<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview[1]
[{$pagename}] refers to the work done by [National Institute of Standards and Technology] ([NIST]) which has many papers on [RBAC]

[{$pagename}] model for [RBAC] was adopted as [American National Standards Institute] [INCITS 359-2004], [International Committee for Information Technology Standards] ([ANSI]/[INCITS]) on February 11, [2004|Year 2004]. [{$pagename}] was revised as [INCITS 359-2012] in [2012|Year 2012].Here are some of the most notable:
* [RBAC] Model - D.F. Ferraiolo and D.R. Kuhn (1992) &quot;[Role Based Access Control|http://csrc.nist.gov/groups/SNS/rbac/documents/ferraiolo-kuhn-92.pdf|target='_blank']&quot; 15th National Computer Security Conference, Oct 13-16, 1992, pp. 554-563. - introduced formal model for role based access control. 
* R. S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. Youman (1996), &quot;[Role-Based Access Control Models|http://csrc.nist.gov/rbac/sandhu96.pdf|target='_blank']&quot;, [IEEE] Computer 29(2): 38-47, [IEEE] Press, 1996.- proposed a framework for [RBAC] models. 
* RBAC Standard - Original proposal: R. Sandhu, D.F. Ferraiolo, D, R. Kuhn (2000), &quot;[The NIST Model for Role Based Access Control; Toward a Unified Standard|http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf|target='_blank'],&quot; Proceedings, 5th ACM Workshop on Role Based Access Control, July 26-27, 2000, Berlin, pp.47-63 - first public draft of the NIST RBAC model and proposal for an [RBAC] standard. 
* Current standard: [American National Standards Institute] 359-2004 is the information technology industry consensus standard for [RBAC]. An explanation of the model used in the standard can be found in the original proposal [The NIST Model for Role Based Access Control; Toward a Unified Standard|http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf|target='_blank']. The official standards document is published by [ANSI] [INCITS]. 
* D.F. Ferraiolo, R. Kuhn, R. Sandhu (2007), &quot;[RBAC Standard Rationale: comments on a Critique of the ANSI Standard on Role Based Access Control|http://csrc.nist.gov/groups/SNS/rbac/documents/ferraiolo-kuhn-sandhu-07.pdf|target='_blank']&quot;, IEEE Security &amp; Privacy, vol. 5, no. 6 (Nov/Dec 2007), pp. 51-53 - explains decisions made in developing RBAC standard. 
* D.R. Kuhn, E.J. Coyne, T.R. Weil, &quot;[Adding Attributes to Role Based Access Control|http://csrc.nist.gov/groups/SNS/rbac/documents/kuhn-coyne-weil-10.pdf|target='_blank']&quot;, IEEE Computer, vol. 43, no. 6 (June, 2010), pp. 79-81. 
* [RBAC] for web services standard: Web applications can use RBAC services defined by the [OASIS] [XACML] Technical Committee (see &quot;[XACML] [RBAC] Profile&quot;). The [XACML] specification describes building blocks from which an [RBAC] solution is constructed. A full example illustrates these building blocks. The specification then discusses how these building blocks may be used to implement the various elements of the RBAC model presented in [ANSI] [INCITS] 359-2004.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Role Based Access Control|https://csrc.nist.gov/projects/role-based-access-control|target='_blank'] - based on information obtained 2017-12-08- 
</pre>