An administration concept for the enterprise role-based access control model
Proceedings of the eighth ACM symposium on Access control models and technologies
Proceedings of the ninth ACM symposium on Access control models and technologies
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Hi-index | 0.00 |
In this paper we describe a mainframe access controlsystem (DENT) and its associated delegated administrationtool (DSAS) that were used in a financial institution for over20 years to control access to banking transaction products.The fir st part of this paper describes the design and oper-ationof DENT/DSAS as an example of a long-lived accesscontrol system in a financial institution.A standard for Role-Based Access Control (RBAC) hasrecently been proposed by the United States National Insti-tuteof Standards and Technology (NIST). The second partof this paper discusses how the functionality of DENT/DSAScould be achieved by applying its principles of operationwithin the NIST model. In so doing we also evaluate theproposed standard by validating it against the requirementsembodied in a successful access control system.We conclude with some observations about the designof DENT/DSAS and suggestions for changes in the pro-posedRBAC standard to accommodate some features ofDENT/DSAS that it does not appear to support.