OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] ANSI INCITS 359-2004 etc

Robin,

The XACML TC had the opportunity to work with the NIST RBAC team as they
were doing their final review of what has become the ANSI RBAC standard
and as we were developing the XACML Profile for Role Based Access Control.
The XACML RBAC Profile, recently approved by the
XACML TC as a Committee Draft, uses the ANSI terminology and model, and
completely implements the functionality described in the ANSI RBAC standard.
The authors of the ANSI standard are listed in the acknowledgments for the
XACML RBAC Profile.

I believe the RBAC model described in the ANSI standard is consistent with
consensus modern understandings of RBAC.

The weakness of the ANSI RBAC standard is in its APIs: they are designed for
small, special-purpose, turnkey systems, and could not be implemented on
top of any modern operating system.  The authors of the standard agree with
this, but were eager to get something minimal out and felt it would be years
before they could reach agreement on anything more substantial.  The XACML 
RBAC profile does not support the ANSI RBAC APIs.

Anne Anderson

>Based upon the INCITS announcement for the approval of
>ANSI INCITS 359-2004, I created a short news item:
>
>http://xml.coverpages.org/ni2004-04-05-a.html
>
>"INCITS Announces ANSI's Approval of Role Based
>Access Control (RBAC) Security Standard."
>
>Scanning (hastily) the references in this territory it
>was not clear to me whether RBAC-based security is completely
>harmonious with modern identity management systems, though
>I suspected so.  The ACM forum (this year, SACMAT 2004) is
>certainly still alive with role-based access control research.
>
>Can anyone help me connect the dots (with a couple
>sentences or a couple additional URLs)?  Or advise if the
>news item is misleading for any reason.
>
>Thanks,
>
>Robin
>
>-----------------------------------------------------
>Robin Cover
>XML Cover Pages
>WWW: http://xml.coverpages.org
>Newsletter: http://xml.coverpages.org/newsletter.html
>ISOGEN: rcover@innodata-isogen.com
>OASIS: robin.cover@oasis-open.org
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the
>OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]