Resource Access Control Facility

RACF, [usually pronounced Rack-Eff] short for Resource Access Control Facility, is an IBM software product. It is a security system that provides access control and auditing functionality for the z/OS and z/VM operating systems. RACF was introduced in 1976.^[1]

Its main features are:^[1]

Identification and verification of a user via user id and password check (authentication)
Identification, classification and protection of system resources
Maintenance of access rights to the protected resources (authorization)
Control the means of access to protected resources
Logging of accesses to a protected system and protected resources (auditing)

RACF establishes security policies rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time .

RACF has continuously evolved^[2] to support such modern security features as digital certificates/public key infrastructure services, LDAP interfaces, and case sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix and Linux. The underlying zSeries (now z Systems) hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially DB2 Version 8, use RACF to provide multi-level security (MLS).

Its primary competitors have been ACF2 and TopSecret, both now produced by CA, Inc.^[3]

References

1 2 "IBM RACF". Retrieved August 17, 2012.
↑ "IBM RACF - The History of RACF". Retrieved August 17, 2012.
↑ Jeffrey Yost, "The Origin and Early History of the Computer Security Software Products Industry," IEEE Annals of the History of Computing 37 no. 2 (2015): 46-58 doi

External links

Authentication

Authentication APIs	BSD Authentication (BSD Auth) eAuthentication Generic Security Services API (GSSAPI) Java Authentication and Authorization Service (JAAS) OAuth OpenID OpenID Connect (OIDC) Pluggable Authentication Modules (PAM) Simple Authentication and Security Layer (SASL) Security Support Provider Interface (SSPI) XCert Universal Database API (XUDA)

Authentication protocol	ACF2 AKA CAVE-based authentication Challenge-Handshake Authentication Protocol (CHAP) MS-CHAP Central Authentication Service (CAS) CRAM-MD5 Diameter Extensible Authentication Protocol (EAP) Host Identity Protocol (HIP) Kerberos LAN Manager NT LAN Manager (NTLM) Password-authenticated key agreement protocols Password Authentication Protocol (PAP) Protected Extensible Authentication Protocol (PEAP) Remote Access Dial In User Service (RADIUS) Resource Access Control Facility (RACF) Secure Remote Password protocol (SRP) TACACS Woo–Lam

This article is issued from Wikipedia - version of the 3/17/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.