The NIST RBAC model is a standardized definition of role based access control. Although originally developed by the National Institute of Standards and Technology

National Institute of Standards and Technology

The National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards , is a measurement standards laboratory, otherwise known as a National Metrological Institute , which is a non-regulatory agency of the United States Department of Commerce...

, the standard was adopted and is copyrighted and distributed as INCITS 359-2004 by the International Committee for Information Technology Standards (INCITS). It is managed by INCITS committee CS1.

History

In 2000, NIST called for a unified standard for RBAC, integrating the RBAC model published in 1992 by Ferraiolo and Kuhn with the RBAC framework introduced by Sandhu, Coyne, Feinstein, and Youman (1996). This proposal was published by Sandhu, Ferraiolo, and Kuhn

and presented at the ACM 5th Workshop on Role Based Access Control. Following debate and comment within the RBAC and security communities, NIST made revisions and proposed a U.S. national standard for RBAC through the INCITS. In 2004, the standard received ballot approval and was adopted as INCITS 359-2004. Sandhu, Ferraiolo, and Kuhn later published an explanation of the design choices in the model.

External links

• http://csrc.nist.gov/groups/SNS/rbac/index.html (NIST RBAC web site)
• http://incits.org (INCITS web site)