Changes between Version 23 and Version 24 of Internal/Rbac/OrbitRbacDesign/OasisRbac


Ignore:
Timestamp:
Sep 18, 2006, 7:11:23 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac/OrbitRbacDesign/OasisRbac

    v23 v24  
    1313
    1414When asked for a comment on ANSI INCITS 359-2004, the XACML committee editor responded [[http://lists.oasis-open.org/archives/xacml/200404/msg00036.html Anne Anderson]]
    15   >From: Anne.Anderson@Sun.COM
    16   >To: Robin Cover <robin@isogen.com
    17   >Subject: Re: [xacml] ANSI INCITS 359-2004 etc
    18   >Date: Tue, 06 Apr 2004 07:32:18 -0400
    19   >
    20   >Robin,
    21   >
    22   >The XACML TC had the opportunity to work with the NIST RBAC team as they
    23   >were doing their final review of what has become the ANSI RBAC standard
    24   >and as we were developing the XACML Profile for Role Based Access Control.
    25   >The XACML RBAC Profile, recently approved by the
    26   >XACML TC as a Committee Draft, uses the ANSI terminology and model, and
    27   >completely implements the functionality described in the ANSI RBAC standard.
    28   >The authors of the ANSI standard are listed in the acknowledgments for the
    29   >XACML RBAC Profile.
    30   >
    31   >I believe the RBAC model described in the ANSI standard is consistent with
    32   >consensus modern understandings of RBAC.
    33   >
    34   >The weakness of the ANSI RBAC standard is in its APIs: they are designed for
    35   >small, special-purpose, turnkey systems, and could not be implemented on
    36   >top of any modern operating system.  The authors of the standard agree with
    37   >this, but were eager to get something minimal out and felt it would be years
    38   >before they could reach agreement on anything more substantial.  The XACML
    39   >RBAC profile does not support the ANSI RBAC APIs.
    40   >
    41   >Anne Anderson
     15   From: Anne.Anderson@Sun.COM
     16  To: Robin Cover <robin@isogen.com
     17  Subject: Re: [xacml] ANSI INCITS 359-2004 etc
     18  Date: Tue, 06 Apr 2004 07:32:18 -0400
     19 
     20  Robin,
     21 
     22  The XACML TC had the opportunity to work with the NIST RBAC team as they
     23  were doing their final review of what has become the ANSI RBAC standard
     24  and as we were developing the XACML Profile for Role Based Access Control.
     25  The XACML RBAC Profile, recently approved by the
     26  XACML TC as a Committee Draft, uses the ANSI terminology and model, and
     27  completely implements the functionality described in the ANSI RBAC standard.
     28  The authors of the ANSI standard are listed in the acknowledgments for the
     29  XACML RBAC Profile.
     30 
     31  I believe the RBAC model described in the ANSI standard is consistent with
     32  consensus modern understandings of RBAC.
     33 
     34  The weakness of the ANSI RBAC standard is in its APIs: they are designed for
     35  small, special-purpose, turnkey systems, and could not be implemented on
     36  top of any modern operating system.  The authors of the standard agree with
     37  this, but were eager to get something minimal out and felt it would be years
     38  before they could reach agreement on anything more substantial.  The XACML
     39  RBAC profile does not support the ANSI RBAC APIs.
     40 
     41  Anne Anderson
    4242
    4343Yao, Moody, and Bacon present a model of OASIS RBAC and its support for active security [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p171-yao.pdf YMB01]].