• DocumentCode
    1007677
  • Title

    A Critique of the ANSI Standard on Role-Based Access Control

  • Author

    Li, Ninghui ; Byun, Ji-Won ; Bertino, Elisa

  • Author_Institution
    Purdue Univ., West Lafayette
  • Volume
    5
  • Issue
    6
  • fYear
    2007
  • Firstpage
    41
  • Lastpage
    49
  • Abstract
    In 2004, the American National Standards Institute approved the Role-Based Access Control standard to fulfill "a need among government and industry purchasers of information technology products for a consistent and uniform definition of role based access control (RBAC) features". Such uniform definitions give IT product vendors and customers a common and unambiguous terminology for RBAC features, which can lead to wider adoption of RBAC and increased productivity. However, the current ANSI RBAC Standard has several limitations, design flaws, and technical errors that, it unaddressed, could lead to confusions among IT product vendors and customers and to RBAC implementations with different semantics, thus defeating the standard\´s purpose.
  • Keywords
    DP industry; authorisation; standards; ANSI standard; IT product vendors; role-based access control; ANSI standards; Access control; Database systems; Error correction; Identity management systems; Information technology; Standardization; Standards development; Standards organizations; Standards publication; authorization management; role-based access control; security; standards;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2007.158
  • Filename
    4402445
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1007677