A role-based access control model and reference implementation within a corporate intranet
- 1 February 1999
- journal article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Information and System Security
- Vol. 2 (1) , 34-64
- https://doi.org/10.1145/300830.300834
Abstract
This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992] and Ferraiolo et al. [1995], with adjustments resulting from experience gained by prototype implementations, market analysis, and observations made by Jansen [1988] and Hoffman [1996]. The implementation of RBAC for the Web (RBAC/Web) provides an alternative to the conventional means of administering and enforcing authorization policy on a server-by-server basis. RBAC/Web provides administrators with a means of managing authorization data at the enterprise level, in a manner consistent with the current set of laws, regulations, and practices.Keywords
This publication has 7 references indexed in Scilit:
- Separation of duty in role-based environmentsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- The NIST model for role-based access controlPublished by Association for Computing Machinery (ACM) ,2000
- Formal specification for role based access control user/role and role/role relationship managementPublished by Association for Computing Machinery (ACM) ,1998
- Role activation hierarchiesPublished by Association for Computing Machinery (ACM) ,1998
- Managing role/permission relationships using object access typesPublished by Association for Computing Machinery (ACM) ,1998
- Role-based access control modelsComputer, 1996
- The management of computer security profiles using a role-oriented approachComputers & Security, 1994