This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
NIST RBAC
NIST RBAC

Version management

Difference between version and

At line 1 added 17 lines
!!! Overview[1]
[{$pagename}] refers to the work done by [National Institute of Standards and Technology] ([NIST]) which has many papers on [RBAC]
[{$pagename}] model for [RBAC] was adopted as [American National Standards Institute] [INCITS 359-2004], [International Committee for Information Technology Standards] ([ANSI]/[INCITS]) on February 11, [2004|Year 2004]. [{$pagename}] was revised as [INCITS 359-2012] in [2012|Year 2012].Here are some of the most notable:
* [RBAC] Model - D.F. Ferraiolo and D.R. Kuhn (1992) "[Role Based Access Control|http://csrc.nist.gov/groups/SNS/rbac/documents/ferraiolo-kuhn-92.pdf|target='_blank']" 15th National Computer Security Conference, Oct 13-16, 1992, pp. 554-563. - introduced formal model for role based access control.
* R. S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. Youman (1996), "[Role-Based Access Control Models|http://csrc.nist.gov/rbac/sandhu96.pdf|target='_blank']", [IEEE] Computer 29(2): 38-47, [IEEE] Press, 1996.- proposed a framework for [RBAC] models.
* RBAC Standard - Original proposal: R. Sandhu, D.F. Ferraiolo, D, R. Kuhn (2000), "[The NIST Model for Role Based Access Control; Toward a Unified Standard|http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf|target='_blank']," Proceedings, 5th ACM Workshop on Role Based Access Control, July 26-27, 2000, Berlin, pp.47-63 - first public draft of the NIST RBAC model and proposal for an [RBAC] standard.
* Current standard: [American National Standards Institute] 359-2004 is the information technology industry consensus standard for [RBAC]. An explanation of the model used in the standard can be found in the original proposal [The NIST Model for Role Based Access Control; Toward a Unified Standard|http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf|target='_blank']. The official standards document is published by [ANSI] [INCITS].
* D.F. Ferraiolo, R. Kuhn, R. Sandhu (2007), "[RBAC Standard Rationale: comments on a Critique of the ANSI Standard on Role Based Access Control|http://csrc.nist.gov/groups/SNS/rbac/documents/ferraiolo-kuhn-sandhu-07.pdf|target='_blank']", IEEE Security & Privacy, vol. 5, no. 6 (Nov/Dec 2007), pp. 51-53 - explains decisions made in developing RBAC standard.
* D.R. Kuhn, E.J. Coyne, T.R. Weil, "[Adding Attributes to Role Based Access Control|http://csrc.nist.gov/groups/SNS/rbac/documents/kuhn-coyne-weil-10.pdf|target='_blank']", IEEE Computer, vol. 43, no. 6 (June, 2010), pp. 79-81.
* [RBAC] for web services standard: Web applications can use RBAC services defined by the [OASIS] [XACML] Technical Committee (see "[XACML] [RBAC] Profile"). The [XACML] specification describes building blocks from which an [RBAC] solution is constructed. A full example illustrates these building blocks. The specification then discusses how these building blocks may be used to implement the various elements of the RBAC model presented in [ANSI] [INCITS] 359-2004.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Role Based Access Control|https://csrc.nist.gov/projects/role-based-access-control|target='_blank'] - based on information obtained 2017-12-08-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop