ANSI INCITS494-2012 Information technology - Role Based Access Control - Policy Enhanced《信息技术.基于角色的访问控制.增强政策》.pdf
《ANSI INCITS494-2012 Information technology - Role Based Access Control - Policy Enhanced《信息技术.基于角色的访问控制.增强政策》.pdf》由会员分享,可在线阅读,更多相关《ANSI INCITS494-2012 Information technology - Role Based Access Control - Policy Enhanced《信息技术.基于角色的访问控制.增强政策》.pdf(27页珍藏版)》请在麦多课文档分享上搜索。
1、American National StandardDeveloped byfor Information Technology Role Based Access Control Policy-EnhancedINCITS 494-2012INCITS 494-2012Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from I
2、HS-,-,-Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS 494-2012American National Standardfor Information Technology Role Based Access Control Policy-EnhancedSecretariatIn
3、formation Technology Industry CouncilApproved July 26, 2012American National Standards Institute, Inc.AbstractThis RBAC Policy-Enhanced standard is intended for use by developers and consumers of RBAC prod-ucts. Developers will ensure conformance of products with the standard and consumers will cons
4、ult thestandard to compare and evaluate products. Conformance with the standard provides uniform sets ofRBAC features and provisions to promote interoperability between RBAC systems. These features andprovisions can serve as criteria for comparing and evaluating RBAC products.Copyright American Nati
5、onal Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-Approval of an American National Standard requires review by ANSI that therequirements for due process, consensus, and other criteria for approval haveb
6、een met by the standards developer.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement has been reached by directly andmaterially affected interests. Substantial agreement means much more thana simple majority, but not necessarily unanimity. Co
7、nsensus requires that allviews and objections be considered, and that a concerted effort be madetowards their resolution.The use of American National Standards is completely voluntary; theirexistence does not in any respect preclude anyone, whether he has approvedthe standards or not, from manufactu
8、ring, marketing, purchasing, or usingproducts, processes, or procedures not conforming to the standards.The American National Standards Institute does not develop standards andwill in no circumstances give an interpretation of any American NationalStandard. Moreover, no person shall have the right o
9、r authority to issue aninterpretation of an American National Standard in the name of the AmericanNational Standards Institute. Requests for interpretations should beaddressed to the secretariat or sponsor whose name appears on the titlepage of this standard.CAUTION NOTICE: This American National St
10、andard may be revised orwithdrawn at any time. The procedures of the American National StandardsInstitute require that action be taken periodically to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards mayreceive current information on all standards by calling or w
11、riting the AmericanNational Standards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2012 by Information Technology Industry Council (ITI)All rights reserved.No part of this publication may be reproduced in
12、anyform, in an electronic retrieval system or otherwise,without prior written permission of ITI, 1101 K Street NW, Suite 610, Washington, DC 20005. Printed in the United States of AmericaCAUTION: The developers of this standard have requested that holders of patents that may berequired for the imple
13、mentation of the standard disclose such patents to the publisher. However,neither the developers nor the publisher have undertaken a patent search in order to identifywhich, if any, patents may apply to this standard. As of the date of publication of this standardand following calls for the identifi
14、cation of patents that may be required for the implementation ofthe standard, no such claims have been made. No further patent search is conducted by the de-veloper or publisher in respect to any standard it processes. No representation is made or impliedthat licenses are not required to avoid infri
15、ngement in the use of this standard.Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-i CONTENTS Foreword iv 1 SCOPE 1 2 CONFORMANCE 2 3 NORMATIVE REFERENCES 2 4 TERMS AND DEFINIT
16、IONS 2 5 THE RBAC POLICY-ENHANCED REFERENCE MODEL 4 5.1 INCITS 359 RBAC COMPONENTS 5 5.1.1 CORE RBAC 5 5.1.2 CONSTRAINED RBAC 5 5.1.3 HIERARCHICAL RBAC 5 5.2 RBAC ENGINE 6 5.3 EXTERNAL INTERFACES 7 5.3.1 EXTERNAL POLICY RULES INTERFACE 7 5.3.2 AUDIT INTERFACE 8 5.3.3 RIIS MANAGEMENT FUNCTIONS INTERF
17、ACE 8 5.4 RBAC POLICY ENHANCED CONSTRAINTS 8 5.4.1 DYNAMIC CONSTRAINTS 9 5.4.1.1 Role-Role (Dynamic) 9 5.4.1.2 User-Role (Dynamic) 9 5.4.1.3 Attribute-sensitive (Dynamic) 9 5.4.2 STATIC CONSTRAINTS 10 5.4.2.1 Role-Role (Static) 10 5.4.2.2 Permission-permission (Static) 10 5.4.2.3 Permission-role (St
18、atic) 10 5.4.2.4 User-role (Static) 11 5.4.3 CONSTRAINT LANGUAGE 11 6 RBAC SYSTEM AND ADMINISTRATIVE FUNCTIONAL SPECIFICATION 13 6.1 POLICY-ENHANCED ADMINISTRATIVE COMMANDS 13 6.1.1 RPE ADMINISTRATIVE COMMANDS 13 Copyright American National Standards Institute Provided by IHS under license with ANSI
19、 Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ii 6.2 SUPPORTING SYSTEM COMMANDS 14 6.2.1 NEW SYSTEM FUNCTION COMMANDS 14 6.2.2 EXTERNAL INTERFACE SUPPORTING SYSTEM COMMANDS 14 6.3 REVIEW COMMANDS 14 6.3.1 RPE REVIEW COMMANDS 14 ANNEX A BIBLIOGRAPHY 15 ANNEX B RB
20、AC IMPLEMENTATION AND INTEROPERABILITY MANAGEMENT FUNCTIONS 16 Figures Figure 1 RBAC Policy-Enhanced Reference Model . 4 Figure 2 RBAC Engine Algorithm . 7 Tables Table 1. RPE Dynamic Constraints 9 Table 2. RPE Static Constraints 10 Table 3. Syntax for Static Constraints 11 Table 4. Syntax for Dyami
21、c Constraints . 12 Table A.1. RIIS Management Functions for RBAC Reference Model Interface 16 Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-iiiForeword (This foreword is not p
22、art of American National Standard INCITS 494-2012.)As defined in the original INCITS 359-2004 standard, Role Based Access Control(RBAC), permissions are assigned to roles rather than to individual users. Users arethen assigned to roles rather than directly to permissions. This level of indirection f
23、a-cilitates user-permission management and provides additional security benefits (seethe NIST RBAC website http:/csrc.nist.gov/rbac). Without the benefits and conve-niences provided by RBAC, there is an enhanced danger that a user may be grantedmore access to resources than is needed due to limited
24、control over the type of ac-cess that can be associated with users and resources. For example, users may needto list directories and modify existing files without creating new files, or they mayneed to append records to a file without modifying existing records. Increasing theflexibility of controll
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
10000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ANSIINCITS4942012INFORMATIONTECHNOLOGYROLEBASEDACCESSCONTROLPOLICYENHANCED 信息技术 基于 角色 访问 控制 增强 政策 PDF

链接地址:http://www.mydoc123.com/p-436834.html