[cap-talk] The origin of Role Based Access Control
David Chizmadia (JHU)
chiz at cs.jhu.edu
Thu Jun 7 13:54:33 EDT 2007
Having been working on a project with Dave F. when he started the
RBAC work..., the more precise phrasing would be that the cited
paper is the first known attempt to formulate a policy model. The
work started based on a survey NIST did of the health care community
that indicated the widespread use of organizational roles as the
basis for (what little) access control (was in use).
-DMC
Chip Morningstar wrote:
> Alan writes:
>> According to NIST, it is D.F. Ferraiolo and D.R. Kuhn (1992) "Role Based
>> Access Control", 15th National Computer Security Conference, available
>> at http://csrc.nist.gov/rbac/Role_Based_Access_Control-1992.html.
>> Interestingly, RBAC wasn't introduced to make managing users easier. It
>> was addressing the problem of neither mandatory nor discretionary access
>> control being appropriate for non-military use.
>
> Interesting.
>
> We had role based access control (and I think that's even what we
> called it) in AMiX in 1989. And I really can't believe we were the
> first, or even close to the first.
>
> Chip
>
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
>
More information about the cap-talk
mailing list