The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - January/February (2008 vol.6)
pp: 84-87
Ed Coyne , Science Applications International Corporation (SAIC)
Tim Weil , Booz-Allen-Hamilton
ABSTRACT
An operational definition for role-based access control (RBAC) is that permission assignment is based on the role a principal is assuming during a work session. The central underlying concept is thus that IT permissions are assigned to roles rather than directly to users. This level of indirection can provide simpler security administration and finer-grained access control policies.System architects have used numerous technical approaches to integrate RBAC with enterprise IT infrastructure, including workflow management systems, XML schemas, databases, Java, and operating systems. Along with the success of these RBAC implementations has come the need to simplify and systematize the means by which developers can evaluate and use role-based technology to exchange access control definitions across diverse security and identity management domains.
INDEX TERMS
role-based access control, RBAC, International Committee for Information Technology Standards (INCITS), RBAC Implementation and Interoperability Standard, Emerging Standards
CITATION
Ed Coyne, Tim Weil, "An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model", IEEE Security & Privacy, vol.6, no. 1, pp. 84-87, January/February 2008, doi:10.1109/MSP.2008.2
REFERENCES
1. B. Blobel et al., "Modeling Privilege Management and Access Control," Int'l J. Medical Informatics, vol. 75, no. 8, 2006, pp. 597–623.
2. R. Sandhu, D.F. Ferraiolo, and D.R. Kuhn, "The NIST Model for Role-Based Access Control: Towards a Unified Standard," Proc. 5th ACM Workshop on Role-Based Access Control, ACM Press, 2000, pp. 47–63.
3. Role-Based Access Control, ANSI INCITS 359-2004, Int'l Committee for Information Technology Standards (INCITS), Am. Nat'l. Standard for Information Technology (ANSI), Feb. 2004.
4. D.F. Ferraiolo, D.R. Kuhn, and R. Chandramouli, Role-Based Access Control, 2nd ed., Artech House, 2007.
5. E. Coyne and T. Weil, eds., "Role-Based Access Control Implementation Standard," Int'l Committee for Information Technology Standards (INCITS), proposed standard, 2007; http://csrc.nist.gov/rbacdraft-rbac-implementation-std-v01.pdf .
6. Core and Hierarchical Role-Based Access Control (RBAC) Profile of XACML v2.0, Organization for the Advancement of Structured Information Standards (OASIS) standard, Feb. 2005; http://docs.oasis-open.org/xacml/2.0access_control-xacml-2.0-rbac-profile1-spec-os.pdf .
7. T.E. Squair, E. Jamhour, and R.C. Nabhen, "An RBAC-Based Policy Information Base," Proc. IEEE Int'l Workshop Policies for Distributed Systems and Network, IEEE CS Press, 2005, pp. 171–180.
8. ISO/TC 215, Health Informatics, Privilege Management and Access Control—Part 2: Formal Models, draft standard ISO/CD TS 22600-2, Aug. 2005; www.medis.or.jp/iso/wg4doclistWG4_N174_Part3_Access%20control%20management.pdf .
26 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool