Changes between Version 22 and Version 23 of Internal/Rbac/OrbitRbacDesign/OasisRbac


Ignore:
Timestamp:
Sep 18, 2006, 7:09:48 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac/OrbitRbacDesign/OasisRbac

    v22 v23  
    1313
    1414When asked for a comment on ANSI INCITS 359-2004, the XACML committee editor responded [[http://lists.oasis-open.org/archives/xacml/200404/msg00036.html Anne Anderson]]
    15 >From: Anne.Anderson@Sun.COM
    16 >To: Robin Cover <robin@isogen.com
    17 >Subject: Re: [xacml] ANSI INCITS 359-2004 etc
    18 >Date: Tue, 06 Apr 2004 07:32:18 -0400
    19 >
    20 >Robin,
    21 >
    22 >The XACML TC had the opportunity to work with the NIST RBAC team as they
    23 >were doing their final review of what has become the ANSI RBAC standard
    24 >and as we were developing the XACML Profile for Role Based Access Control.
    25 >The XACML RBAC Profile, recently approved by the
    26 >XACML TC as a Committee Draft, uses the ANSI terminology and model, and
    27 >completely implements the functionality described in the ANSI RBAC standard.
    28 >The authors of the ANSI standard are listed in the acknowledgments for the
    29 >XACML RBAC Profile.
    30 >
    31 >I believe the RBAC model described in the ANSI standard is consistent with
    32 >consensus modern understandings of RBAC.
    33 >
    34 >The weakness of the ANSI RBAC standard is in its APIs: they are designed for
    35 >small, special-purpose, turnkey systems, and could not be implemented on
    36 >top of any modern operating system.  The authors of the standard agree with
    37 >this, but were eager to get something minimal out and felt it would be years
    38 >before they could reach agreement on anything more substantial.  The XACML
    39 >RBAC profile does not support the ANSI RBAC APIs.
    40 >
    41 >Anne Anderson
    42 
     15  >From: Anne.Anderson@Sun.COM
     16  >To: Robin Cover <robin@isogen.com
     17  >Subject: Re: [xacml] ANSI INCITS 359-2004 etc
     18  >Date: Tue, 06 Apr 2004 07:32:18 -0400
     19  >
     20  >Robin,
     21  >
     22  >The XACML TC had the opportunity to work with the NIST RBAC team as they
     23  >were doing their final review of what has become the ANSI RBAC standard
     24  >and as we were developing the XACML Profile for Role Based Access Control.
     25  >The XACML RBAC Profile, recently approved by the
     26  >XACML TC as a Committee Draft, uses the ANSI terminology and model, and
     27  >completely implements the functionality described in the ANSI RBAC standard.
     28  >The authors of the ANSI standard are listed in the acknowledgments for the
     29  >XACML RBAC Profile.
     30  >
     31  >I believe the RBAC model described in the ANSI standard is consistent with
     32  >consensus modern understandings of RBAC.
     33  >
     34  >The weakness of the ANSI RBAC standard is in its APIs: they are designed for
     35  >small, special-purpose, turnkey systems, and could not be implemented on
     36  >top of any modern operating system.  The authors of the standard agree with
     37  >this, but were eager to get something minimal out and felt it would be years
     38  >before they could reach agreement on anything more substantial.  The XACML
     39  >RBAC profile does not support the ANSI RBAC APIs.
     40  >
     41  >Anne Anderson
    4342
    4443Yao, Moody, and Bacon present a model of OASIS RBAC and its support for active security [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p171-yao.pdf YMB01]].