Results 1 -
3 of
3
The NIST Model for Role-Based Access Control: Towards A Unified Standard
"... This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas ..."
Abstract
-
Cited by 127 (3 self)
- Add to MetaCart
This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research prototypes. It is intended to serve as a foundation for developing future standards. RBAC is a rich and open-ended technology which is evolving as users, researchers and vendors gain experience with it. The NIST model focuses on those aspects of RBAC for which consensus is available. It is organized into four levels of increasing functional capabilities called at RBAC, hierarchical RBAC, constrained RBAC and symmetric RBAC. These levels are cumulative and each adds exactly one new requirement. An alternate approach comprising at and hierarchical RBAC in an ordered sequence and two unordered features -- constraints and symmetry -- is also presented. The paper furthermore identifies important attributes of RBAC not included in the NIST model. Some are not suitable for inclusion in a consensus document. Others require further work and agreement before standardization is feasible.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way
- In Proceedings of 5th ACM Workshop on Role-Based Access Control
, 2000
"... Information systems of the future will be large-scale, highly decentralized, pervasive, span organizational boundaries and evolve rapidly. Effective security in this cyberspace will require engineering authority and trust relationships across organizations and individuals. In this paper we propose t ..."
Abstract
-
Cited by 26 (12 self)
- Add to MetaCart
Information systems of the future will be large-scale, highly decentralized, pervasive, span organizational boundaries and evolve rapidly. Effective security in this cyberspace will require engineering authority and trust relationships across organizations and individuals. In this paper we propose the four-layer OM-AM framework for this purpose. OM-AM comprises objective, model, architecture and mechanism layers in this sequence. The objective and model (OM) layers articulate what the security objectives and tradeoffs are, while the architecture and mechanism (AM) layers address how to meet these requirements. The hyphen in OM-AM emphasizes the shift from what to how. These layers are roughly analogous to a network protocol stack with a many-to-many relationship between successive layers, and most certainly do not imply a top-down waterfall-style software engineering process. OM-AM is an excellent match to the policy-neutral and flexible nature of role-based access control (RBAC). Th...
