Printer Friendly

THIRD PATENT FOR NIST'S ROLE-BASED ACCESS CONTROL WORK.

On March 3, 2001, patent #6,202,066 was issued to NIST for "Implementation of Role/Group Permission Association Using Object Access Type." This is the third patent issued to NIST for work in Role Based Access Control (RBAC). The first two are #6,023,765 and #6,088,679.

NIST work in RBAC began almost 10 years ago. At that time, there were almost no products that used RBAC, and the concept of using roles for access control was not well defined. NIST published a model for RBAC in 1992 and refined the model and published a semiformal description in 1995. Since then, formal descriptions of the model and reference implementations have been developed and published.

In RBAC, access decisions are based on the roles that individual users perform within an organization. Users take on assigned roles (such as doctor, nurse, teller, or manager). The process of defining roles should be based on a thorough analysis of how an organization operates and should include input from a wide spectrum of users in an organization. Access rights to operations on objects are grouped by role name, and the use of resources is restricted to individuals authorized to assume the associated role. For example, within a hospital system, the role of doctor can include operations to perform diagnosis, prescribe medication, and order laboratory tests; and the role of researcher can be limited to gathering anonymous clinical information for studies.

The use of RBAC can reduce the cost and the errors associated with managing user access to objects. The principal motivation behind RBAC is the desire to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure. Traditionally, managing security has required mapping an organization's security policy to a relatively low-level set of access controls. With RBAC, it is not necessary to translate an organizational view into another view in order to accommodate an access control mechanism. In RBAC, the natural organizational view is the access control mechanism. The web site is http://hissa.nist.gov/rbac/.
COPYRIGHT 2001 National Institute of Standards and Technology
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2001, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:National Institute of Standards and Technology
Publication:Journal of Research of the National Institute of Standards and Technology
Article Type:Brief Article
Geographic Code:1USA
Date:May 1, 2001
Words:341
Previous Article:NEW EXCIMER LASER MEASUREMENT SERVICE AVAILABLE.
Next Article:NON-LINEAR OPTICAL CHARACTERIZATION OF GALLIUM NITRIDE AIDS MATERIAL IMPROVEMENT.
Topics:


Related Articles
Note to Readers.
Message From Past Chief Editor.
NEW BOOK, WEB SITE CAN HELP MEDIA FEATURE NIST AT 100.
NIST HOSTS RTP 2000 AND RELATED WORKSHOP.
NIST, ANSI REAFFIRM PARTNERSHIP FOR U.S. STANDARDS SUCCESS.
Message from the chief editor.
Foreword.
NIST's Role Based Access Control research saves industry $295 million. (General Developments).
NIST updates health care community on IT security work.
NIST hosts groundbreaking voting standards symposium.

Terms of use | Privacy policy | Copyright © 2022 Farlex, Inc. | Feedback | For webmasters |