------- start of forwarded message -------
From: Rick Kuhn <kuhn@nist.gov>
To: Anne.Anderson@sun.com, David Ferraiolo <david.ferraiolo@nist.gov>,
Ramaswamy Chandramouli <mouli@nist.gov>, John Barkley <jbarkley@nist.gov>,
rbac-info@nist.gov
Subject: Re: Proposed standard for RBAC
Date: Wed, 16 Apr 2003 15:57:11 -0400
Anne,
We would like to discuss this with you in a phone conference. We have Wed
- Fri next week available. Would one of those days fit into your schedule?
Rick Kuhn
At 10:40 AM 4/15/2003 -0400, Anne Anderson wrote:
>http://csrc.nist.gov/rbac/ proposes a "voluntary consensus
>standard for role based access control", available at
>http://csrc.nist.gov/rbac/rbac-std-ncits.pdf
>
>Have you considered building on the OASIS eXtensible Access
>Control Markup Language (XACML)? This was approved as an OASIS
>Standard in February of 2003, there are two Open Source
>implementations available, and it is receiving generally good
>acceptance by the industry. For more information, see
>http://www.oasis-open.org/committees/xacml
>
>XACML supports the Core RBAC role and permission models quite
>well: multiple roles per user, multiple users per role, multiple
>permissions per role, multiple roles per permission, and
>simultaneous exercise of permissions of multiple roles. XACML
>does not specify the mechanisms for how role attributes are
>assigned to users, but supports all the above models. NIST might
>find it advantageous to develop Core RBAC as a profile of XACML,
>rather than trying to create yet another language.
>
>XACML can also support Hierarchical RBAC ("junior" roles acquire
>the user membership of their "senior roles". and "senior" roles
>acquire the permissions of their "juniors") using XACML's
>mechanism for including one set of policies inside another by
>reference. NIST again might find it advantageous to profile
>XACML to support Hierarchical RBAC.
>
>I will ask the XACML Co-Chairs, Carlisle Adams (Entrust) and Hal
>Lockhart (BEA), to see if we can set up a joint conference call
>to discuss ways of working together. Meanwhile, I expect several
>XACML members will be reviewing the proposed NIST standard
>closely to determine whether there are specific requirements that
>XACML is not currently able to handle.
>
>Yours truly,
>Anne Anderson
>--
>Anne H. Anderson Email: Anne.Anderson@Sun.COM
>Sun Microsystems Laboratories
>1 Network Drive,UBUR02-311 Tel: 781/442-0928
>Burlington, MA 01803-0902 USA Fax: 781/442-1692
Rick Kuhn
Ph: 301-975-3337, Fax: 301-948-0279
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
http://csrc.nist.gov/staff/kuhn/rkhome.html
------- end of forwarded message -------
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692