OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Re: Proposed standard for RBAC

  • 1.  Re: Proposed standard for RBAC

    Posted 04-17-2003 20:44
    I and other interested members of the XACML TC would like to meet
    with you on Thursday, April 24, from 10=11am EDT.
    
      Conference call number: 512-225-3059
      Access code: 65998#
    
    There is considerable interest in the TC on this topic, so I
    expect we will have a good discussion.
    
    Thank you!
    Anne Anderson
    
    On 16 April, Rick Kuhn writes: Re: Proposed standard for RBAC
     > From: Rick Kuhn <kuhn@nist.gov>
     > To: Anne.Anderson@sun.com, David Ferraiolo <david.ferraiolo@nist.gov>,
     >    Ramaswamy Chandramouli <mouli@nist.gov>, John Barkley <jbarkley@nist.gov>,
     >    rbac-info@nist.gov
     > Subject: Re: Proposed standard for RBAC
     > Date: Wed, 16 Apr 2003 15:57:11 -0400
     > 
     > Anne,
     > We would like to discuss this with you in a phone conference.  We have Wed 
     > - Fri next week available.  Would one of those days fit into your schedule?
     > Rick Kuhn
     > 
     > At 10:40 AM 4/15/2003 -0400, Anne Anderson wrote:
     > >http://csrc.nist.gov/rbac/ proposes a "voluntary consensus
     > >standard for role based access control", available at
     > >http://csrc.nist.gov/rbac/rbac-std-ncits.pdf
     > >
     > >Have you considered building on the OASIS eXtensible Access
     > >Control Markup Language (XACML)?  This was approved as an OASIS
     > >Standard in February of 2003, there are two Open Source
     > >implementations available, and it is receiving generally good
     > >acceptance by the industry.  For more information, see
     > >http://www.oasis-open.org/committees/xacml
     > >
     > >XACML supports the Core RBAC role and permission models quite
     > >well: multiple roles per user, multiple users per role, multiple
     > >permissions per role, multiple roles per permission, and
     > >simultaneous exercise of permissions of multiple roles.  XACML
     > >does not specify the mechanisms for how role attributes are
     > >assigned to users, but supports all the above models.  NIST might
     > >find it advantageous to develop Core RBAC as a profile of XACML,
     > >rather than trying to create yet another language.
     > >
     > >XACML can also support Hierarchical RBAC ("junior" roles acquire
     > >the user membership of their "senior roles". and "senior" roles
     > >acquire the permissions of their "juniors") using XACML's
     > >mechanism for including one set of policies inside another by
     > >reference.  NIST again might find it advantageous to profile
     > >XACML to support Hierarchical RBAC.
     > >
     > >I will ask the XACML Co-Chairs, Carlisle Adams (Entrust) and Hal
     > >Lockhart (BEA), to see if we can set up a joint conference call
     > >to discuss ways of working together.  Meanwhile, I expect several
     > >XACML members will be reviewing the proposed NIST standard
     > >closely to determine whether there are specific requirements that
     > >XACML is not currently able to handle.
     > >
     > >Yours truly,
     > >Anne Anderson
     > >--
     > >Anne H. Anderson             Email: Anne.Anderson@Sun.COM
     > >Sun Microsystems Laboratories
     > >1 Network Drive,UBUR02-311     Tel: 781/442-0928
     > >Burlington, MA 01803-0902 USA  Fax: 781/442-1692
     > 
     > Rick Kuhn
     > Ph:  301-975-3337,      Fax: 301-948-0279
     > Information Technology Laboratory
     > National Institute of Standards and Technology
     > Gaithersburg, MD 20899-8930
     > http://csrc.nist.gov/staff/kuhn/rkhome.html
     > 
     > 
     > 
     > 
     > 
    
    -- 
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692