OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Re: Proposed standard for RBAC. Forwarded message from Rick Kuhn.

  • 1.  Re: Proposed standard for RBAC. Forwarded message from Rick Kuhn.

    Posted 04-17-2003 14:00
    ------- start of forwarded message -------
    From: Rick Kuhn <kuhn@nist.gov>
    To: Anne.Anderson@sun.com, David Ferraiolo <david.ferraiolo@nist.gov>,
       Ramaswamy Chandramouli <mouli@nist.gov>, John Barkley <jbarkley@nist.gov>,
       rbac-info@nist.gov
    Subject: Re: Proposed standard for RBAC
    Date: Wed, 16 Apr 2003 15:57:11 -0400
    
    Anne,
    We would like to discuss this with you in a phone conference.  We have Wed 
    - Fri next week available.  Would one of those days fit into your schedule?
    Rick Kuhn
    
    At 10:40 AM 4/15/2003 -0400, Anne Anderson wrote:
    >http://csrc.nist.gov/rbac/ proposes a "voluntary consensus
    >standard for role based access control", available at
    >http://csrc.nist.gov/rbac/rbac-std-ncits.pdf
    >
    >Have you considered building on the OASIS eXtensible Access
    >Control Markup Language (XACML)?  This was approved as an OASIS
    >Standard in February of 2003, there are two Open Source
    >implementations available, and it is receiving generally good
    >acceptance by the industry.  For more information, see
    >http://www.oasis-open.org/committees/xacml
    >
    >XACML supports the Core RBAC role and permission models quite
    >well: multiple roles per user, multiple users per role, multiple
    >permissions per role, multiple roles per permission, and
    >simultaneous exercise of permissions of multiple roles.  XACML
    >does not specify the mechanisms for how role attributes are
    >assigned to users, but supports all the above models.  NIST might
    >find it advantageous to develop Core RBAC as a profile of XACML,
    >rather than trying to create yet another language.
    >
    >XACML can also support Hierarchical RBAC ("junior" roles acquire
    >the user membership of their "senior roles". and "senior" roles
    >acquire the permissions of their "juniors") using XACML's
    >mechanism for including one set of policies inside another by
    >reference.  NIST again might find it advantageous to profile
    >XACML to support Hierarchical RBAC.
    >
    >I will ask the XACML Co-Chairs, Carlisle Adams (Entrust) and Hal
    >Lockhart (BEA), to see if we can set up a joint conference call
    >to discuss ways of working together.  Meanwhile, I expect several
    >XACML members will be reviewing the proposed NIST standard
    >closely to determine whether there are specific requirements that
    >XACML is not currently able to handle.
    >
    >Yours truly,
    >Anne Anderson
    >--
    >Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    >Sun Microsystems Laboratories
    >1 Network Drive,UBUR02-311     Tel: 781/442-0928
    >Burlington, MA 01803-0902 USA  Fax: 781/442-1692
    
    Rick Kuhn
    Ph:  301-975-3337,      Fax: 301-948-0279
    Information Technology Laboratory
    National Institute of Standards and Technology
    Gaithersburg, MD 20899-8930
    http://csrc.nist.gov/staff/kuhn/rkhome.html
    
    
    
    
    
    ------- end of forwarded message -------
    
    -- 
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692