[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Proposed standard for RBAC. Forwarded message from Rick Kuhn.
------- start of forwarded message ------- From: Rick Kuhn <kuhn@nist.gov> To: Anne.Anderson@sun.com, David Ferraiolo <david.ferraiolo@nist.gov>, Ramaswamy Chandramouli <mouli@nist.gov>, John Barkley <jbarkley@nist.gov>, rbac-info@nist.gov Subject: Re: Proposed standard for RBAC Date: Wed, 16 Apr 2003 15:57:11 -0400 Anne, We would like to discuss this with you in a phone conference. We have Wed - Fri next week available. Would one of those days fit into your schedule? Rick Kuhn At 10:40 AM 4/15/2003 -0400, Anne Anderson wrote: >http://csrc.nist.gov/rbac/ proposes a "voluntary consensus >standard for role based access control", available at >http://csrc.nist.gov/rbac/rbac-std-ncits.pdf > >Have you considered building on the OASIS eXtensible Access >Control Markup Language (XACML)? This was approved as an OASIS >Standard in February of 2003, there are two Open Source >implementations available, and it is receiving generally good >acceptance by the industry. For more information, see >http://www.oasis-open.org/committees/xacml > >XACML supports the Core RBAC role and permission models quite >well: multiple roles per user, multiple users per role, multiple >permissions per role, multiple roles per permission, and >simultaneous exercise of permissions of multiple roles. XACML >does not specify the mechanisms for how role attributes are >assigned to users, but supports all the above models. NIST might >find it advantageous to develop Core RBAC as a profile of XACML, >rather than trying to create yet another language. > >XACML can also support Hierarchical RBAC ("junior" roles acquire >the user membership of their "senior roles". and "senior" roles >acquire the permissions of their "juniors") using XACML's >mechanism for including one set of policies inside another by >reference. NIST again might find it advantageous to profile >XACML to support Hierarchical RBAC. > >I will ask the XACML Co-Chairs, Carlisle Adams (Entrust) and Hal >Lockhart (BEA), to see if we can set up a joint conference call >to discuss ways of working together. Meanwhile, I expect several >XACML members will be reviewing the proposed NIST standard >closely to determine whether there are specific requirements that >XACML is not currently able to handle. > >Yours truly, >Anne Anderson >-- >Anne H. Anderson Email: Anne.Anderson@Sun.COM >Sun Microsystems Laboratories >1 Network Drive,UBUR02-311 Tel: 781/442-0928 >Burlington, MA 01803-0902 USA Fax: 781/442-1692 Rick Kuhn Ph: 301-975-3337, Fax: 301-948-0279 Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 http://csrc.nist.gov/staff/kuhn/rkhome.html ------- end of forwarded message ------- -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]