An RBAC implementation and interoperability standard - The INCITS cyber security 1.1 model

Role-based access control (RBAC) is assigned directly to a user, which can provide simpler security administration and finer-grained access control policy. RBAC has provided a widely used model for security administration in large networks of applications and other IT resources. INCITS 359 contains an RBAC reference model, RIIS (RBAC Implementation and Interoperability Standard), as well as a system and administrative functional specifications, which describes a framework of components, use-case scenarios, management interaction functions, data-exchange models, operational definitions and interoperability. The RBAC data exchange model provides the bridge to exchange role information between security domains. RIIS defines technical interaction functions as specific mechanisms for exchanging operational and management data. The CS1.1 RBAC task group is soliciting industry use cases to cite in the area of system-to-system RBAC information exchange.