The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May-June (2013 vol.15)
pp: 14-16
Ed Coyne , DRC
Timothy R. Weil , Coalfire
ABSTRACT
Is it possible to obtain the flexibility and advantages of attribute-based access control while maintaining role-based access control's advantages for analysis and risk control?
INDEX TERMS
Information technology, Network architecture, Access controls, Network security, information technology, attribute-based access control, ABAC, role-based access control, RBAC, attribute-centric access control, role-centric access control, security
CITATION
Ed Coyne, Timothy R. Weil, "ABAC and RBAC: Scalable, Flexible, and Auditable Access Management", IT Professional, vol.15, no. 3, pp. 14-16, May-June 2013, doi:10.1109/MITP.2013.37
REFERENCES
1. D.R. Kuhn, E.J. Coyne, and T.R. Weil, "Adding Attributes to Role Based Access Control," Computer, vol. 43, no. 6, 2010; http://csrc.nist.gov/groups/SNS/rbac/documents kuhn-coyne-weil-10.pdf.
2. ANSI INCITS 359-2012 Information Technology—Role Based Access Control, InterNational Committee for Information Technology Standards (INCITS), May 2012; www.techstreet.com/products1837530.
3. ANSI INCITS 494-2012 Information Technology—Role Based Access Control—Policy-Enhanced, InterNational Committee for Information Technology Standards (INCITS), Aug. 2012; http://webstore.ansi.orgRecordDetail.aspx?sku=INCITS+494-2012.
4. J. Xin, R. Krishnan, and R. Sandhu, "A Role-Based Administration Model for Attributes," Proc. 1st Int'l Workshop Secure and Resilient Architectures and Systems, ACM, 2012, pp. 7–12.
5. "Best Practices in Enterprise Authorization: The RBAC/ABAC Hybrid Approach," white paper, EmpowerID, 2013; http://blog.empowerid.com/Portals/174819/ docsEmpowerID-WhitePaper-RBAC-ABAC-Hybrid-Model.pdf.
29 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool