| | 13 | |
| | 14 | When asked for a comment on ANSI INCITS 359-2004, the XACML committee editor responded [[http://lists.oasis-open.org/archives/xacml/200404/msg00036.html Anne Anderson]] |
| | 15 | >From: Anne.Anderson@Sun.COM |
| | 16 | >To: Robin Cover <robin@isogen.com |
| | 17 | >Subject: Re: [xacml] ANSI INCITS 359-2004 etc |
| | 18 | >Date: Tue, 06 Apr 2004 07:32:18 -0400 |
| | 19 | > |
| | 20 | >Robin, |
| | 21 | > |
| | 22 | >The XACML TC had the opportunity to work with the NIST RBAC team as they |
| | 23 | >were doing their final review of what has become the ANSI RBAC standard |
| | 24 | >and as we were developing the XACML Profile for Role Based Access Control. |
| | 25 | >The XACML RBAC Profile, recently approved by the |
| | 26 | >XACML TC as a Committee Draft, uses the ANSI terminology and model, and |
| | 27 | >completely implements the functionality described in the ANSI RBAC standard. |
| | 28 | >The authors of the ANSI standard are listed in the acknowledgments for the |
| | 29 | >XACML RBAC Profile. |
| | 30 | > |
| | 31 | >I believe the RBAC model described in the ANSI standard is consistent with |
| | 32 | >consensus modern understandings of RBAC. |
| | 33 | > |
| | 34 | >The weakness of the ANSI RBAC standard is in its APIs: they are designed for |
| | 35 | >small, special-purpose, turnkey systems, and could not be implemented on |
| | 36 | >top of any modern operating system. The authors of the standard agree with |
| | 37 | >this, but were eager to get something minimal out and felt it would be years |
| | 38 | >before they could reach agreement on anything more substantial. The XACML |
| | 39 | >RBAC profile does not support the ANSI RBAC APIs. |
| | 40 | > |
| | 41 | >Anne Anderson |
| | 42 | |
