A Critique of the ANSI Standard on Role-Based Access Control
Ninghui Li
JiWon Byun
Bertino, E.
Purdue Univ., West Lafayette;
This paper appears in: Security & Privacy, IEEE
Publication Date: Nov.-Dec. 2007
Volume: 5,
Issue: 6
On page(s): 41-49
ISSN: 1540-7993
INSPEC Accession Number: 9736084
Digital Object Identifier: 10.1109/MSP.2007.158
Current Version Published: 2007-12-12
Abstract
In 2004, the American National Standards Institute approved the Role-Based Access Control standard to fulfill "a need among government and industry purchasers of information technology products for a consistent and uniform definition of role based access control (RBAC) features". Such uniform definitions give IT product vendors and customers a common and unambiguous terminology for RBAC features, which can lead to wider adoption of RBAC and increased productivity. However, the current ANSI RBAC Standard has several limitations, design flaws, and technical errors that, it unaddressed, could lead to confusions among IT product vendors and customers and to RBAC implementations with different semantics, thus defeating the standard's purpose.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
