A financial institution's legacy mainframe access control system in light of the proposed NIST RBAC standard

Abstract

In this paper we describe a mainframe access control system (DENT) and its associated delegated administration tool (DSAS) that were used in a financial institution for over 20 years to control access to banking transaction products. The first part of this paper describes the design and operation of DENT/DSAS as an example of a long-lived access control system in a financial institution. A standard for role-based access control (RBAC) has recently been proposed by the United States National Institute of Standards and Technology (NIST). The second part of this paper discusses how the functionality of DENT/DSAS could be achieved by applying its principles of operation within the NIST model. In so doing we also evaluate the proposed standard by validating it against the requirements embodied in a successful access control system. We conclude with some observations about the design of DENT/DSAS and suggestions for changes in the proposed RBAC standard to accommodate some features of DENT/DSAS that it does not appear to support.