Cart
0
Product
Products
(empty)
No products
To be determined
Shipping
$0.00
Total
Product successfully added to your shopping cart
Quantity
Total
There are 0 items in your cart.
There is 1 item in your cart.
Total products
Total shipping
To be determined
Total
Sale!
View larger
View larger
ANSI INCITS 359
New product
ANSI INCITS 359 2012 Edition, May 29, 2012 Information Technology – Role Based Access Control
More info
Description / Abstract:
This standard consists of two main parts – the RBAC Reference
Model and the RBAC System and Administrative Functional
Specification.
The RBAC Reference Model defines sets of basic RBAC elements (i.e., users, roles, permissions, operations and objects) and relations as types and functions that are included in this standard. The RBAC reference model serves two purposes. First, the reference model defines the scope of RBAC features that are included in the standard. This identifies the minimum set of features included in all RBAC systems, aspects of role hierarchies, aspects of static constraint relations, and aspects of dynamic constraint relations. Second, the reference model provides a precise and consistent language, in terms of element sets and functions for use in defining the functional specification.
The RBAC System and Administrative Functional Specification specifies the features that are required of an RBAC system. These features fall into three categories, administrative operations, administrative reviews, and system level functionality. The administrative operations define functions in terms of an administrative interface and an associated set of semantics that provide the capability to create, delete and maintain RBAC elements and relations (e.g., to create and delete user role assignments). The administrative review features define functions in terms of an administrative interface and an associated set of semantics that provide the capability to perform query operations on RBAC elements and relations. System level functionality defines features for the creation of user sessions to include role activation/deactivation, the enforcement of constraints on role activation, and for calculation of an access decision. Annex A provides a functional specification overview. Informative Annex B provides a rationale for the major RBAC components defined in this document.
A companion to this standard describes the enhancement of RBAC constraints. The present standard recognizes only constraints that are local to an RBAC environment. These constraints deal only with separation of duty and cardinality. These constraints are evaluated within the local RBAC environment, as opposed to being provided from outside the local RBAC environment. The RBAC Policy-Enhanced (RPE) standard [RPE] also specifies constraints evaluated within the local environment. In addition, external constraints or the results of evaluating external constraints are imported into the environment. These constraints may change in real-time.
This standard and the RPE standard have the evaluation of constraints as part of the access control decision in common. Thus, they are compatible, with the base standard addressing more limited constraints and the RPE standard addressing a potentially wide variety of constraints.
The RBAC Reference Model defines sets of basic RBAC elements (i.e., users, roles, permissions, operations and objects) and relations as types and functions that are included in this standard. The RBAC reference model serves two purposes. First, the reference model defines the scope of RBAC features that are included in the standard. This identifies the minimum set of features included in all RBAC systems, aspects of role hierarchies, aspects of static constraint relations, and aspects of dynamic constraint relations. Second, the reference model provides a precise and consistent language, in terms of element sets and functions for use in defining the functional specification.
The RBAC System and Administrative Functional Specification specifies the features that are required of an RBAC system. These features fall into three categories, administrative operations, administrative reviews, and system level functionality. The administrative operations define functions in terms of an administrative interface and an associated set of semantics that provide the capability to create, delete and maintain RBAC elements and relations (e.g., to create and delete user role assignments). The administrative review features define functions in terms of an administrative interface and an associated set of semantics that provide the capability to perform query operations on RBAC elements and relations. System level functionality defines features for the creation of user sessions to include role activation/deactivation, the enforcement of constraints on role activation, and for calculation of an access decision. Annex A provides a functional specification overview. Informative Annex B provides a rationale for the major RBAC components defined in this document.
A companion to this standard describes the enhancement of RBAC constraints. The present standard recognizes only constraints that are local to an RBAC environment. These constraints deal only with separation of duty and cardinality. These constraints are evaluated within the local RBAC environment, as opposed to being provided from outside the local RBAC environment. The RBAC Policy-Enhanced (RPE) standard [RPE] also specifies constraints evaluated within the local environment. In addition, external constraints or the results of evaluating external constraints are imported into the environment. These constraints may change in real-time.
This standard and the RPE standard have the evaluation of constraints as part of the access control decision in common. Thus, they are compatible, with the base standard addressing more limited constraints and the RPE standard addressing a potentially wide variety of constraints.