Overview[1]#
NIST RBAC refers to the work done by National Institute of Standards and Technology (NIST) which has many papers on RBACNIST RBAC model for RBAC was adopted as American National Standards Institute INCITS 359-2004, International Committee for Information Technology Standards (ANSI/INCITS) on February 11, 2004. NIST RBAC was revised as INCITS 359-2012 in 2012.Here are some of the most notable:
- RBAC Model - D.F. Ferraiolo and D.R. Kuhn (1992) "Role Based Access Control
" 15th National Computer Security Conference, Oct 13-16, 1992, pp. 554-563. - introduced formal model for role based access control.
- R. S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. Youman (1996), "Role-Based Access Control Models", IEEE Computer 29(2): 38-47, IEEE Press, 1996.- proposed a framework for RBAC models.
- RBAC Standard - Original proposal: R. Sandhu, D.F. Ferraiolo, D, R. Kuhn (2000), "The NIST Model for Role Based Access Control; Toward a Unified Standard," Proceedings, 5th ACM Workshop on Role Based Access Control, July 26-27, 2000, Berlin, pp.47-63 - first public draft of the NIST RBAC model and proposal for an RBAC standard.
- Current standard: American National Standards Institute 359-2004 is the information technology industry consensus standard for RBAC. An explanation of the model used in the standard can be found in the original proposal The NIST Model for Role Based Access Control; Toward a Unified Standard. The official standards document is published by ANSI INCITS.
- D.F. Ferraiolo, R. Kuhn, R. Sandhu (2007), "RBAC Standard Rationale: comments on a Critique of the ANSI Standard on Role Based Access Control", IEEE Security & Privacy, vol. 5, no. 6 (Nov/Dec 2007), pp. 51-53 - explains decisions made in developing RBAC standard.
- D.R. Kuhn, E.J. Coyne, T.R. Weil, "Adding Attributes to Role Based Access Control", IEEE Computer, vol. 43, no. 6 (June, 2010), pp. 79-81.
- RBAC for web services standard: Web applications can use RBAC services defined by the OASIS XACML Technical Committee (see "XACML RBAC Profile"). The XACML specification describes building blocks from which an RBAC solution is constructed. A full example illustrates these building blocks. The specification then discusses how these building blocks may be used to implement the various elements of the RBAC model presented in ANSI INCITS 359-2004.
More Information#
There might be more information for this subject on one of the following:- [#1] - Role Based Access Control - based on information obtained 2017-12-08-