Mainframe vs. client server
What are the security differences between mainframe (ACF2, RACF, Top Secret) security packages and the distributed, client server environment (i.e., Windows NT, 2000 and Unix) including security admin, authentication, etc.?
This is a hard question to answer. Your question is similar to asking what the difference between REXX and Perl is, or what the differences between XEdit and the Emacs editor are.
ACF2, RACF and so on, are designed for timesharing systems, while the
Windows security packages are designed for a networked environment of many workstations and a few servers.
The Unix systems are more similar to the mainframe ones, because Unix has roots in timesharing. Thus, it has similar ways to express file and object control. In addition, many vendors have multilevel or multilateral version of their Unix systems. There are also add-on packages (like Symark's PowerBroker) that allow delegation, sub-administrators and so on.
All of these systems solve the same problems; they simply are completely different tools. If you are an XEdit user, you may swear at Emacs and vice versa. But they're both text editors, and you can get your job done with either. You will have to do it differently, however. The same is true with the security systems. Ask yourself what problem you're trying to solve. Do you need to allow a group of users to have a set of shared files they can all read and write? You do this differently on UNIX, Windows, or MVS. But you can do it.
This was first published in April 2001