UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close

This is embarrasing..

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close
Privacy Policy

This is embarrasing..

An error occurred while processing the form. Please try again in a few minutes.

ASTM E2595

Standard Guide for Privilege Management Infrastructure

inactive
Buy Now
Organization: ASTM
Publication Date: 15 November 2007
Status: inactive
Page Count: 11
ICS Code (Information technology (IT) in general): 35.020
scope:

This guide defines interoperable mechanisms to manage privileges in a distributed environment. This guide is oriented towards support of a distributed or service-oriented architecture (SOA) in which security services are themselves distributed and applications are consumers of distributed services.

This guide incorporates privilege management mechanisms alluded to in a number of existing standards (for example, Guide E 1986 and Specification E 2084). The privilege mechanisms in this guide support policy-based access control (including role-, entity-, and contextual-based access control) including the application of policy constraints, patientrequested restrictions, and delegation. Finally, this guide supports hierarchical, enterprise-wide privilege management.

The mechanisms defined in this guide may be used to support a privilege management infrastructure (PMI) using existing public key infrastructure (PKI) technology.

This guide does not specifically support mechanisms based on secret-key cryptography. Mechanisms involving privilege credentials are specified in ISO 9594-8:2000 (attribute certificates) and Organization for the Advancement of Structured Information Standards (OASIS) Security Assertion Markup Language (SAML) (attribute assertions); however, this guide does not mandate or assume the use of such standards.

Many current systems require only local privilege management functionality (on a single computer system). Such systems frequently use proprietary mechanisms. This guide does not address this type of functionality; rather, it addresses an environment in which privileges and capabilities (authorizations) shall be managed between computer systems across the enterprise and with business partners.

This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety and health practices and determine the applicability of regulatory limitations prior to use.

Document History

November 15, 2007
Standard Guide for Privilege Management Infrastructure
This guide defines interoperable mechanisms to manage privileges in a distributed environment. This guide is oriented towards support of a distributed or service-oriented architecture (SOA) in which...
ASTM E2595
November 15, 2007
Standard Guide for Privilege Management Infrastructure
This guide defines interoperable mechanisms to manage privileges in a distributed environment. This guide is oriented towards support of a distributed or service-oriented architecture (SOA) in which...

References

Advertisement