Jim wrote:
> At 05:11 PM 13/1/96 CST, Richard Gambrell wrote:
> >I would prefer if the ACD refered to the full jobname,user.account of the
> >Job card, with wildcard support.
>
> The use of jobname would be superfluous since it is not a _security
> mechanism_  - there is no authentication process built into the 3000 that
> checks the links jobname between user.account, nor is there a password for
> jobname.  For those third-party tools that use the jobname, then they may
> need to do the same for job queues (already foretold by Stan's AIF point).
 
Well, this is technically true, but from a more practical viewpoint there are
many sites that do enforce security based on session names through the use
of 3rd party security packages.
 
The problems with securing job queues with ACDs that include session names are
twofold:
 
*) As I think Jim was trying to say, at the time you are going to be checking
the session name against the ACD (at :STREAM time) there is no opportunity
for any security checking to take place on the session name, and I don't think
that most security packages even enforce session name based security for JOBs
anyway.
 
*) More importantly, the current ACD mechanism lacks support for session names
and arbitrary wildcarding, and I think it very unlikely that it will be
changed just for multiple job queues.  If you want to have this level of
security, then it's going to have to be some ugly little ASCII file that
contains the security deffinition, or the 3rd party security packages could
be enhanced to enforce these restrictions for you at :STREAM time.
 
G.
 
P.S. Jim, perhaps you could check with some of the native residents of your
country.  I understand they can tell us a lot about the 'stream time'.