Issue No. 01 - January/February (2008 vol. 6)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.2
Ed Coyne , Science Applications International Corporation (SAIC)
Tim Weil , Booz-Allen-Hamilton
An operational definition for role-based access control (RBAC) is that permission assignment is based on the role a principal is assuming during a work session. The central underlying concept is thus that IT permissions are assigned to roles rather than directly to users. This level of indirection can provide simpler security administration and finer-grained access control policies.System architects have used numerous technical approaches to integrate RBAC with enterprise IT infrastructure, including workflow management systems, XML schemas, databases, Java, and operating systems. Along with the success of these RBAC implementations has come the need to simplify and systematize the means by which developers can evaluate and use role-based technology to exchange access control definitions across diverse security and identity management domains.
role-based access control, RBAC, International Committee for Information Technology Standards (INCITS), RBAC Implementation and Interoperability Standard, Emerging Standards
T. Weil and E. Coyne, "An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model," in IEEE Security & Privacy, vol. 6, no. , pp. 84-87, 2008.