[cap-talk] The origin of Role Based Access Control
Chip Morningstar
chip at fudco.com
Thu Jun 7 13:44:22 EDT 2007
Alan writes:
>According to NIST, it is D.F. Ferraiolo and D.R. Kuhn (1992) "Role Based
>Access Control", 15th National Computer Security Conference, available
>at http://csrc.nist.gov/rbac/Role_Based_Access_Control-1992.html.
>Interestingly, RBAC wasn't introduced to make managing users easier. It
>was addressing the problem of neither mandatory nor discretionary access
>control being appropriate for non-military use.
Interesting.
We had role based access control (and I think that's even what we
called it) in AMiX in 1989. And I really can't believe we were the
first, or even close to the first.
Chip
More information about the cap-talk
mailing list