Talk:Role-based access control

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Untitled[edit]

I have the impression that this article is about access to computer files, but why must it remain only an impression? The first sentence of an article titled "homology" may begin by saying "In mathematics, homology is....." or by saying "In biology, homology is.....", etc. This article should do the same thing, so that people not familiar with its field, whatever it is can tell what they're reading. -- Mike Hardy

The article is about Role based access control, a method of controlling operations on objects (including but not limited to computer files). But I agree that the article is unclear on this point. 155.101.224.65 (talk) 21:33, 17 June 2009 (UTC)[reply]

Standard terminology and diagrams?[edit]

The commonly accepted RBAC standard is the one that was produced NIST (National Institute of Standards and Technology [U.S. Government]). (This is ANSI [US] and INCITS [international] standard 359-004)

But there are differences between the terminology and diagrams of the article and the standard. (For example, in the standard a permission is an object and operation pair... The article's diagram matches up permission<->operation ... confusing to anybody that is used to the terminology and diagrams that the standard uses)

I think it would be nice to make the article agree with the official standards instead of inventing similar but different usages. 155.101.224.65 (talk) 21:31, 17 June 2009 (UTC)[reply]


I agree, the UML diagram is overly complicated. I think it would be better to show an example using users, roles, groups and resources. Oderbolz (talk) 14:17, 17 January 2018 (UTC)[reply]

empowerID advertisement[edit]

Deleted section on EmpowerID, it's an advertisement for a particular product, not an encylopdia entry. Moreover, even if the particular product was notable, it is only useable in certain environments, it's not about RBAC conceptually in general. Lacked any citations too, other than a link to the web page of the company/product advertised. — Preceding unsigned comment added by Jrochkind (talkcontribs) 04:26, 23 January 2011 (UTC)[reply]

RBAC vs. MAC vs. Models vs. Types[edit]

The article contains portions that seem to state RBAC is an alternative to DAC or MAC. But this is not the case. DAC and MAC simply state that the creator/owner of an object gets to decide how it can be used. Can they decide? DAC. Is the decision out of their hands? MAC. An access control model can be identified as one of those two types. Of course that is simplifying things a bit - some implementations of flexible MAC models can look like DAC, such as the unconfined_t as implemented in SELinux's standard Type Enforcement policy.

Additionally there were statements made stemming from the TCSEC days where MAC == BLP/Biba. This is not the case. There are numerous MAC models such as Type Enforcement, Clarks Wilson, Brewer and Nash, BLP, Biba, etc. Just as there are numerous DAC models like traditional user/group/other models and capabilities.

Sound-Mind (talk) 15:22, 4 February 2012 (UTC)[reply]

Implementations[edit]

It would be useful to contain a list of notable implementations of RBAC, similar to how MAC and DAC pages do. Perhaps SELinux (when using roles) or AWS IAM would be a some good examples, but I dont know enough in this area to write the section?

82.5.138.247 (talk) 08:50, 26 April 2019 (UTC)[reply]

Role-related Cryptographic Technology?[edit]

Cryptography is an important security tool to protect data from illegal access, but it is usually aimed at the data resource, lack of systematic consideration. The integration of RBAC and cryptography can construct a more flexible and systematic security mechanism. On the one hand, this integration expands the application field of cryptography; on the other hand, it ensures that the RBAC-based IT system has cryptography security.

According to the existing researches, suggest appending a new section "Role-based cryptosystem" as follows:

Role-based cryptosystem is a secure system that uses cryptographic techniques to perform the role-based access control. In addition, several advanced features, such as role's or user's revocation, tracing, and anonymity, are implemented as well[1]. A role-based cryptosystem should be a complete cryptosystem including Role-based Encryption (RBE)[2], Role-Based Signature (RBS)[3], and Role-Based Authentication (RBA)[4].

References

  1. ^ Y. Zhu; G. Ahn; H. Hu; D. Ma; S. Wang (Oct 2013), Role-Based Cryptosystem: A New Cryptographic RBAC System Based on Role-Key Hierarchy, vol. 8, IEEE Transactions on Information Forensics and Security, p. 2138-2153
  2. ^ Y. Zhu; Hu, HX; Ahn, GJ; Shan-Biao Wang (2011), Provably Secure Role-Based Encryption with Revocation Mechanism, vol. 26, Journal of Computer Science and Technology, p. 697–710
  3. ^ F. Luo; C. Lin; Y. Zhu; S.B. Wang (2016), Role-Based Signature and Its Security Proof, vol. 32(6), Journal of Information Science and Engineering, p. 1525-1539
  4. ^ Y. Zhu; D. Huang; C. J. Hu; X. Wang (2014), From RBAC to ABAC: constructing flexible data access control for cloud storage services, vol. 8(4), IEEE Transactions on Services Computing, p. 601-616