}: CS1 maint: numeric names: authors list (link)
^^a ^b"IBM RACF".IBM. RetrievedAugust 17, 2012.
^"z/OS Security Server (RACF)".www.ibm.com. 2015-07-02. Retrieved2021-08-06.
^^a ^bOri Pomerantz (2008).Mainframe basics for security professionals: getting started with RACF. Upper Saddle River, NJ: IBM Press.ISBN 978-0-13-173856-0.OCLC 213380831.
^"Internet sources".www.ibm.com. 2013-09-28. Retrieved2021-08-06.
^"LISTSERV - LISTSERV Archives - LISTSERV.UGA.EDU".listserv.uga.edu. Retrieved2021-08-06.
^"IBM RACF - The History of RACF". Archived fromthe original on August 6, 2011. RetrievedAugust 17, 2012.
^Jeffrey Yost, "The Origin and Early History of the Computer Security Software Products Industry,"IEEE Annals of the History of Computing 37 no. 2 (2015): 46-58doi

External links

[edit]

v t e Authentication
Authentication APIs	BSD Authentication (BSD Auth) eAuthentication (eAuth) Generic Security Services API (GSSAPI) Java Authentication and Authorization Service (JAAS) Pluggable Authentication Modules (PAM) Simple Authentication and Security Layer (SASL) Security Support Provider Interface (SSPI) XCert Universal Database API (XUDA)
Authentication protocols	ACF2 Authentication and Key Agreement (AKA) CAVE-based authentication Challenge-Handshake Authentication Protocol (CHAP) MS-CHAP Central Authentication Service (CAS) CRAM-MD5 Diameter Extensible Authentication Protocol (EAP) Host Identity Protocol (HIP) IndieAuth Kerberos LAN Manager NT LAN Manager (NTLM) OAuth OpenID OpenID Connect (OIDC) Password-authenticated key agreement protocols Password Authentication Protocol (PAP) Protected Extensible Authentication Protocol (PEAP) Remote Access Dial In User Service (RADIUS) Resource Access Control Facility (RACF) Secure Remote Password protocol (SRP) TACACS Woo–Lam
Category Commons

Thiscomputer security article is astub. You can help Wikipedia byadding missing information.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Resource_Access_Control_Facility&oldid=1301190675"

Categories:

Hidden categories:

[8]ページ先頭