{"title":"比较简单的基于角色的访问控制模型和访问控制列表","authors":"John F. Barkley","doi":"10.1145/266741.266769","DOIUrl":null,"url":null,"abstract":"The RBAC metaphor is powerful in its ability to express access control policy in terms of the way in which administrators view organizations. The functionality of simple Role Based Access Control (RBAC) models are compared to access control lists (ACL). A very simple RBAC model is shown to be no different from a group ACL mechanism from the point of view of its ability to express access control policy. RBAC is often distinguished from ACLs by the inclusion of a feature which allows a session to be associated with a proper subset of the roles (i.e., groups in ACL terms) authorized for a user. Two possible semantics for this feature are described: one which requires a similar amount of processing as that required by ACLs, and another which requires significantly more processing than that required by ACLs. In addition, the capability to define role hierarchies is compared to an equivalent feature in ACLs.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"92","resultStr":"{\"title\":\"Comparing simple role based access control models and access control lists\",\"authors\":\"John F. Barkley\",\"doi\":\"10.1145/266741.266769\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The RBAC metaphor is powerful in its ability to express access control policy in terms of the way in which administrators view organizations. The functionality of simple Role Based Access Control (RBAC) models are compared to access control lists (ACL). A very simple RBAC model is shown to be no different from a group ACL mechanism from the point of view of its ability to express access control policy. RBAC is often distinguished from ACLs by the inclusion of a feature which allows a session to be associated with a proper subset of the roles (i.e., groups in ACL terms) authorized for a user. Two possible semantics for this feature are described: one which requires a similar amount of processing as that required by ACLs, and another which requires significantly more processing than that required by ACLs. In addition, the capability to define role hierarchies is compared to an equivalent feature in ACLs.\",\"PeriodicalId\":355233,\"journal\":{\"name\":\"ACM Workshop on Role-Based Access Control\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1997-11-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"92\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Workshop on Role-Based Access Control\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/266741.266769\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Role-Based Access Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/266741.266769","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Comparing simple role based access control models and access control lists
The RBAC metaphor is powerful in its ability to express access control policy in terms of the way in which administrators view organizations. The functionality of simple Role Based Access Control (RBAC) models are compared to access control lists (ACL). A very simple RBAC model is shown to be no different from a group ACL mechanism from the point of view of its ability to express access control policy. RBAC is often distinguished from ACLs by the inclusion of a feature which allows a session to be associated with a proper subset of the roles (i.e., groups in ACL terms) authorized for a user. Two possible semantics for this feature are described: one which requires a similar amount of processing as that required by ACLs, and another which requires significantly more processing than that required by ACLs. In addition, the capability to define role hierarchies is compared to an equivalent feature in ACLs.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
