Changes between Version 24 and Version 25 of Internal/Rbac/OrbitRbacDesign/OasisRbac


Ignore:
Timestamp:
Sep 18, 2006, 7:12:54 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Internal/Rbac/OrbitRbacDesign/OasisRbac

    v24 v25  
    1313
    1414When asked for a comment on ANSI INCITS 359-2004, the XACML committee editor responded [[http://lists.oasis-open.org/archives/xacml/200404/msg00036.html Anne Anderson]]
    15    From: Anne.Anderson@Sun.COM
    16   To: Robin Cover <robin@isogen.com
    17   Subject: Re: [xacml] ANSI INCITS 359-2004 etc
    18   Date: Tue, 06 Apr 2004 07:32:18 -0400
    19  
    20   Robin,
    21  
    22   The XACML TC had the opportunity to work with the NIST RBAC team as they
    23   were doing their final review of what has become the ANSI RBAC standard
    24   and as we were developing the XACML Profile for Role Based Access Control.
    25   The XACML RBAC Profile, recently approved by the
    26   XACML TC as a Committee Draft, uses the ANSI terminology and model, and
    27   completely implements the functionality described in the ANSI RBAC standard.
    28   The authors of the ANSI standard are listed in the acknowledgments for the
    29   XACML RBAC Profile.
    30  
    31   I believe the RBAC model described in the ANSI standard is consistent with
    32   consensus modern understandings of RBAC.
    33  
    34   The weakness of the ANSI RBAC standard is in its APIs: they are designed for
    35   small, special-purpose, turnkey systems, and could not be implemented on
    36   top of any modern operating system.  The authors of the standard agree with
    37   this, but were eager to get something minimal out and felt it would be years
    38   before they could reach agreement on anything more substantial.  The XACML
    39   RBAC profile does not support the ANSI RBAC APIs.
    40  
    41   Anne Anderson
     15{{{
     16From: Anne.Anderson@Sun.COM
     17To: Robin Cover <robin@isogen.com
     18Subject: Re: [xacml] ANSI INCITS 359-2004 etc
     19Date: Tue, 06 Apr 2004 07:32:18 -0400
     20
     21Robin,
     22
     23The XACML TC had the opportunity to work with the NIST RBAC team as they
     24were doing their final review of what has become the ANSI RBAC standard
     25and as we were developing the XACML Profile for Role Based Access Control.
     26The XACML RBAC Profile, recently approved by the
     27XACML TC as a Committee Draft, uses the ANSI terminology and model, and
     28completely implements the functionality described in the ANSI RBAC standard.
     29The authors of the ANSI standard are listed in the acknowledgments for the
     30XACML RBAC Profile.
     31
     32I believe the RBAC model described in the ANSI standard is consistent with
     33consensus modern understandings of RBAC.
     34
     35The weakness of the ANSI RBAC standard is in its APIs: they are designed for
     36small, special-purpose, turnkey systems, and could not be implemented on
     37top of any modern operating system.The authors of the standard agree with
     38this, but were eager to get something minimal out and felt it would be years
     39before they could reach agreement on anything more substantial.The XACML
     40RBAC profile does not support the ANSI RBAC APIs.
     41
     42Anne Anderson
     43}}}
     44
    4245
    4346Yao, Moody, and Bacon present a model of OASIS RBAC and its support for active security [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p171-yao.pdf YMB01]].