15 | | >From: Anne.Anderson@Sun.COM |
16 | | >To: Robin Cover <robin@isogen.com |
17 | | >Subject: Re: [xacml] ANSI INCITS 359-2004 etc |
18 | | >Date: Tue, 06 Apr 2004 07:32:18 -0400 |
19 | | > |
20 | | >Robin, |
21 | | > |
22 | | >The XACML TC had the opportunity to work with the NIST RBAC team as they |
23 | | >were doing their final review of what has become the ANSI RBAC standard |
24 | | >and as we were developing the XACML Profile for Role Based Access Control. |
25 | | >The XACML RBAC Profile, recently approved by the |
26 | | >XACML TC as a Committee Draft, uses the ANSI terminology and model, and |
27 | | >completely implements the functionality described in the ANSI RBAC standard. |
28 | | >The authors of the ANSI standard are listed in the acknowledgments for the |
29 | | >XACML RBAC Profile. |
30 | | > |
31 | | >I believe the RBAC model described in the ANSI standard is consistent with |
32 | | >consensus modern understandings of RBAC. |
33 | | > |
34 | | >The weakness of the ANSI RBAC standard is in its APIs: they are designed for |
35 | | >small, special-purpose, turnkey systems, and could not be implemented on |
36 | | >top of any modern operating system. The authors of the standard agree with |
37 | | >this, but were eager to get something minimal out and felt it would be years |
38 | | >before they could reach agreement on anything more substantial. The XACML |
39 | | >RBAC profile does not support the ANSI RBAC APIs. |
40 | | > |
41 | | >Anne Anderson |
| 15 | From: Anne.Anderson@Sun.COM |
| 16 | To: Robin Cover <robin@isogen.com |
| 17 | Subject: Re: [xacml] ANSI INCITS 359-2004 etc |
| 18 | Date: Tue, 06 Apr 2004 07:32:18 -0400 |
| 19 | |
| 20 | Robin, |
| 21 | |
| 22 | The XACML TC had the opportunity to work with the NIST RBAC team as they |
| 23 | were doing their final review of what has become the ANSI RBAC standard |
| 24 | and as we were developing the XACML Profile for Role Based Access Control. |
| 25 | The XACML RBAC Profile, recently approved by the |
| 26 | XACML TC as a Committee Draft, uses the ANSI terminology and model, and |
| 27 | completely implements the functionality described in the ANSI RBAC standard. |
| 28 | The authors of the ANSI standard are listed in the acknowledgments for the |
| 29 | XACML RBAC Profile. |
| 30 | |
| 31 | I believe the RBAC model described in the ANSI standard is consistent with |
| 32 | consensus modern understandings of RBAC. |
| 33 | |
| 34 | The weakness of the ANSI RBAC standard is in its APIs: they are designed for |
| 35 | small, special-purpose, turnkey systems, and could not be implemented on |
| 36 | top of any modern operating system. The authors of the standard agree with |
| 37 | this, but were eager to get something minimal out and felt it would be years |
| 38 | before they could reach agreement on anything more substantial. The XACML |
| 39 | RBAC profile does not support the ANSI RBAC APIs. |
| 40 | |
| 41 | Anne Anderson |