ACF2
Encyclopedia
ACF2 is a commercial discretionary access control
software security system developed for MVS (z/OS), VSE and VM (z/VM) by SKK, Inc. Barry Schrager, Eberhard Klemens, and Scott Krueger combined to develop ACF2 at London Life Insurance in London, Ontario in 1978. The "2" was added to the ACF2 name by Cambridge Systems (who had the North American marketing rights for the product) to differentiate it from the prototype, which was developed by Schrager and Klemens at the University of Illinois—the prototype name was ACF. The "2" also helped to distinguish the product from ACF/VTAM.
ACF2 was developed in response to IBM's RACF (developed in 1976), which was IBM's answer to the 1974 SHARE Security and Data Management project's requirement whitepaper. ACF2's design was guided by these requirements, taking a resource rule oriented approach. Unique to ACF2 was the concepts of "Protection by Default" and resource pattern masking.
As a result of the competitive tension between RACF and ACF2, IBM matured the SAF (Security Access Facility) interface in MVS (z/OS) which allowed any security product to process OS, 3rd party software and application security calls, enabling the mainframe to secure all facets of mainframe operations.
SKK and ACF2 were sold to UCCEL in 1986, which in turn was purchased by Computer Associates in 1987. CA, Inc. now markets ACF2 as CA ACF2.
Discretionary access control
In computer security, discretionary access control is a kind of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong...
software security system developed for MVS (z/OS), VSE and VM (z/VM) by SKK, Inc. Barry Schrager, Eberhard Klemens, and Scott Krueger combined to develop ACF2 at London Life Insurance in London, Ontario in 1978. The "2" was added to the ACF2 name by Cambridge Systems (who had the North American marketing rights for the product) to differentiate it from the prototype, which was developed by Schrager and Klemens at the University of Illinois—the prototype name was ACF. The "2" also helped to distinguish the product from ACF/VTAM.
ACF2 was developed in response to IBM's RACF (developed in 1976), which was IBM's answer to the 1974 SHARE Security and Data Management project's requirement whitepaper. ACF2's design was guided by these requirements, taking a resource rule oriented approach. Unique to ACF2 was the concepts of "Protection by Default" and resource pattern masking.
As a result of the competitive tension between RACF and ACF2, IBM matured the SAF (Security Access Facility) interface in MVS (z/OS) which allowed any security product to process OS, 3rd party software and application security calls, enabling the mainframe to secure all facets of mainframe operations.
SKK and ACF2 were sold to UCCEL in 1986, which in turn was purchased by Computer Associates in 1987. CA, Inc. now markets ACF2 as CA ACF2.