Publication | Open Access
A role-based access control model and reference implementation within a corporate intranet
435
Citations
14
References
1999
Year
Authentication AuthorizationEngineeringBusiness IntelligenceInformation SecurityRbac ModelRbac FeaturesSecure Network AccessLogical Access ControlAccess MethodManagementAccess ControlData ManagementData PrivacyComputer ScienceInformation ManagementCorporate GovernanceReference ImplementationCorporate IntranetData SecurityCloud ComputingBusinessEnhanced Rbac ModelAuthentication Access ControlAuthorization PoliciesModel-driven Security
The RBAC model formalized here builds on Ferraiolo and Kuhn’s 1992 framework, refined through prototype experience, market analysis, and insights from Jansen 1988 and Hoffman 1996. The paper presents NIST’s enhanced RBAC model and outlines the authors’ design and implementation strategy for RBAC features on networked Web servers. RBAC/Web implements RBAC on Web servers, offering an enterprise‑level alternative to server‑by‑server policy enforcement that aligns with current laws, regulations, and practices.
This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992] and Ferraiolo et al. [1995], with adjustments resulting from experience gained by prototype implementations, market analysis, and observations made by Jansen [1988] and Hoffman [1996]. The implementation of RBAC for the Web (RBAC/Web) provides an alternative to the conventional means of administering and enforcing authorization policy on a server-by-server basis. RBAC/Web provides administrators with a means of managing authorization data at the enterprise level, in a manner consistent with the current set of laws, regulations, and practices.
| Year | Citations | |
|---|---|---|
Page 1
Page 1