|
URL:
http://csrc.nist.gov/rbac/
One of the most challenging problems in managing
large networked systems is the complexity of security administration. Today,
security administration is costly and prone to error because administrators
usually specify access control lists for each user on the system individually.
Role based access control (RBAC) is a technology that is attracting increasing
attention, particularly for commercial applications, because of its potential
for reducing the complexity and cost of security administration in large
networked applications. Since the publication of the Ferraiolo-Kuhn model
for RBAC in 1992, most information technology vendors have incorporated RBAC
into their product line, and the technology is finding applications in areas
ranging from health care to defense, in addition to the mainstream commerce
systems for which it was designed.
With RBAC, security is managed at a level that
corresponds closely to the organization's structure. Each user is assigned one
or more roles, and each role is assigned one or more privileges that are
permitted to users in that role. Security administration with RBAC consists of
determining the operations that must be executed by persons in particular jobs,
and assigning employees to the proper roles. Complexities introduced by
mutually exclusive roles or role hierarchies are handled by the RBAC software,
making security administration easier.
Keywords:
Security, data management, user interface, transaction management,
security analysis, proposed standard, computer industry
|
