Los puntos clave no están disponibles para este artículo en este momento.
This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn 1992 and Ferraiolo et al. 1995, with adjustments resulting from experience gained by prototype implementations, market analysis, and observations made by Jansen 1988 and Hoffman 1996. The implementation of RBAC for the Web (RBAC/Web) provides an alternative to the conventional means of administering and enforcing authorization policy on a server-by-server basis. RBAC/Web provides administrators with a means of managing authorization data at the enterprise level, in a manner consistent with the current set of laws, regulations, and practices.
Ferraiolo et al. (Mon,) studied this question.