And no one is expecting IBM to give away a full function ESM but one that worked with ALL of IBM's products, ie CMS,GCS,DIRMAINT etc., and provided RACroute communication would be reasonable. I'm thinking along the lines of the Basic Security Manager IBM delivers with VSE. Not the Cadillac of ESMs but 'good enough' so some companies could avoid the expense of Top Secret or some other ESM. With the RACroute interface a good programmer can build a lot of support to fit the company's needs.
-----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] Behalf Of Alan Altmark Sent: Wednesday, December 12, 2007 3:18 PM To: [email protected] Subject: Re: DIRMAINT authentication On Tuesday, 12/11/2007 at 04:05 EST, Jim Bohnsack <[EMAIL PROTECTED]> wrote: > B) There "should" be no additional charge. Not having to maintain > separate authorization paradigms in each product just about has be less > expensive for the vendor. Certainly there would be an initial startup > cost, but that should be able to be amortized in a short time and then > it's all gravy :-) I would expect a free ESM to simply perform the same authorization check that the individual products/features currently have, but have those authorizations in a single place. The more granular checks I proposed would be something a real ESM would handle. Further, there would be no connection to CP. You could, of course, write your own ESM to replace the free one, but make sure that having a "roll your own" security manager is an acceptable policy in your shop. There is no way for IBM to give away a high-functioning ESM. That would undermine the market for ESMs, upsetting both IBM and CA. Alan Altmark z/VM Development IBM Endicott
