SEARCH RESULTS
 
Showing 1-4 of 4 records
1
 
Expand article

RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control"

2008-01-07 09:15:52 by Editor in IEEE Security and Privacy
 
As the authors of the original proposal for the role-based access control (RBAC) standard and developers of the models from which it derives, the authors respond here to Ninghui Li, Ji-Won Byun, and Elisa Bertino's critique, which also appears in this issue. This is an opportune time in the revision cycle to introduce proposals for changes to...
 
Tags: standard, access control, authors respond, authors, revision cycle, critique, rbac, introduce proposals, ji-won byun
 
 
 
 
Expand article

Rote Based Access Control

2008-05-09 13:25:26 by Gunnar Peterson in 1 Raindrop
 
...RBAC is, next to firewalls and SSL, the biggest silver bullet misconception in infosec. I cannot count how many times I have heard managers say if we just had rbac all our identity problems would be solved. These same managers work in companies that reorg every 6 months and outsource anything that moves. Not that RBAC is useless, it can solve...
 
Tags: pamela dingle roles, roles, rbac introduces, collect roles, access, sharepoint instance, introduces, rbac, production accountant level
 
 
 
 
Expand article

Another Strategy for Getting Started with Application Security

2008-01-09 19:50:00 by Security Retentive in Security Retentive
 
...RBAC with Siteminder, using it almost as an identity service as well Settling on one common high-quality authentication and authorization tool/framework had three effects It removed these services from the realm of development. They just had to integrate with it, but didn't have to figure out all of the corner cases to password changes,...
 
Tags: security, application security, security program, authorization scheme, authorization, program, tool, approaches, perform risk assessments
 
 
 
 
Expand article

A Critique of the ANSI Standard on Role-Based Access Control

2008-01-07 09:15:52 by Editor in IEEE Security and Privacy
 
Vendors have widely adopted RBAC to manage user access to computer resources in various products, including database management systems. However, as this analysis shows, the standard is hindered by limitations, errors, and design flaws
 
Tags: manage user access, database management systems, standard, computer resources, design flaws, errors, limitations, widely, vendors
 
 
 
 
 
Showing 1-4 of 4 records
1
 
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia