《ANSI-INCITS-359-2004.pdf》由会员分享,可在线阅读,更多相关《ANSI-INCITS-359-2004.pdf(56页珍藏版)》请在三一文库上搜索。
1、American National Standard Developed by for Information Technology Role Based Access Control ANSI INCITS 359-2004 ANSI INCITS 359-2004 Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2
2、007 19:58:02 MDTNo reproduction or networking permitted without license from IHS -,-,- Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 19:58:02 MDTNo reproduction or networking pe
3、rmitted without license from IHS -,-,- ANSI INCITS 359-2004 American National Standard for Information Technology Role Based Access Control Secretariat Information Technology Industry Council Approved February 3, 2004 American National Standards Institute, Inc. Copyright American National Standards
4、Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 19:58:02 MDTNo reproduction or networking permitted without license from IHS -,-,- Approval of an American National Standard requires review by ANSI that the requirement
5、s for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgement of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement m
6、eans much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made towards their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect
7、preclude anyone, whether he has approved the standards or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretat
8、ion of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name
9、 appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken periodically to reaffirm, revise, or withdraw this standard. Purchasers of Am
10、erican National Standards may receive current information on all standards by calling or writing the American National Standards Institute. American National Standard Published by American National Standards Institute, Inc. 25 West 43rd Street, New York, NY 10036 Copyright 2004 by Information Techno
11、logy Industry Council (ITI) All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America CAUTION: The develope
12、rs of this standard have requested that holders of patents that may be required for the implementation of the standard disclose such patents to the publisher. However, neither the developers nor the publisher have undertaken a patent search in order to identify which, if any, patents may apply to th
13、is standard. As of the date of publication of this standard and following calls for the identification of patents that may be required for the implementation of the standard, no such claims have been made. No further patent search is conducted by the de- veloper or publisher in respect to any standa
14、rd it processes. No representation is made or implied that licenses are not required to avoid infringement in the use of this standard. Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/
15、2007 19:58:02 MDTNo reproduction or networking permitted without license from IHS -,-,- i Contents Page Foreword .iii Introduction v 1Scope. 1 2Conformance . 1 3Normative References. 2 4Terms and Definitions 2 5RBAC Reference Model. 2 5.1Core RBAC 3 5.2Hierarchical RBAC. 5 5.3Constrained RBAC. 7 5.3
16、.1Static Separation of Duty Relations. 8 5.3.2Dynamic Separation of Duty Relations 9 6RBAC System and Administrative Functional Specification 11 6.1Core RBAC 11 6.1.1Administrative Commands for Core RBAC 11 6.1.2Supporting System Functions for Core RBAC. 14 6.1.3Review Functions for Core RBAC 15 6.1
17、.4Advanced Review Functions for Core RBAC. 16 6.2Hierarchical RBAC. 17 6.2.1General Role Hierarchies. 17 6.2.1.1Administrative Commands for General Role Hierarchies 17 6.2.1.2Supporting System Functions for General Role Hierarchies . 19 6.2.1.3Review Functions for General Role Hierarchies 19 6.2.1.4
18、Advanced Review Functions for General Role Hierarchies. 20 6.2.2Limited Role Hierarchies 21 6.2.2.1Administrative Commands for Limited Role Hierarchies 21 6.2.2.2Supporting System Functions for Limited Role Hierarchies. 22 6.2.2.3Review Functions for Limited Role Hierarchies. 22 6.2.2.4Advanced Revi
19、ew Functions for Limited Role Hierarchies 22 6.3Static Separation of Duty (SSD) Relations 22 6.3.1Core RBAC 22 6.3.1.1Administrative commands for SSD Relations 22 6.3.1.2Supporting System Functions for SSD 24 6.3.1.3Review Functions for SSD. 24 6.3.1.4Advanced Review Functions for SSD 25 6.3.2SSD wi
20、th General Role Hierarchies. 25 6.3.2.1Administrative Commands for SSD with General Role Hierarchies. 25 6.3.2.2Supporting System Functions for SSD with General Role Hierarchies. 27 6.3.2.3Review Functions for SSD with General Role Hierarchies 28 6.3.2.4Advanced Review Functions for SSD with General
21、 Role Hierarchies. 28 6.3.3SSD Relations with Limited Role Hierarchies 28 6.3.3.1Administrative Commands for SSD with Limited Role Hierarchies 28 6.3.3.2Supporting System Functions for SSD with Limited Role Hierarchies 28 6.3.3.3Review Functions for SSD with Limited Role Hierarchies . 29 Copyright A
22、merican National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 19:58:02 MDTNo reproduction or networking permitted without license from IHS -,-,- ii Page 6.3.3.4Advanced Review Functions for SSD with Limit
23、ed Role Hierarchies 29 6.4Dynamic Separation of Duties (DSD) Relations 29 6.4.1Core RBAC 29 6.4.1.1Administrative Commands for DSD Relations. 29 6.4.1.2Supporting System Functions for DSD Relations 31 6.4.1.3Review Functions for DSD Relations. 32 6.4.1.4Advanced Review Functions for DSD Relations 33
24、 6.4.2DSD Relations with General Role Hierarchies 33 6.4.2.1Administrative commands for DSD Relations with General Role Hierarchies 33 6.4.2.2Supporting System Functions for DSD Relations with General Role Hierarchies 33 6.4.2.3Review Functions for DSD Relations with General Role Hierarchies 34 6.4.
25、2.4Advanced Review Functions for DSD Relations with General Role Hierarchies 34 6.4.3DSD Relations with Limited Role Hierarchies 34 6.4.3.1Administrative Commands for DSD Relations with Limited Role Hierarchies 34 6.4.3.2Supporting System Functions for DSD Relations with Limited Role Hierarchies 34
26、6.4.3.3Review Functions for DSD Relations with Limited Role Hierarchies. 35 6.4.3.4Advanced Review Functions for DSD Relations with Limited Role Hierarchies 35 Figures 1Core RBAC 4 2Hierarchical RBAC. 6 3SSD within Hierarchical RBAC 9 4Dynamic Separation of Duty Relations 10 Annexes AFunctional Spec
27、ification Overview. 36 BRationale 44 Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 19:58:02 MDTNo reproduction or networking permitted without license from IHS -,-,- iii Forewor
28、d (This foreword is not part of American National Standard ANSI INCITS 359-2004.) A process to develop this standard was initiated by the National Institute of Stan- dards and Technology (NIST) in recognition of a need among government and indus- try purchasers of information technology products for
29、 a consistent and uniform definition of role based access control (RBAC) features. In recent years, vendors have begun implementing role based access control features in their database man- agement systems, security management and network operating system products, without general agreement on the d
30、efinition of RBAC features. This lack of a widely accepted model results in uncertainty and confusion about RBACs utility and mean- ing. This standard seeks to resolve this situation by using a reference model to define RBAC features and then describing the functional specifications for those featur
31、es. This standard incorporates contributions from several rounds of open public review. An initial draft of a consensus standard for RBAC was proposed at the 2000 ACM Workshop on Role Based Access Control.1) Published comments on this earlier doc- ument2) and panel session discussions at the 2000 AC
32、M Workshop assisted in de- veloping the reference model and functional specification in a second version released publicly in 2001.3) The second version was submitted to the InterNational Committee for Information Technology Standards (INCITS) for fast track processing on October 15, 2001. The publi
33、c review of INCITS BSR 359 (November 16, 2001 to December 31, 2001) resulted in comments from INCITS Technical Committee T4. In response to these comments, editorial and some substantive changes have been in- corporated into this version. This standard contains two annexes. Annex A is normative and
34、is considered part of the standard. Annex B is informative and is not considered part of the standard. Requests for interpretation, suggestions for improvement or addenda, or defect re- ports are welcome. They should be sent to InterNational Committee for Information Technology Standards (INCITS), I
35、TI, 1250 Eye Street, NW, Suite 200, Washington, DC 20005. This standard was processed and approved for submittal to ANSI by INCITS. Com- mittee approval of this standard does not necessarily imply that all committee mem- bers voted for its approval. At the time it approved this standard, INCITS had
36、the following members: 1) R. Sandhu, D. Ferraiolo, R. Kuhn. The NIST model for role-based access control: Towards a unified standard. In Proceedings of 5th ACM Workshop on Role-Based Access Control, pp. 47-63 (Berlin, Germany, July 2000). ACM. 2)T. Jaeger and J. Tidswell. Rebuttal to the NIST RBAC m
37、odel proposal. In Proceedings of 5th ACM Workshop on Role-Based Access Control, pp. 65-66 (Berlin, Germany, July 2000). ACM. 3)D. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, R. Chandramouli, “A Pro- posed Standard for Role Based Access Control,“ ACM Transactions on Infor- mation and System Security
38、, vol. 4, no. 3 (August 2001). Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 19:58:02 MDTNo reproduction or networking permitted without license from IHS -,-,- iv Karen Higginbo
39、ttom, Chair Jennifer Garner, Secretary Organization RepresentedName of Representative Apple Computer, Inc.David Michael Wanda Cox (Alt.) Farance, IncFrank Farance Hewlett-Packard Company.Karen Higginbottom Scott Jameson (Alt.) Steve Mills (Alt.) EIAEdward Mikoski, Jr. Suan Hoyler (Alt.) IBM Corporat
40、ionRonald F. Silletti Institute for Certification of Computer Professionals.Kenneth M. Zemrowski Thomas Kurihara (Alt.) IEEEJudith Gorman Richard Holleman (Alt.) Robert Pritchard (Alt.) Intel Corporation.Gregory Kisor Dave Thewlis (Alt.) Microsoft Corporation .Mike Ksar Frank Camara (Alt.) National
41、Institute of Standards and (2) managers and procurement officials who seek to acquire computer security products with features that provide ac- cess control capabilities in accordance with commonly known and understood terminology and functional specifications. Copyright American National Standards
42、Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 19:58:02 MDTNo reproduction or networking permitted without license from IHS -,-,- AMERICAN NATIONAL STANDARD ANSI INCITS 359-2004 American National Standard for Informa
43、tion Technology Role Based Access Control 1 1 SCOPE This standard consists of two main parts the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The RBAC Reference Model defines sets of basic RBAC elements (i.e., users, roles, permissions, operations and objects
44、) and relations as types and functions that are included in this standard. The RBAC reference model serves two purposes. First, the reference model defines the scope of RBAC features that are included in the standard. This identifies the minimum set of features included in all RBAC systems, aspects
45、of role hierarchies, aspects of static constraint relations, and aspects of dynamic constraint relations. Second, the reference model provides a precise and consistent language, in terms of element sets and functions for use in defining the functional specification. The RBAC System and Administrativ
46、e Functional Specification specifies the features that are required of an RBAC system. These features fall into three categories, administrative operations, administrative reviews, and system level functionality. The administrative operations define functions in terms of an administrative interface
47、and an associated set of semantics that provide the capability to create, delete and maintain RBAC elements and relations (e.g., to create and delete user role assignments). The administrative review features define functions in terms of an administrative interface and an associated set of semantics
48、 that provide the capability to perform query operations on RBAC elements and relations. System level functionality defines features for the creation of user sessions to include role activation/deactivation, the enforcement of constraints on role activation, and for calculation of an access decision. Informative Annex B provides a rationale for the major RBAC components defined in this document. 2 CONFORMANCE Not all RBAC features are appropriate for all applications. As such, this standard provides a method of packaging features through t