Re: RBAC question

[George Capehart <gwc () acm org>]

On Sunday 15 February 2004 06:22 am, avi wrote:

<snip>

>   My questions to the list:
>     - Did I misunderstand the model ?

Hello Avi,

Yes, you did.    The basic idea is that access to a system and the 
functions provided by the system is based on the notion of roles.  A 
role is granted access privileges.  Individuals are assigned (sometimes 
multiple) roles.  A very good "first stop" for information on RBAC is 
at the NIST site:  http://csrc.nist.gov/rbac.  See especially the paper 
at the link at the bullet "Proposed Voluntary Consensus Standard 
_NIST_RBAC_STANDARD_.


>     - Any solutions ?

Yes.  Audit trails are a major component of an RBAC-based system.

>     - Anyone else implement this model ? if so how ?

Yes.  The breadth, depth and scope of the implementation varies widely 
in different implementations.

It's been implemented in:

 - Some OSs - Solaris, AIX, Linux, etc. - but these implementations are 
pretty much limited to controlling access to OS-level objects.

 - Java - in the Java Authentication and Authorization Service (JAAS) - 
last time I looked, it wasn't very deep in that there was no "native" 
mechanism for handling the tough parts of RBAC like dynamic separation 
of duties, etc.

 - Access control subsystems like KeyNote (RFC 2704) and SESAME 
(https://www.cosic.esat.kuleuven.ac.be/sesame/)

 - On the NIST RBAC page there's a pointer for a "lite" PoC version that 
was built for Web-based applications.

 - Probably the  most robust implementations are in commercial products 
that are built around the SESAME core.

A robust implementation of RBAC for applications is complex.  If you 
have more questions, I'd be happy to help off-list.

Best regards,

George Capehart
-- 
George W. Capehart

Key fingerprint:  3145 104D 9579 26DA DBC7  CDD0 9AE1 8C9C DD70 34EA

"Does getiud(2) halt the spawning of child processes?"
  -- Unknown from a very old fortune cookie file