This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Role Engineering: Methods and Standards
Nov.-Dec. 2011 (vol. 13 no. 6)
pp. 54-57
Edward J. Coyne, High Performance Technologies, Inc.
Timothy R. Weil, Raytheon Polar Services
Rick Kuhn, US National Institute of Standards and Technology

Most of today's large firms use some form of role-based access control (RBAC) to support thousands of users and permission controls. Recognizing the need for some commonality among the various RBAC models, the National Institute of Standards and Technology proposed the NIST Model for RBAC in 2000. NIST is now working to update and enhance this standard.

1. A.C. O'Connor and R.J. Loomis, "Economic Analysis of Role-Based Access Control," Research Triangle Inst., Dec. 2010; http://csrc.nist.gov/groups/SNS/rbac/documents 20101219_RBAC2_Final_Report.pdf.
2. "The President," Critical Infrastructure Executive Order 13010, Federal Register, vol. 61, no. 138, 1996; http://frwebgate.access.gpo.gov/cgi-bingetdoc.cgi?dbname=1996_register&docid=fr17jy96-92.pdf .
3. "Presidential Directive 63," Presidential Decision Directive, 22 May 1998; www.fas.org/irp/offdocs/pddpdd-63.htm.
4. "Critical Infrastructure Protection in the Information Age," Executive Order EO13231, 16 Oct. 2001; www.fas.org/irp/offdocs/eoeo-13231.htm.
5. Standard CIP–007–1, Cyber Security—Systems Security Management, North America Electric Reliability Corp., 2009; www.nerc.com/filesCIP-007-1.pdf.
6. K.D. Gordon et al., "Accounting Data Security at JEA Using Role-Based Access Controls," University of North Florida, 2011; http://aaahq.org/AM2011display.cfm?Filename=SubID%5F2382%2Epdf&MIMEType=application%2Fpdf .
7. E.J. Coyne, D.R. Kuhn, and T.R. Weil, "ANSI/INCITS 459-2011," Information Technology: Requirements for the Implementation and Interoperability of Role Based Access Control, Jan. 2011; www.techstreet.com/cgi-bindetail?doc_no=incits|459_2011;product_id=1777986 .
8. D.R. Kuhn, E.J. Coyne, and T.R. Weil, "Adding Attributes to Role Based Access Control," Computer, vol. 43, no. 6, 2010; http://csrc.nist.gov/groups/SNS/rbac/documents kuhn-coyne-weil-10.pdf.

Index Terms:
Keywords: Standards, role-based access control (RBAC), role engineering, information technology
Citation:
Edward J. Coyne, Timothy R. Weil, Rick Kuhn, "Role Engineering: Methods and Standards," IT Professional, vol. 13, no. 6, pp. 54-57, Nov.-Dec. 2011, doi:10.1109/MITP.2011.105
Usage of this product signifies your acceptance of the Terms of Use.