The practice of zoning in the fiber channel world has not changed for over 12 years. With the advent of Storage as a Service and so much talk about automation why not take a look at how to automate this painful task.
The easiest way to do this is the below :-
1. Introduce a host name field in the FC-GS specification for name servers
2. When a HBA Driver does a FLOGI it populates this field with the FQDN host name of the server that the HBA is in.
3. On the FC targets [ In an HDS world ] introduce a FQDN field instead of the HBA WWN. Register all FQDN's in each Host Group which will be allowed access to LDEV's in the Host Group
4. When the FC target does a FLOGI it exchanges the associated FQDN's with the name server.
5. As before when initiator requests access to a target the switch looks up the FQDN of the initiator against the set of FQDN's supplied by the target and either allows or rejects the request.
This way the FC switch becomes an entity that requires very little manual intervention if any at all.
For the paranoid one could implement a requirement of Key Exchange between the initiator and the target for authentication.