UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ANSI INCITS 359

Information Technology – Role Based Access Control

active, Most Current
Buy Now
Organization: ANSI
Publication Date: 29 May 2012
Status: active
Page Count: 61
scope:

This standard consists of two main parts - the RBAC Reference Model and the RBAC System and Administrative Functional Specification.

The RBAC Reference Model defines sets of basic RBAC elements (i.e., users, roles, permissions, operations and objects) and relations as types and functions that are included in this standard. The RBAC reference model serves two purposes. First, the reference model defines the scope of RBAC features that are included in the standard. This identifies the minimum set of features included in all RBAC systems, aspects of role hierarchies, aspects of static constraint relations, and aspects of dynamic constraint relations. Second, the reference model provides a precise and consistent language, in terms of element sets and functions for use in defining the functional specification.

The RBAC System and Administrative Functional Specification specifies the features that are required of an RBAC system. These features fall into three categories, administrative operations, administrative reviews, and system level functionality. The administrative operations define functions in terms of an administrative interface and an associated set of semantics that provide the capability to create, delete and maintain RBAC elements and relations (e.g., to create and delete user role assignments). The administrative review features define functions in terms of an administrative interface and an associated set of semantics that provide the capability to perform query operations on RBAC elements and relations. System level functionality defines features for the creation of user sessions to include role activation/deactivation, the enforcement of constraints on role activation, and for calculation of an access decision. Annex A provides a functional specification overview. Informative Annex B provides a rationale for the major RBAC components defined in this document.

A companion to this standard describes the enhancement of RBAC constraints. The present standard recognizes only constraints that are local to an RBAC environment. These constraints deal only with separation of duty and cardinality. These constraints are evaluated within the local RBAC environment, as opposed to being provided from outside the local RBAC environment. The RBAC Policy-Enhanced (RPE) standard [RPE] also specifies constraints evaluated within the local environment. In addition, external constraints or the results of evaluating external constraints are imported into the environment. These constraints may change in real-time.

This standard and the RPE standard have the evaluation of constraints as part of the access control decision in common. Thus, they are compatible, with the base standard addressing more limited constraints and the RPE standard addressing a potentially wide variety of constraints.

Document History

ANSI INCITS 359
May 29, 2012
Information Technology – Role Based Access Control
This standard consists of two main parts – the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The RBAC Reference Model defines sets of basic RBAC elements...
May 29, 2012
Information Technology – Role Based Access Control
This standard consists of two main parts – the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The RBAC Reference Model defines sets of basic RBAC elements...
January 1, 2004
for Information Technology - Role Based Access Control
A description is not available for this item.

References

Advertisement