Role-Based Access Control in Retrospect

V. Nunes Leal Franqueira; Roelf J. Wieringa

doi:10.1109/MC.2012.38

Role-Based Access Control in Retrospect

V. Nunes Leal Franqueira, Roelf J. Wieringa

Research output: Contribution to journal › Article › Academic › peer-review

9 Citations (Scopus)

1 Downloads (Pure)

Abstract

Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of RBAC in terms of RBAC features, assumptions, strengths and possible weaknesses, and review current developments to mitigate these weaknesses. This review helps practitioners to assess the applicability of RBAC to their organization and also indicates where more research is needed to improve RBAC.

Original language	Undefined
Pages (from-to)	81-88
Number of pages	8
Journal	Computer (New York)
Volume	45
Issue number	6
DOIs	https://doi.org/10.1109/MC.2012.38
Publication status	Published - Jun 2012

Keywords

role management
security management
EWI-21398
SCS-Services
IR-79589
Identity and Access Management (IAM)
RBAC
role engineering
METIS-285070
Access Control

Access to Document

10.1109/MC.2012.38

Cite this

@article{1dd9ee6fef5946ff8dbcd2ad0d46e9cf,

title = "Role-Based Access Control in Retrospect",

abstract = "Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of RBAC in terms of RBAC features, assumptions, strengths and possible weaknesses, and review current developments to mitigate these weaknesses. This review helps practitioners to assess the applicability of RBAC to their organization and also indicates where more research is needed to improve RBAC.",

keywords = "role management, security management, EWI-21398, SCS-Services, IR-79589, Identity and Access Management (IAM), RBAC, role engineering, METIS-285070, Access Control",

author = "{Nunes Leal Franqueira}, V. and Wieringa, {Roelf J.}",

note = "eemcs-eprint-21398 ",

year = "2012",

month = jun,

doi = "10.1109/MC.2012.38",

language = "Undefined",

volume = "45",

pages = "81--88",

journal = "Computer (New York)",

issn = "0018-9162",

publisher = "IEEE Computer Society",

number = "6",

}

TY - JOUR

T1 - Role-Based Access Control in Retrospect

AU - Nunes Leal Franqueira, V.

AU - Wieringa, Roelf J.

N1 - eemcs-eprint-21398

PY - 2012/6

Y1 - 2012/6

N2 - Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of RBAC in terms of RBAC features, assumptions, strengths and possible weaknesses, and review current developments to mitigate these weaknesses. This review helps practitioners to assess the applicability of RBAC to their organization and also indicates where more research is needed to improve RBAC.

AB - Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of RBAC in terms of RBAC features, assumptions, strengths and possible weaknesses, and review current developments to mitigate these weaknesses. This review helps practitioners to assess the applicability of RBAC to their organization and also indicates where more research is needed to improve RBAC.

KW - role management

KW - security management

KW - EWI-21398

KW - SCS-Services

KW - IR-79589

KW - Identity and Access Management (IAM)

KW - RBAC

KW - role engineering

KW - METIS-285070

KW - Access Control

U2 - 10.1109/MC.2012.38

DO - 10.1109/MC.2012.38

M3 - Article

VL - 45

SP - 81

EP - 88

JO - Computer (New York)

JF - Computer (New York)

SN - 0018-9162

IS - 6

ER -