ImageVerifierCode 换一换
格式:PDF , 页数:27 ,大小:244.59KB ,
资源ID:435762      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-435762.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI INCITS 459-2011 Information Technology C Requirements for the Implementation and Interoperability of Role Based Access Control.pdf)为本站会员(bonesoil321)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI INCITS 459-2011 Information Technology C Requirements for the Implementation and Interoperability of Role Based Access Control.pdf

1、American National StandardDeveloped byfor Information Technology Requirements for theImplementation and Interoperabilityof Role Based Access ControlINCITS 459-2011INCITS 459-2011INCITS 459-2011American National Standardfor Information Technology Requirements for theImplementation and Interoperabilit

2、yof Role Based Access ControlSecretariatInformation Technology Industry CouncilApproved January 14, 2011American National Standards Institute, Inc.AbstractThis RBAC implementation and interoperability standard is intended for use by developers and consumersof RBAC products. Developers will ensure co

3、nformance of products with the standard and consumers willconsult the standard to compare and evaluate products. Conformance with the standard provides uniformsets of RBAC features and provisions to promote interoperability between RBAC systems. These featuresand provisions can serve as criteria for

4、 comparing and evaluating RBAC products.Approval of an American National Standard requires review by ANSI that therequirements for due process, consensus, and other criteria for approval havebeen met by the standards developer.Consensus is established when, in the judgement of the ANSI Board ofStand

5、ards Review, substantial agreement has been reached by directly andmaterially affected interests. Substantial agreement means much more thana simple majority, but not necessarily unanimity. Consensus requires that allviews and objections be considered, and that a concerted effort be madetowards thei

6、r resolution.The use of American National Standards is completely voluntary; theirexistence does not in any respect preclude anyone, whether he has approvedthe standards or not, from manufacturing, marketing, purchasing, or usingproducts, processes, or procedures not conforming to the standards.The

7、American National Standards Institute does not develop standards andwill in no circumstances give an interpretation of any American NationalStandard. Moreover, no person shall have the right or authority to issue aninterpretation of an American National Standard in the name of the AmericanNational S

8、tandards Institute. Requests for interpretations should beaddressed to the secretariat or sponsor whose name appears on the titlepage of this standard.CAUTION NOTICE: This American National Standard may be revised orwithdrawn at any time. The procedures of the American National StandardsInstitute re

9、quire that action be taken periodically to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards mayreceive current information on all standards by calling or writing the AmericanNational Standards Institute.American National StandardPublished byAmerican National Stan

10、dards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2011 by Information Technology Industry Council (ITI)All rights reserved.No part of this publication may be reproduced in anyform, in an electronic retrieval system or otherwise,without prior written permission of ITI, 1101 K Stre

11、et NW, Suite 610Washington, DC 20005. Printed in the United States of AmericaCAUTION: The developers of this standard have requested that holders of patents that may berequired for the implementation of the standard disclose such patents to the publisher. However,neither the developers nor the publi

12、sher have undertaken a patent search in order to identifywhich, if any, patents may apply to this standard. As of the date of publication of this standardand following calls for the identification of patents that may be required for the implementation ofthe standard, no such claims have been made. N

13、o further patent search is conducted by the de-veloper or publisher in respect to any standard it processes. No representation is made or impliedthat licenses are not required to avoid infringement in the use of this standard.Contents 1 Scope. 1 2 Conformance. 2 3 References. 2 3.1 Normative . 2 3.2

14、 Non-normative 2 4 Terms and Definitions. 3 5 Abbreviated Terms 4 6 Requirements 4 6.1 Implementation . 5 6.2 Interoperability 6 6.2.1 RBAC Interaction Functions for Interoperability. 6 6.2.2 Data Requirements for Interoperability 8 6.2.3 Policy Rules 8 6.3 Audit and reporting/logging 9 Informative

15、Annex A: Conceptual Model . 10 Informative Annex B: Use Cases for Interoperability . 12 Use Case Syntax . 12 Use Case Examples. 12 Case 1 Company Merger and Integration of Existing RBAC Systems . 12 Case 2 Continuous Synchronization of External Role Model . 14 Informative Annex C 16 C.1 Introduction

16、 16 C.2 Definition of Two Types of Roles: Structural and Functional 16 Purpose 16 Role Semantics 16 Structural Roles vs Organizational Roles . 17 Roles in ASTM Healthcare Policy and Standard Guide. 17 i iiForeword (This foreword is not part of American National Standard INCITS 459-2011.)This standar

17、d provides implementation requirements for Role Based Access Control(RBAC) systems, which use RBAC components defined in INCITS 359-2004(R2009). It is an implementation and interoperability standard intended for (1) soft-ware engineers and product development managers who design products incorporat-

18、ing access control features; and (2) managers and procurement officials who seek toacquire computer security products with features that provide access control capabil-ities in accordance with commonly known and understood terminology and functionalspecifications. The implementation requirements in

19、this standard are intended tosupport the interchange of RBAC data (e.g., roles, permissions, users) and thus pro-mote functional interoperability among multiple RBAC systems.Since best practices for RBAC solutions are not readily available, this standard pro-vides implementation requirements for sys

20、tems and components that comply withINCITS 359-2004 (R2009). Additional requirements beyond those in INCITS 359-2004 (R2009) are also included.Requests for interpretation, suggestions for improvement or addenda, or defect re-ports are welcome. They should be sent to InterNational Committee for Infor

21、mationTechnology Standards (INCITS), ITI, 1101 K Street, NW, Suite 610, Washington, DC20005.This standard was processed and approved for submittal to ANSI by INCITS. Com-mittee approval of this standard does not necessarily imply that all committee mem-bers voted for its approval. At the time it app

22、roved this standard, INCITS had thefollowing members:Don Wright, ChairJennifer Garner, SecretaryOrganization Represented Name of RepresentativeAdobe Systems Inc. . Scott Foshee Steve Zilles (Alt.)Apple Computer, Inc. . Kwok Lau Helene Workman (Alt.)David Singer (Alt.)Distributed Management Task Forc

23、e John Crandall Jeff Hilland (Alt.)Electronic Industries Alliance Edward Mikoski, Jr. Henry Cuschieri (Alt.)EMC Corporation . Gary Robinson Farance Inc. . Frank Farance Timothy Schoechle (Alt.)GS1 US . Ray Delnicki Frank Sharkey (Alt.)James Chronowski (Alt.)Mary Wilson (Alt.)Hewlett-Packard Company

24、Karen Higginbottom Paul Jeran (Alt.)IBM Corporation Gerald Lane Robert Weir (Alt.)Arnaud Le Hors (Alt.)Debra Boland (Alt.)Steve Holbrook (Alt.)IEEE . Bill Ash Jodie Haasz (Alt.)Bob Labelle (Alt.)Intel Philip Wennblom Grace Wei (Alt.)Stephen Balogh (Alt.)iiiOrganization Represented Name of Representa

25、tiveLexmark InternationalDon Wright Dwight Lewis (Alt.)Paul Menard (Alt.)Jerry Thrasher (Alt.)Microsoft CorporationJim Hughes Dick Brackney (Alt.)John Calhoun (Alt.)National Institute of Standards & Technology .Michael Hogan Sal Francomacaro (Alt.)Dan Benigni (Alt.)Fernando Podio (Alt.)Teresa Schwar

26、zhoff (Alt.)Wo Chang (Alt.)Oracle CorporationDonald R. Deutsch Jim Melton (Alt.)Michael Kavanaugh (Alt.)Toshihiro Suzuki (Alt.)Jeff Mischkinsky (Alt.)Tony DiCenzo (Alt.)Eduardo Gutentag (Alt.)Purdue University .Stephen Elliott Adam Wamsley (Alt.)Storage Networking Industry Association (SNIA)Gary Phi

27、llips Arnold Jones (Alt.)Dave Thiel (Alt.)US Department of Defense .Jerry Smith Dennis Devera (Alt.)Dave Brown (Alt.)Leonard Levine (Alt.)US Department of Homeland Security Peter Shebell Gregg Piermarini (Alt.)ivTechnical Committee CS1 on Cyber Security, which reviewed this standard, had thefollowin

28、g members:Dan Benigni, Chair(NIST)Eric Hibbard, International Representative(Hitachi Data Systems)Laura Kuiper, Secretary (Cisco Systems, Inc.)Organization Represented Name of RepresentativeAlcatel-Lucent Technologies. Igor FaynbergAmper Politziner & Mattia . (Representation Vacant)Atsec Information

29、 Security Corporation Fiona PattinsonBooz Allen & Hamilton, Inc. Nadya BartolCERT Coordination Center. Art Manion Cisco Systems, Inc. Laura KuiperConcordant, Inc. . Donald HoldenCygnaCom Solutions Sheila Brand Ernst & Young LLP . (Representation Vacant)Forsythe Solutions Group. Pamela FredericksGema

30、lto Neville PattinsonHewlett-Packard Company. Eva KuiperHID Global Gary Klinefelter Hitachi Data Systems . Eric HibbardIntel Corporation . David GrawrockMicrosoft Corporation . Mike LaiMitre Corporation James W. MooreNational Security Agency Debby WallnerNIST Richard KisselOrange Parachute Arun Siva

31、raman PREMIER Bankcard, Inc. . Chuck CincoRaytheon Systems Company . Kenneth KungRSA Security, Inc James RandallSailpoint Technologies Darran Rolls Surety Technologies, Inc. . Dimitri AndivahisSymantec Roger CummingsUnited States Council for International Business Heather ShawUnited States Dept of D

32、efense . Richard FernandezZygma Partnership . Richard WilsherTask Group CS1.1 on Role-Based Access Control, which developed and reviewedthis standard, had the following members:Ed Coyne, Chair and Editor(VHA CHIO)Tim Weil, Vice-Chair and Co-Editor(Booz | Allen | Hamilton) Richard Kissel, Co-Editor(N

33、IST)Organization Represented Name of RepresentativeBooz Allen & Hamilton, Inc. Tim WeilHitachi Data Systems . Eric HibbardMicrosoft . Mike LaiNIST Rick KuhnSailpoint Technologies . Darran RollsVHA CHIO Ed CoyneAMERICAN NATIONAL STANDARD INCITS 459-2011American National Standard for Information Techn

34、ology Requirements for the Implementation and Interoperability of Role Based Access Control 1 1 Scope The System and Administrative Functional Specification clause clause 6 in INCITS 359-2004 (R2009) specifies the features that are required of an RBAC system. These features fall into three categorie

35、s: administrative operations, administrative reviews, and system level functionality. This standard specifies the implementation of RBAC systems. It describes the packaging of features through the selection of functional components and feature options within a component, beginning with a core set of

36、 RBAC features that shall be included in all packages. Other components that may be selected in arriving at a relevant package of features pertain to role hierarchies, static constraints (e.g., Static Separation of Duty or SSD), and dynamic constraints (e.g., Dynamic Separation of Duty or DSD). Thes

37、e are defined in Section 4. This standard specifies that compliant RBAC products shall include an audit and reporting function. This function is not present in INCITS 359-2004 (R2009), but shall be available in compliant RBAC products. This standard also specifies interoperability requirements that

38、facilitate the exchange of RBAC system data between two systems. Interoperability is here defined as the ability of two systems to participate in the exchange of RBAC definition data in a non-operational state. To address this, the standard describes options for the interchange of RBAC elements (e.g

39、., roles, permissions, users) and for functional interoperability among RBAC services and applications. The standard recognizes a distinction between “Business Role” and “IT Role.” Business roles are those commonly found in the business environment, e.g., an individuals role in the organization. Thi

40、s role is not necessarily implemented in any information technology (IT) system. Thus, a business role is a job function of an individual within an organization. IT roles are those roles that are implemented in an IT system. These roles may reflect business roles, but may also be unique to the IT sy

41、stem because of the particular permissions present in the system. IT roles may themselves be classified into structural roles and functional roles. This distinction is described in Annex C. The scope of this standard covers IT roles and not necessarily business roles. This standard is concerned with

42、 the implementation and translation of access privileges within INCITS 459-2011 IT systems. In recognition of the fact that systems and components may not include all features described in INCITS 359-2004 (R2009), the definitions of components that derive from INCITS 359-2004 (R2009) may be only par

43、tially implemented in RBAC products. The use of this standard is intended for implementations of the RBAC infrastructure. Role definition processes (role engineering) may be addressed in a future standard. This standard provides a generalized syntax and data model for developing use cases for implem

44、entation of interoperable RBAC systems. 2 Conformance To conform to this standard, an RBAC system shall comply with all or a subset of the requirements in 6.1, 6.2, and 6.3. 3 References 3.1 Normative INCITS 359-2004 (R2009), Role Based Access Control 3.2 Non-normative 1. PMAC, Bernd Blobel, et al,

45、Modelling privilege management and access control, International Journal of Medical Informatics (2006) 75, 597-623. 2. ISO/TS 22600-2:2006, Health Informatics- Privilege Management and Access Control Part 2: Formal Models. 3. OASIS, Core and Hierarchical Role-Based Access Control (RBAC) Profile of X

46、ACML v2.0, OASIS standard, February 2005. 4. PIB, T.E. Squair, E. Jamhour, and R.C. Nabhen, “An RBAC-Based Policy Information Base,” Proc. IEEE Intl Workshop Policies for Distributed Systems and Networks, IEEE CS Press, 2005, pp. 171-180. 5. IETF, RFC 3318, Framework Policy Information Base, March 2

47、003. 6. SAML, Security Assertion Markup Language (SAML 2.0)ITU-T - Telecommunication Standardization Sector of ITU, X.1141 June 2006. 7. COPS, The COPS (Common Open Policy Service) Protocol, IETF RFC 2748, January 2000. 8. COPS Security, Common Open Policy Service (COPS) Over Transport Layer Securit

48、y (TLS), IETF RFC 4261. 9. SP 800-92, NIST Special Publication SP 800-92, Guide to Computer Security Log Managerment. 10. XML Healthcare, Security Audit and Access Accountability Message - XML Data Definitions for Healthcare Applications, IETF RFC 3881, September 2004. 11. XACML, eXtensible Access C

49、ontrol Markup Language (XACML 2.0) ITU-T - Telecommunication Standardization Sector of ITU, X.1142 June 2006. 12. OASIS, eXtensible Access Control Markup Language (XACML) Version 2.0, OASIS Standard, 1 February 2005. 2 INCITS 459-2011 13. ISO, Health Informatics Functional and Structural Roles, Draft Standard for Comments, TC 215/WG4/N214, ISO/PDTS 21298, January 15, 2004. 14. David F. Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli, Role-Based Access Control (2003). 15. ASTM E2212-02a, Standard Practice for Healthcare Certificate Policy. 16. ASTM E1986-02a, Stan

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1