The Community for Technology Leaders
Green Image
Issue No. 01 - January/February (2008 vol. 6)
ISSN: 1540-7993
pp: 84-87
Tim Weil , Booz-Allen-Hamilton
Ed Coyne , Science Applications International Corporation (SAIC)
ABSTRACT
An operational definition for role-based access control (RBAC) is that permission assignment is based on the role a principal is assuming during a work session. The central underlying concept is thus that IT permissions are assigned to roles rather than directly to users. This level of indirection can provide simpler security administration and finer-grained access control policies.System architects have used numerous technical approaches to integrate RBAC with enterprise IT infrastructure, including workflow management systems, XML schemas, databases, Java, and operating systems. Along with the success of these RBAC implementations has come the need to simplify and systematize the means by which developers can evaluate and use role-based technology to exchange access control definitions across diverse security and identity management domains.
INDEX TERMS
role-based access control, RBAC, International Committee for Information Technology Standards (INCITS), RBAC Implementation and Interoperability Standard, Emerging Standards
CITATION
Tim Weil, Ed Coyne, "An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model", IEEE Security & Privacy, vol. 6, no. , pp. 84-87, January/February 2008, doi:10.1109/MSP.2008.2
90 ms
(Ver )