OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Proposed standard for RBAC. Forwarded message from Rick Kuhn.


------- start of forwarded message -------
From: Rick Kuhn <kuhn@nist.gov>
To: Anne.Anderson@sun.com, David Ferraiolo <david.ferraiolo@nist.gov>,
   Ramaswamy Chandramouli <mouli@nist.gov>, John Barkley <jbarkley@nist.gov>,
   rbac-info@nist.gov
Subject: Re: Proposed standard for RBAC
Date: Wed, 16 Apr 2003 15:57:11 -0400

Anne,
We would like to discuss this with you in a phone conference.  We have Wed 
- Fri next week available.  Would one of those days fit into your schedule?
Rick Kuhn

At 10:40 AM 4/15/2003 -0400, Anne Anderson wrote:
>http://csrc.nist.gov/rbac/ proposes a "voluntary consensus
>standard for role based access control", available at
>http://csrc.nist.gov/rbac/rbac-std-ncits.pdf
>
>Have you considered building on the OASIS eXtensible Access
>Control Markup Language (XACML)?  This was approved as an OASIS
>Standard in February of 2003, there are two Open Source
>implementations available, and it is receiving generally good
>acceptance by the industry.  For more information, see
>http://www.oasis-open.org/committees/xacml
>
>XACML supports the Core RBAC role and permission models quite
>well: multiple roles per user, multiple users per role, multiple
>permissions per role, multiple roles per permission, and
>simultaneous exercise of permissions of multiple roles.  XACML
>does not specify the mechanisms for how role attributes are
>assigned to users, but supports all the above models.  NIST might
>find it advantageous to develop Core RBAC as a profile of XACML,
>rather than trying to create yet another language.
>
>XACML can also support Hierarchical RBAC ("junior" roles acquire
>the user membership of their "senior roles". and "senior" roles
>acquire the permissions of their "juniors") using XACML's
>mechanism for including one set of policies inside another by
>reference.  NIST again might find it advantageous to profile
>XACML to support Hierarchical RBAC.
>
>I will ask the XACML Co-Chairs, Carlisle Adams (Entrust) and Hal
>Lockhart (BEA), to see if we can set up a joint conference call
>to discuss ways of working together.  Meanwhile, I expect several
>XACML members will be reviewing the proposed NIST standard
>closely to determine whether there are specific requirements that
>XACML is not currently able to handle.
>
>Yours truly,
>Anne Anderson
>--
>Anne H. Anderson             Email: Anne.Anderson@Sun.COM
>Sun Microsystems Laboratories
>1 Network Drive,UBUR02-311     Tel: 781/442-0928
>Burlington, MA 01803-0902 USA  Fax: 781/442-1692

Rick Kuhn
Ph:  301-975-3337,      Fax: 301-948-0279
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
http://csrc.nist.gov/staff/kuhn/rkhome.html





------- end of forwarded message -------

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]