I and other interested members of the XACML TC would like to meet
with you on Thursday, April 24, from 10=11am EDT.
Conference call number: 512-225-3059
Access code: 65998#
There is considerable interest in the TC on this topic, so I
expect we will have a good discussion.
Thank you!
Anne Anderson
On 16 April, Rick Kuhn writes: Re: Proposed standard for RBAC
> From: Rick Kuhn <kuhn@nist.gov>
> To: Anne.Anderson@sun.com, David Ferraiolo <david.ferraiolo@nist.gov>,
> Ramaswamy Chandramouli <mouli@nist.gov>, John Barkley <jbarkley@nist.gov>,
> rbac-info@nist.gov
> Subject: Re: Proposed standard for RBAC
> Date: Wed, 16 Apr 2003 15:57:11 -0400
>
> Anne,
> We would like to discuss this with you in a phone conference. We have Wed
> - Fri next week available. Would one of those days fit into your schedule?
> Rick Kuhn
>
> At 10:40 AM 4/15/2003 -0400, Anne Anderson wrote:
> >http://csrc.nist.gov/rbac/ proposes a "voluntary consensus
> >standard for role based access control", available at
> >http://csrc.nist.gov/rbac/rbac-std-ncits.pdf
> >
> >Have you considered building on the OASIS eXtensible Access
> >Control Markup Language (XACML)? This was approved as an OASIS
> >Standard in February of 2003, there are two Open Source
> >implementations available, and it is receiving generally good
> >acceptance by the industry. For more information, see
> >http://www.oasis-open.org/committees/xacml
> >
> >XACML supports the Core RBAC role and permission models quite
> >well: multiple roles per user, multiple users per role, multiple
> >permissions per role, multiple roles per permission, and
> >simultaneous exercise of permissions of multiple roles. XACML
> >does not specify the mechanisms for how role attributes are
> >assigned to users, but supports all the above models. NIST might
> >find it advantageous to develop Core RBAC as a profile of XACML,
> >rather than trying to create yet another language.
> >
> >XACML can also support Hierarchical RBAC ("junior" roles acquire
> >the user membership of their "senior roles". and "senior" roles
> >acquire the permissions of their "juniors") using XACML's
> >mechanism for including one set of policies inside another by
> >reference. NIST again might find it advantageous to profile
> >XACML to support Hierarchical RBAC.
> >
> >I will ask the XACML Co-Chairs, Carlisle Adams (Entrust) and Hal
> >Lockhart (BEA), to see if we can set up a joint conference call
> >to discuss ways of working together. Meanwhile, I expect several
> >XACML members will be reviewing the proposed NIST standard
> >closely to determine whether there are specific requirements that
> >XACML is not currently able to handle.
> >
> >Yours truly,
> >Anne Anderson
> >--
> >Anne H. Anderson Email: Anne.Anderson@Sun.COM
> >Sun Microsystems Laboratories
> >1 Network Drive,UBUR02-311 Tel: 781/442-0928
> >Burlington, MA 01803-0902 USA Fax: 781/442-1692
>
> Rick Kuhn
> Ph: 301-975-3337, Fax: 301-948-0279
> Information Technology Laboratory
> National Institute of Standards and Technology
> Gaithersburg, MD 20899-8930
> http://csrc.nist.gov/staff/kuhn/rkhome.html
>
>
>
>
>
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692