Resource Access Control Facility
Encyclopedia
RACF, short for Resource Access Control Facility, is an IBM
software product. It is a security system that provides access control and auditing functionality for the z/OS
and z/VM
operating system
s. RACF was introduced in 1976.
It fulfills the main features:
RACF establishes security policies
rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time.
RACF has continuously evolved to support such modern security features as digital certificates/public key infrastructure
services, LDAP
interfaces, and case sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix
and Linux
. The underlying zSeries
hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially DB2
Version 8, use RACF to provide multi-level security (MLS).
Its primary competitors have been ACF2
and TopSecret, both now produced by CA, Inc.
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
software product. It is a security system that provides access control and auditing functionality for the z/OS
Z/OS
z/OS is a 64-bit operating system for mainframe computers, produced by IBM. It derives from and is the successor to OS/390, which in turn followed a string of MVS versions.Starting with earliest:*OS/VS2 Release 2 through Release 3.8...
and z/VM
Z/VM
z/VM is the current version in IBM's VM family of virtual machine operating systems. z/VM was first released in October 2000 and remains in active use and development . It is directly based on technology and concepts dating back to the 1960s, with IBM's CP/CMS on the IBM System/360-67...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s. RACF was introduced in 1976.
It fulfills the main features:
- Identification and verification of a user via user id and password check (authentication)
- Protection of resources by maintenance of access rights (authorisation)
- Logging of accesses to protected resources (auditing)
RACF establishes security policies
Policy
A policy is typically described as a principle or rule to guide decisions and achieve rational outcome. The term is not normally used to denote what is actually done, this is normally referred to as either procedure or protocol...
rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time.
RACF has continuously evolved to support such modern security features as digital certificates/public key infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
services, LDAP
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
interfaces, and case sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
and Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
. The underlying zSeries
ZSeries
IBM System z, or earlier IBM eServer zSeries, is a brand name designated by IBM to all its mainframe computers.In 2000, IBM rebranded the existing System/390 to IBM eServer zSeries with the e depicted in IBM's red trademarked symbol, but because no specific machine names were changed for...
hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially DB2
IBM DB2
The IBM DB2 Enterprise Server Edition is a relational model database server developed by IBM. It primarily runs on Unix , Linux, IBM i , z/OS and Windows servers. DB2 also powers the different IBM InfoSphere Warehouse editions...
Version 8, use RACF to provide multi-level security (MLS).
Its primary competitors have been ACF2
ACF2
ACF2 is a commercial discretionary access control software security system developed for MVS , VSE and VM by SKK, Inc. Barry Schrager, Eberhard Klemens, and Scott Krueger combined to develop ACF2 at London Life Insurance in London, Ontario in 1978...
and TopSecret, both now produced by CA, Inc.