[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Proposed standard for RBAC
I and other interested members of the XACML TC would like to meet with you on Thursday, April 24, from 10=11am EDT. Conference call number: 512-225-3059 Access code: 65998# There is considerable interest in the TC on this topic, so I expect we will have a good discussion. Thank you! Anne Anderson On 16 April, Rick Kuhn writes: Re: Proposed standard for RBAC > From: Rick Kuhn <kuhn@nist.gov> > To: Anne.Anderson@sun.com, David Ferraiolo <david.ferraiolo@nist.gov>, > Ramaswamy Chandramouli <mouli@nist.gov>, John Barkley <jbarkley@nist.gov>, > rbac-info@nist.gov > Subject: Re: Proposed standard for RBAC > Date: Wed, 16 Apr 2003 15:57:11 -0400 > > Anne, > We would like to discuss this with you in a phone conference. We have Wed > - Fri next week available. Would one of those days fit into your schedule? > Rick Kuhn > > At 10:40 AM 4/15/2003 -0400, Anne Anderson wrote: > >http://csrc.nist.gov/rbac/ proposes a "voluntary consensus > >standard for role based access control", available at > >http://csrc.nist.gov/rbac/rbac-std-ncits.pdf > > > >Have you considered building on the OASIS eXtensible Access > >Control Markup Language (XACML)? This was approved as an OASIS > >Standard in February of 2003, there are two Open Source > >implementations available, and it is receiving generally good > >acceptance by the industry. For more information, see > >http://www.oasis-open.org/committees/xacml > > > >XACML supports the Core RBAC role and permission models quite > >well: multiple roles per user, multiple users per role, multiple > >permissions per role, multiple roles per permission, and > >simultaneous exercise of permissions of multiple roles. XACML > >does not specify the mechanisms for how role attributes are > >assigned to users, but supports all the above models. NIST might > >find it advantageous to develop Core RBAC as a profile of XACML, > >rather than trying to create yet another language. > > > >XACML can also support Hierarchical RBAC ("junior" roles acquire > >the user membership of their "senior roles". and "senior" roles > >acquire the permissions of their "juniors") using XACML's > >mechanism for including one set of policies inside another by > >reference. NIST again might find it advantageous to profile > >XACML to support Hierarchical RBAC. > > > >I will ask the XACML Co-Chairs, Carlisle Adams (Entrust) and Hal > >Lockhart (BEA), to see if we can set up a joint conference call > >to discuss ways of working together. Meanwhile, I expect several > >XACML members will be reviewing the proposed NIST standard > >closely to determine whether there are specific requirements that > >XACML is not currently able to handle. > > > >Yours truly, > >Anne Anderson > >-- > >Anne H. Anderson Email: Anne.Anderson@Sun.COM > >Sun Microsystems Laboratories > >1 Network Drive,UBUR02-311 Tel: 781/442-0928 > >Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > Rick Kuhn > Ph: 301-975-3337, Fax: 301-948-0279 > Information Technology Laboratory > National Institute of Standards and Technology > Gaithersburg, MD 20899-8930 > http://csrc.nist.gov/staff/kuhn/rkhome.html > > > > > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]