| Version 11 (modified by , 18 years ago) ( diff ) |
|---|
Table of Contents
OASIS RBAC
Presently OASIS only supports core and hierarchical RBAC, but not static and dynamic sepraration of duty. As stated in the abstract of "Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML, v2.0" http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_control-xacml-2.0-rbac-profile1-spec-os.pdf OAS05a:
This specification defines a profile for the use of XACML in expressing policies that use role based access control (RBAC). It extends the XACML Profile for RBAC Version 1.0 to include a recommended AttributeId for roles, but reduces the scope to address only core and hierarchical RBAC. This specification has also been updated to apply to XACML 2.0.
Later, on page 4 in Section 1.3 Scope:
The policies specified in this profile assume all the roles for a given subject have already been enabled at the time an authorization decision is requested. They do not deal with an environment in which roles must be enabled dynamically based on the resource or actions a subject is attempting to perform. For this reason, the policies specified in this profile also do not deal with static or dynamic Separation of Duty (see
http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ANSI+INCITS+359-2004.pdf ANSI-RBAC). A future profile may address the requirements of this type of environment.
Bacon and Moody promote RBAC using XML for open, secure, widely distributed services http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p59-bacon.pdf BM02a.
Belokosztolszki and Eyers discuss shielding OASIS RBAC infrastructures from cyberterrorism http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/belokosztolszki03shielding.pdf BE03.
