Affiliation:
1. National Institute of Standards and Technology, Gaithersburg, MD
Abstract
This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992] and Ferraiolo et al. [1995], with adjustments resulting from experience gained by prototype implementations, market analysis, and observations made by Jansen [1988] and Hoffman [1996]. The implementation of RBAC for the Web (RBAC/Web) provides an alternative to the conventional means of administering and enforcing authorization policy on a server-by-server basis. RBAC/Web provides administrators with a means of managing authorization data at the enterprise level, in a manner consistent with the current set of laws, regulations, and practices.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference16 articles.
1. Managing role/permission relationships using object access types
2. FEINSTEIN H. L. 1995. Final report: NIST small business innovative research (SBIR) grant: Role based access control: Phase 1. SETA Corporation. SETA Corporation. FEINSTEIN H. L. 1995. Final report: NIST small business innovative research (SBIR) grant: Role based access control: Phase 1. SETA Corporation. SETA Corporation.
Cited by
146 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献