This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model
January/February 2008 (vol. 6 no. 1)
pp. 84-87
Ed Coyne, Science Applications International Corporation (SAIC)
Tim Weil, Booz-Allen-Hamilton
An operational definition for role-based access control (RBAC) is that permission assignment is based on the role a principal is assuming during a work session. The central underlying concept is thus that IT permissions are assigned to roles rather than directly to users. This level of indirection can provide simpler security administration and finer-grained access control policies.System architects have used numerous technical approaches to integrate RBAC with enterprise IT infrastructure, including workflow management systems, XML schemas, databases, Java, and operating systems. Along with the success of these RBAC implementations has come the need to simplify and systematize the means by which developers can evaluate and use role-based technology to exchange access control definitions across diverse security and identity management domains.

1. B. Blobel et al., "Modeling Privilege Management and Access Control," Int'l J. Medical Informatics, vol. 75, no. 8, 2006, pp. 597–623.
2. R. Sandhu, D.F. Ferraiolo, and D.R. Kuhn, "The NIST Model for Role-Based Access Control: Towards a Unified Standard," Proc. 5th ACM Workshop on Role-Based Access Control, ACM Press, 2000, pp. 47–63.
3. Role-Based Access Control, ANSI INCITS 359-2004, Int'l Committee for Information Technology Standards (INCITS), Am. Nat'l. Standard for Information Technology (ANSI), Feb. 2004.
4. D.F. Ferraiolo, D.R. Kuhn, and R. Chandramouli, Role-Based Access Control, 2nd ed., Artech House, 2007.
5. E. Coyne and T. Weil, eds., "Role-Based Access Control Implementation Standard," Int'l Committee for Information Technology Standards (INCITS), proposed standard, 2007; http://csrc.nist.gov/rbacdraft-rbac-implementation-std-v01.pdf .
6. Core and Hierarchical Role-Based Access Control (RBAC) Profile of XACML v2.0, Organization for the Advancement of Structured Information Standards (OASIS) standard, Feb. 2005; http://docs.oasis-open.org/xacml/2.0access_control-xacml-2.0-rbac-profile1-spec-os.pdf .
7. T.E. Squair, E. Jamhour, and R.C. Nabhen, "An RBAC-Based Policy Information Base," Proc. IEEE Int'l Workshop Policies for Distributed Systems and Network, IEEE CS Press, 2005, pp. 171–180.
8. ISO/TC 215, Health Informatics, Privilege Management and Access Control—Part 2: Formal Models, draft standard ISO/CD TS 22600-2, Aug. 2005; www.medis.or.jp/iso/wg4doclistWG4_N174_Part3_Access%20control%20management.pdf .

Index Terms:
role-based access control, RBAC, International Committee for Information Technology Standards (INCITS), RBAC Implementation and Interoperability Standard, Emerging Standards
Citation:
Ed Coyne, Tim Weil, "An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model," IEEE Security & Privacy, vol. 6, no. 1, pp. 84-87, Jan.-Feb. 2008, doi:10.1109/MSP.2008.2
Usage of this product signifies your acceptance of the Terms of Use.