NIST logo

Publication Citation: Enterprise Access Control Frameworks Using RBAC and XML Technologies

NIST Authors in Bold

Author(s): Ramaswamy Chandramouli;
Title: Enterprise Access Control Frameworks Using RBAC and XML Technologies
Published: January 01, 2003
Abstract: In this chapter, we show that we can develop an Enterprise Access Control Framework using Role-based Access Control (RBAC) and Extensible Markup Language (XML) technologies. In the first section, we outline the general requirements for the Enterprise Access Control Model (EAM) and describe as to how RBAC meets those requirements. We call the resultant RBAC model as the "Enterprise RBAC Model". In the second section we briefly outline the facilities that XML technologies provides for specification and processing of structured data. The meat of this chapter is in the third section where a detailed description of the development of an Enterprise RBAC Model for a commercial bank is provided using one of the XML schema languages called the "XML Schema." In the rest of the sections we illustrate as to how XML APIs and toolsets can be utilized to perform tasks of validating the enterprise access control data in the XML document for conformance to the specification of the Enterprise RBAC Model and for mapping this data into different formats required by the access control modules in platforms hosting the various application systems of the enterprise.
Citation: Role-Based Access Control
Publisher: Artech House, Norwood, MA
Pages: pp. 179 - 210
Keywords: Enterprise access control framework; role-based access control models; XML schemas
Research Areas: Computer Security