ACF2

Last updated July 21, 2023

ACF2 (Access Control Facility 2) is a commercial, discretionary access control software security system developed for the MVS (z/OS today), VSE (z/VSE today) and VM (z/VM today) IBM mainframe operating systems by SKK, Inc. Barry Schrager, Eberhard Klemens, and Scott Krueger combined to develop ACF2 at London Life Insurance in London, Ontario in 1978. The "2" was added to the ACF2 name by Cambridge Systems (who had the North American marketing rights for the product) to differentiate it from the prototype, which was developed by Schrager and Klemens at the University of Illinois—the prototype name was ACF.^[1] The "2" also helped to distinguish the product from IBM's ACF/VTAM.

ACF2 was developed in response to IBM's RACF product (developed in 1976), which was IBM's answer to the 1974 SHARE Security and Data Management project's requirement whitepaper. ACF2's design was guided by these requirements, taking a resource-rule oriented approach. Unique to ACF2 were the concepts of "Protection by Default" and resource pattern masking.^[2]

As a result of the competitive tension between RACF and ACF2, IBM matured the SAF (Security Access Facility) interface in MVS (now z/OS), which allowed any security product to process operating system ("OS"), third-party software and application security calls, enabling the mainframe to secure all facets of mainframe operations.

SKK and ACF2 were sold to UCCEL Corporation in 1986, which in turn was purchased by Computer Associates International, Inc. in 1987.^[3] Broadcom Inc. now (2019) markets ACF2 as CA ACF2.

Related Research Articles

IBM mainframes are large computer systems produced by IBM since 1952. During the 1960s and 1970s, IBM dominated the large computer market. Current mainframe computers in IBM's line of business computers are developments of the basic design of the IBM System/360.

Multiple Virtual Storage, more commonly called MVS, is the most commonly used operating system on the System/370, System/390 and IBM Z IBM mainframe computers. IBM developed MVS, along with OS/VS1 and SVS, as a successor to OS/360. It is unrelated to IBM's other mainframe operating system lines, e.g., VSE, VM, TPF.

VSEⁿ is an operating system for IBM mainframe computers, the latest one in the DOS/360 lineage, which originated in 1965.

z/OS is a 64-bit operating system for IBM z/Architecture mainframes, introduced by IBM in October 2000. It derives from and is the successor to OS/390, which in turn was preceded by a string of MVS versions. Like OS/390, z/OS combines a number of formerly separate, related products, some of which are still optional. z/OS has the attributes of modern operating systems, but also retains much of the older functionality originated in the 1960s and still in regular use—z/OS is designed for backward compatibility.

A direct-access storage device (DASD) is a secondary storage device in which "each physical record has a discrete location and a unique address". The term was coined by IBM to describe devices that allowed random access to data, the main examples being drum memory and hard disk drives. Later, optical disc drives and flash memory units are also classified as DASD.

Hercules is a computer emulator allowing software written for IBM mainframe computers and for plug compatible mainframes to run on other types of computer hardware, notably on low-cost personal computers. Development started in 1999 by Roger Bowler, a mainframe systems programmer.

Db2 is a family of data management products, including database servers, developed by IBM. It initially supported the relational model, but was extended to support object–relational features and non-relational structures like JSON and XML. The brand name was originally styled as DB/2, then DB2 until 2017 and finally changed to its present form.

In computing, Interactive System Productivity Facility (ISPF) is a software product for many historic IBM mainframe operating systems and currently the z/OS and z/VM operating systems that run on IBM mainframes. It includes a screen editor, the user interface of which was emulated by some microcomputer editors sold commercially starting in the late 1980s, including SPF/PC.

VM is a family of IBM virtual machine operating systems used on IBM mainframes System/370, System/390, zSeries, System z and compatible systems, including the Hercules emulator for personal computers.

IBM CICS is a family of mixed-language application servers that provide online transaction management and connectivity for applications on IBM mainframe systems under z/OS and z/VSE.

UCCEL Corp, previously called University Computing Company ("UCC"), was a data processing service bureau on the campus of Southern Methodist University in Dallas, Texas. It was founded by the Wyly brothers in 1963. The name change in the mid-1980s was brought about by Gregory Liemandt, placed as CEO by the majority stockholder, a Swiss citizen named Walter Haefner through Careal Holding AG of Zurich.

z/Architecture, initially and briefly called ESA Modal Extensions (ESAME), is IBM's 64-bit complex instruction set computer (CISC) instruction set architecture, implemented by its mainframe computers. IBM introduced its first z/Architecture-based system, the z900, in late 2000. Later z/Architecture systems include the IBM z800, z990, z890, System z9, System z10, zEnterprise 196, zEnterprise 114, zEC12, zBC12, z13, z14, z15 and z16.

OfficeVision was an IBM proprietary office support application.

In computing, a Parallel Sysplex is a cluster of IBM mainframes acting together as a single system image with z/OS. Used for disaster recovery, Parallel Sysplex combines data sharing and parallel computing to allow a cluster of up to 32 systems to share a workload for high performance and high availability.

Basic Assembly Language (BAL) is an extremely restricted assembly language, introduced in 1964 and used on IBM System/360 mainframe systems with only 8 KB of main memory, and only a card reader, a card punch, and a printer for input/output, as part of IBM Basic Programming Support (BPS/360). The Basic Assembler for BAL was also available as part of Basic Operating System/360 (BOS/360).

Connect:Direct—originally named Network Data Mover (NDM)— is a computer software product that transfers files between mainframe computers and/or midrange computers. It was developed for mainframes, with other platforms being added as the product grew. NDM was renamed to Connect:Direct in 1993, following the acquisition of Systems Center, Inc. by Sterling Software. In 1996, Sterling Software executed a public spinoff of a new entity called Sterling Commerce, which consisted of the Communications Software Group (the business unit responsible for marketing the Connect:Direct product and other file transfer products sourced from the pre-1993 Sterling Software (e.g. Connect:Mailbox)) and the Sterling EDI Network business. In 2000, SBC Communications acquired Sterling Commerce and held it until 2010. AT&T merged with SBC effective November 2005. In 2010, IBM completed the purchase of Sterling Commerce from AT&T.

The history of IBM mainframe operating systems is significant within the history of mainframe operating systems, because of IBM's long-standing position as the world's largest hardware supplier of mainframe computers. IBM mainframes run operating systems supplied by IBM and by third parties.

Virtue is a virtual session manager running under IBM's VM.

References

↑ Oral history interview with Barry Schrager, Charles Babbage Institute, University of Minnesota.
↑ Jeffrey Yost, "The Origin and Early History of the Computer Security Software Products Industry," IEEE Annals of the History of Computing 37 no. 2 (2015): 46-58 doi
↑ "SOFTWARE GIANTS PLAN MERGER". Query.nytimes.com. 2 June 1987. Retrieved 21 November 2014.

This security software article is a stub. You can help Wikipedia by expanding it.

This operating-system-related article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Oral history interview with Barry Schrager, Charles Babbage Institute, University of Minnesota.

[2] Jeffrey Yost, "The Origin and Early History of the Computer Security Software Products Industry," IEEE Annals of the History of Computing 37 no. 2 (2015): 46-58 doi

[3] "SOFTWARE GIANTS PLAN MERGER". Query.nytimes.com. 2 June 1987. Retrieved 21 November 2014.

[1]

[2]

[3]

v t e Authentication
Authentication APIs	BSD Authentication (BSD Auth) eAuthentication (eAuth) Generic Security Services API (GSSAPI) Java Authentication and Authorization Service (JAAS) Pluggable Authentication Modules (PAM) Simple Authentication and Security Layer (SASL) Security Support Provider Interface (SSPI) XCert Universal Database API (XUDA)
Authentication protocols	ACF2 Authentication and Key Agreement (AKA) CAVE-based authentication Challenge-Handshake Authentication Protocol (CHAP) MS-CHAP Central Authentication Service (CAS) CRAM-MD5 Diameter Extensible Authentication Protocol (EAP) Host Identity Protocol (HIP) IndieAuth Kerberos LAN Manager NT LAN Manager (NTLM) OAuth OpenID OpenID Connect (OIDC) Password-authenticated key agreement protocols Password Authentication Protocol (PAP) Protected Extensible Authentication Protocol (PEAP) Remote Access Dial In User Service (RADIUS) Resource Access Control Facility (RACF) Secure Remote Password protocol (SRP) TACACS Woo–Lam
Category Commons