3Jul/102
Role Based Access Control – Theory and Practice Timeline
Summary of early theoretical results for RBAC models that evolved into RBAC standard
- 1992 – Ferraiolo and Kuhn paper defining RBAC model, with access permitted only through roles. Formally defined role hierarchies and constraints including separation of duty.
- 1994 – DTOS based RBAC prototype developed by Ferraiolo, Kuhn, Gavrila
- 1994 – Nyanchama and Osborn paper defined role graph model
- 1994 – IBM files (in Europe) first patent application in RBAC area, cites Ferraiolo, Kuhn work as “closest prior art”
- 1995 – Ferraiolo, Cugini, Kuhn publish extended formal model, defined separation of duty forms
- 1996 – Sandhu, Coyne, Feinstein, Youman paper defining family of RBAC models
- 1996 – Sandhu method for implementing MLS/MAC model on RBAC system
- 1997 – Kuhn paper on separation of duty; necessary and sufficient conditions for separation safety
- 1997 – Osborn paper on relationship between RBAC and multilevel security mandatory access (MLS/MAC) security policy models; role lemma relating RBAC and multilevel security
- 1997 – Ferraiolo and Barkley paper on economic advantages of RBAC
- 1998 – Kuhn method for implementing hierarchical RBAC model on MLS/MAC system
- 1999 – Prototype RBAC for web servers developed by Barkley, Ferraiolo, Kuhn, Cincotta and distributed as open source
- 2000 – Sandhu, Ferraiolo, Kuhn define consolidated RBAC model for proposed industry standard
- 2001 – Research Triangle Institute study on economic impact of RBAC attributes 44% of RBAC impact to NIST research
- 2004 – American National Standards Institute, International Committee for Information Technology Standards (ANSI/INCITS) adopts Sandhu, Ferraiolo, Kuhn RBAC proposal as an industry consensus standard INCITS 359:2004
July 30th, 2010 - 21:48
it was very interesting to read sunoblog.net
I want to quote your post in my blog. It can?
And you et an account on Twitter?
May 4th, 2011 - 00:26
What a joy to find somnoee else who thinks this way.