Title :
A Critique of the ANSI Standard on Role-Based Access Control
Author :
Li, Ninghui ; Byun, Ji-Won ; Bertino, Elisa
Author_Institution :
Purdue Univ., West Lafayette
Abstract :
In 2004, the American National Standards Institute approved the Role-Based Access Control standard to fulfill "a need among government and industry purchasers of information technology products for a consistent and uniform definition of role based access control (RBAC) features". Such uniform definitions give IT product vendors and customers a common and unambiguous terminology for RBAC features, which can lead to wider adoption of RBAC and increased productivity. However, the current ANSI RBAC Standard has several limitations, design flaws, and technical errors that, it unaddressed, could lead to confusions among IT product vendors and customers and to RBAC implementations with different semantics, thus defeating the standard\´s purpose.
Keywords :
DP industry; authorisation; standards; ANSI standard; IT product vendors; role-based access control; ANSI standards; Access control; Database systems; Error correction; Identity management systems; Information technology; Standardization; Standards development; Standards organizations; Standards publication; authorization management; role-based access control; security; standards;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2007.158
