1.1 Overview of RACF enhancements In z/OS Version 1 Release 8, z/OS continues to deliver industry leadership for security. Improvements that deliver the kind of security-rich environment that has made z/OS an industry leader include: Support for defining Intrusion Detection Services (IDS) policies in a policy agent configuration file as well as an LDAP server. This provides an IDS policy solution that is consistent with other policy types for those installations that do not have an LDAP infrastructure in place or that prefer using configuration files instead of LDAP. RACF support for password phrases from 14 to 100 characters in length, in addition to the current support for passwords. Password phrases allow for an exponentially greater number of possible combinations of characters and numbers than do passwords. New options for securing tape data sets using the system authorization facility (SAF). These options allow you to: ­ Define profiles to protect data sets on tape using the DATASET class without the need to activate the TAPEDSN option or the TAPEVOL class ­ Specify that all data sets on a tape volume should have common authorization ­ Specify whether users are authorized to overwrite existing files on a tape volume Support for the advanced encryption standard (AES) algorithm for IP Security with a 128-bit key length. Support for SAF identity tokens. The support for SAF identity tokens provides exploiters with increased user accountability and auditability of resources by providing end-to-end auditing that tracks identities used for initial authentication and those used on the current platform.