ABAC and RBAC: Scalable, flexible, and auditable access management

IT Professional

Volumn 15, Issue 3, 2013, Pages 14-16

  Coyne, Edward J ^a   Weil, Timothy R ^a  

^a DRC ^*  (Democratic Republic Congo)

Author keywords

ABAC; attribute based access control; attribute centric access control; information technology; RBAC; role based access control; role centric access control; security

Indexed keywords

ABAC; ATTRIBUTE BASED ACCESS CONTROL; RBAC; ROLE-BASED ACCESS CONTROL; SECURITY;

INFORMATION TECHNOLOGY; RISK ANALYSIS;

ACCESS CONTROL;

EID: 84878378211     PISSN: 15209202     EISSN: None     Source Type: Journal    
DOI: 10.1109/MITP.2013.37     Document Type: Article

References (5)

1. D.R. Kuhn, E.J. Coyne, and T.R. Weil, "Adding Attributes to Role Based Access Control," Computer, vol. 43, no. 6, 2010; http://csrc.nist. gov/groups/SNS/rbac/documents/kuhn-coyne-weil-10.pdf.
2. ANSI INCITS 359-2012 Information Technology - Role Based Access Control, InterNational Committee for Information Technology Standards (INCITS), May 2012; www.techstreet.com/products/1837530.
3. ANSI INCITS 494-2012 Information Technology - Role Based Access Control - Policy-Enhanced, InterNational Committee for Information Technology Standards (INCITS), Aug. 2012; http://webstore.ansi.org/RecordDetail.aspx?sku=INCITS+494- 2012.
4. J. Xin, R. Krishnan, and R. Sandhu, "A Role-Based Administration Model for Attributes," Proc. 1st Int'l Workshop Secure and Resilient Architectures and Systems, ACM, 2012, pp. 7-12.
5. "Best Practices in Enterprise Authorization: The RBAC/ABAC Hybrid Approach," white paper, EmpowerID, 2013; http://blog.empowerid.com/Portals/ 174819/docs/EmpowerID-WhitePaper-RBACABAC-Hybrid-Model.pdf.