[Info-vax] : AUTHORIZE Enhancement

[David Froble]

IanD wrote:
> On Sunday, November 20, 2016 at 6:06:06 PM UTC+11, David Froble wrote:
> 
> <snip>
> 
>> Yep!  Give 'em an inch, and next thing you know, it's 500 miles ....
>>
>> :-)
> 
> Ha ha ha :-)
> 
> As long as those 500 miles advance us, then it's a journey worth the walk (or run or crawl. As long as we move forward)
> 
> I know, I dream a lot about what could be...
> 
> If it was me and I had endless money to burn, I'd actually change the UAF to be something along the lines of enterprise directory
> 
> Why?
> 
> Because I have seen so many companies try and use email as an authorisation nd employee registration tool that it is frightening
> 
> Employee records and authentication are at the heart of every company at least of a certain size upwards yet the schemes used to provide authorization and employee access are all over the place from excel spreadsheets to exchange to SAP to just about anything really
> 
> I've dreamed of VMS getting a foothold into companies through the method of providing a central authentication method but as a central store of information, not just authentication
> 
> UAF as it stands today is so limited it cannot do much else other than look after very rudimentary aspects of VMS authentication and even then it lacks in that department also
> 
> i.e. It has no historical recording in the utility, no comment fields (that are easily accessible), no group accounts or functions that operate on a group of accounts easily, no user extensions (might pose a security risk?), no bulk loading mechanism other than individual account adds in a self written script, not transactional in nature (no rollback). 
> Still octal constrained of all things!
> It is painful to work with as a format (no csv, no json, no xml etc).
> It is not consolidated (i.e. rightslist etc is separate). 
> Not hierarchical and/or does not support chaining of UAF files easily (therefore extremely difficult to have a central store with redundancy at the UAF level), 
> No ability to self manage (i.e hand out next available UIC number from a pool etc). 
> Does not support rules easily and does not support custom rules.
> 
> I doubt it's basic functionality has been touched in a long long time yet the enterprise that it's supposed to be supporting has moved on in the past few decades! 
> 
> I don't care if these things are not implemented overnight but I do care that someone listens and at least considers these things and that they get debated and we don't just sit there thinking VMS UAF in it's current state is good enough to stand VMS in good stead for the years ahead and by extension where we need to take VMS
> 
> My 2c worth on the UAF, lol

AUTHORIZE, as part of the VMS OS, does it's job.  What you appear to be asking 
for goes far beyond access to an OS.  Not saying it isn't a good thing, or 
needed, and such, just saying that it's in reality an application that 
transcends what one might expect for access to an OS.  The fact that people have 
tried to use AUTHORIZE for more than it was ever intended is not the fault of 
AUTHORIZE, it's the fault of those misusing a tool.  You know, square peg and 
round hole, driving a screw with a hammer, driving a nail with a screwdriver, 
and such.

So, if you need something like you're asking for, design and implement it, or 
purchase it, or ....   Just don't say that something that was never intended for 
your purpose is defective.

Just because such a tool would be used for multiple computers, and even multiple 
OSs, sort of implies that it's not just for access to a single computer, which 
is what AUTHORIZE is.