ACF2 (Access Control Facility) is a commercial, discretionary access control software security system developed for the MVS (z/OS), VSE (z/VSE) and VM (z/VM) IBM mainframe operating systems by SKK, Inc. Barry Schrager, Eberhard Klemens, and Scott Krueger combined to develop ACF2 at London Life Insurance in London, Ontario in 1978. The "2" was added to the ACF2 name by Cambridge Systems (who had the North American marketing rights for the product) to differentiate it from the prototype, which was developed by Schrager and Klemens at the University of Illinois—the prototype name was ACF. The "2" also helped to distinguish the product from IBM's ACF/VTAM.
ACF2 was developed in response to IBM's RACF product (developed in 1976), which was IBM's answer to the 1974 SHARE Security and Data Management project's requirement whitepaper. ACF2's design was guided by these requirements, taking a resource rule oriented approach. Unique to ACF2 were the concepts of "Protection by Default" and resource pattern masking.
As a result of the competitive tension between RACF and ACF2, IBM matured the SAF (Security Access Facility) interface in MVS (z/OS), which allowed any security product to process OS, third-party software and application security calls, enabling the mainframe to secure all facets of mainframe operations.
- Oral history interview with Barry Schrager, Charles Babbage Institute, University of Minnesota.
- Jeffrey Yost, "The Origin and Early History of the Computer Security Software Products Industry," IEEE Annals of the History of Computing 37 no. 2 (2015): 46-58 doi
- "SOFTWARE GIANTS PLAN MERGER". Query.nytimes.com. 2 June 1987. Retrieved 21 November 2014.