NIST RBAC model: Difference between revisions
Will Faught (talk | contribs) m Added hyphen |
Rescuing 1 sources and tagging 0 as dead. #IABot (v1.6.2) |
||
| Line 27: | Line 27: | ||
and presented at the ACM 5th Workshop on Role Based Access Control. Following debate and comment within the RBAC and security communities, NIST made revisions and proposed a U.S. national standard for RBAC through the INCITS. In 2004, the standard received ballot approval and was adopted as INCITS 359-2004. Sandhu, Ferraiolo, and Kuhn later published an explanation of the design choices in the model. |
and presented at the ACM 5th Workshop on Role Based Access Control. Following debate and comment within the RBAC and security communities, NIST made revisions and proposed a U.S. national standard for RBAC through the INCITS. In 2004, the standard received ballot approval and was adopted as INCITS 359-2004. Sandhu, Ferraiolo, and Kuhn later published an explanation of the design choices in the model. |
||
<ref>{{cite journal |
<ref>{{cite journal |
||
|author = Ferraiolo, D.F., Kuhn, D.R., and Sandhu, R. |
|||
|title = RBAC Standard Rationale: comments on a Critique of the ANSI Standard on Role Based Access Control |
|||
|journal = IEEE Security & Privacy |
|||
|volume = 5 |
|||
|issue = 6 |
|||
|date = Nov–Dec 2007 |
|||
|pages = 51–53 |
|||
|publisher = IEEE Press |
|||
|url = http://csrc.nist.gov/groups/SNS/rbac/documents/ferraiolo-kuhn-sandhu-07.pdf |
|||
|format = [[PDF]] |
|||
|doi = 10.1109/MSP.2007.173 |
|||
|deadurl = yes |
|||
| ⚫ | |||
|archiveurl = https://web.archive.org/web/20080917093137/http://csrc.nist.gov/groups/SNS/rbac/documents/ferraiolo-kuhn-sandhu-07.pdf |
|||
|archivedate = 2008-09-17 |
|||
|df = |
|||
| ⚫ | |||
In 2010, NIST announced a revision to RBAC, incorporating features of attribute-based access control (ABAC). |
In 2010, NIST announced a revision to RBAC, incorporating features of attribute-based access control (ABAC). |
||
<ref>{{cite journal |
<ref>{{cite journal |
||
Revision as of 22:39, 10 February 2018
The NIST RBAC model is a standardized definition of role-based access control. Although originally developed by the National Institute of Standards and Technology, the standard was adopted and is copyrighted and distributed as INCITS 359-2004 by the International Committee for Information Technology Standards (INCITS). The latest version is INCITS 359-2012.[1] It is managed by INCITS committee CS1.
History
In 2000, NIST called for a unified standard for RBAC, integrating the RBAC model published in 1992 by Ferraiolo and Kuhn with the RBAC framework introduced by Sandhu, Coyne, Feinstein, and Youman (1996). This proposal was published by Sandhu, Ferraiolo, and Kuhn [2] and presented at the ACM 5th Workshop on Role Based Access Control. Following debate and comment within the RBAC and security communities, NIST made revisions and proposed a U.S. national standard for RBAC through the INCITS. In 2004, the standard received ballot approval and was adopted as INCITS 359-2004. Sandhu, Ferraiolo, and Kuhn later published an explanation of the design choices in the model. [3] In 2010, NIST announced a revision to RBAC, incorporating features of attribute-based access control (ABAC). [4]
See also
References
- ^ "Information Technology - Role Based Access Control" (PDF). 2012-05-29: 61.
{{cite journal}}: Cite journal requires|journal=(help) - ^ Sandhu, R., Ferraiolo, D.F. and Kuhn, D.R. (July 2000). "The NIST Model for Role Based Access Control: Toward a Unified Standard" (PDF). 5th ACM Workshop Role-Based Access Control. pp. 47–63.
{{cite conference}}: Unknown parameter|booktitle=ignored (|book-title=suggested) (help)CS1 maint: multiple names: authors list (link) - ^ Ferraiolo, D.F., Kuhn, D.R., and Sandhu, R. (Nov–Dec 2007). "RBAC Standard Rationale: comments on a Critique of the ANSI Standard on Role Based Access Control" (PDF). IEEE Security & Privacy. 5 (6). IEEE Press: 51–53. doi:10.1109/MSP.2007.173. Archived from the original (PDF) on 2008-09-17.
{{cite journal}}: Unknown parameter|deadurl=ignored (|url-status=suggested) (help)CS1 maint: multiple names: authors list (link) - ^ Kuhn, D.R., Coyne, E.J., and Weil, T.R. (June 2010). "Adding Attributes to Role Based Access Control" (PDF). IEEE Computer. 43 (6). IEEE Press: 79–81. doi:10.1109/mc.2010.155.
{{cite journal}}: CS1 maint: multiple names: authors list (link)