>If the only code that is aimed for zAAP or zIIP is code that would >have run authorized anyway, then no additional exposure is caused by >their use.
zAAPs and zIIPS are different beasts when it comes to what is allowed to run there. There is no need to run authorized to be able to get dispatched on a zAAP. Remember, zAAPs were initially designed so that Java code may get dispatched on them. You surely wouldn't want all JVMs to run authorized to benefit from zAAPs, would you? Different rules have been set in place for zIIPs. They were designed so that eligible SRBs may get dispatched on them. You need to run authorized to be able to schedule SRBs, therefore code that is eligible to run on zIIPs is already authorized code. And if you have "zAAP on zIIP", the even unauthorized code may run on the zIIPs: Code that is eligible to run on zAAPs. -- Peter Hunkeler ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
