درباره ما
ANSI INCITS 499
Information Technology – Next Generation Access Control – Functional Architecture (NGAC-FA)
Organization:
ANSI - American National Standards Institute
Year: 2013
Abstract: Next Generation Access Control (NGAC) is a fundamental reworking of traditional access control into a form that suits the needs of the modern distributed interconnected enterprise.
Access control is both an administrative and an automated process of defining and restricting which users and their processes can perform which operations on which system resources. The information that provides the basis by which access requests are granted or denied is known as a policy, and a wide variety of types of policies have been created to address different situations. Well-known examples of mechanisms by which specific policy types are enforced are access control lists (ACLs), capabilities, role-based access control (RBAC), and type enforcement, and well-known policies are discretionary access control (DAC), RBAC, multi-level security (MLS), Chinese Wall, separation of duty etc.
NGAC diverges from traditional approaches to access control in defining a generic architecture that is separate from any particular policy or type of policy. NGAC is not an extension of, or adaption of, any existing access control mechanism, but instead is a redefinition of access control in terms of a fundamental and reusable set of data abstractions and functions. NGAC provides a unifying framework capable without extension of supporting not only current many access control approaches, but also novel types of policy that have been conceived but never implemented due to the lack of a suitable enforcement mechanism.
NGAC accommodates combinations of different policies merely by changes to its control information, and thus it is possible to have several types of policies supported concurrently in a manner that is both deterministic and manageable. NGAC is particularly suitable for situations where some information is stored locally, and some is stored in a grid or cloud, as quite different policies can be put in place for each situation. Even more generally, NGAC supports a situation where a formal policy determined by a central organization is combined with a local, specific and more ad-hoc policy required to meet local needs.
In addition to its support of policies, NGAC also enables support for a variety of data services, including e-mail, workflow, records management etc. Support for these services is established through information contained in a database within NGAC.
The set of NGAC standards specifies the architecture, functions, operations, and interfaces necessary to ensure interoperability between conforming NGAC implementations. This standard contains an abstract functional description of an architecture. The description is abstract because it excludes all irrelevant details, and is functional because it partitions the entities comprising the architecture purely on the basis of their function and excludes all other constraints. Conforming implementations may employ any design technique that does not violate interoperability.
Access control is both an administrative and an automated process of defining and restricting which users and their processes can perform which operations on which system resources. The information that provides the basis by which access requests are granted or denied is known as a policy, and a wide variety of types of policies have been created to address different situations. Well-known examples of mechanisms by which specific policy types are enforced are access control lists (ACLs), capabilities, role-based access control (RBAC), and type enforcement, and well-known policies are discretionary access control (DAC), RBAC, multi-level security (MLS), Chinese Wall, separation of duty etc.
NGAC diverges from traditional approaches to access control in defining a generic architecture that is separate from any particular policy or type of policy. NGAC is not an extension of, or adaption of, any existing access control mechanism, but instead is a redefinition of access control in terms of a fundamental and reusable set of data abstractions and functions. NGAC provides a unifying framework capable without extension of supporting not only current many access control approaches, but also novel types of policy that have been conceived but never implemented due to the lack of a suitable enforcement mechanism.
NGAC accommodates combinations of different policies merely by changes to its control information, and thus it is possible to have several types of policies supported concurrently in a manner that is both deterministic and manageable. NGAC is particularly suitable for situations where some information is stored locally, and some is stored in a grid or cloud, as quite different policies can be put in place for each situation. Even more generally, NGAC supports a situation where a formal policy determined by a central organization is combined with a local, specific and more ad-hoc policy required to meet local needs.
In addition to its support of policies, NGAC also enables support for a variety of data services, including e-mail, workflow, records management etc. Support for these services is established through information contained in a database within NGAC.
The set of NGAC standards specifies the architecture, functions, operations, and interfaces necessary to ensure interoperability between conforming NGAC implementations. This standard contains an abstract functional description of an architecture. The description is abstract because it excludes all irrelevant details, and is functional because it partitions the entities comprising the architecture purely on the basis of their function and excludes all other constraints. Conforming implementations may employ any design technique that does not violate interoperability.
Collections
:
-
Statistics
ANSI INCITS 499
Show full item record
| contributor author | ANSI - American National Standards Institute | |
| date accessioned | 2017-09-04T17:56:31Z | |
| date available | 2017-09-04T17:56:31Z | |
| date copyright | 2013.03.19 | |
| date issued | 2013 | |
| identifier other | FMLBDFAAAAAAAAAA.pdf | |
| identifier uri | http://yse.yabesh.ir/std;jsessioutho1603177793325273135A68A10958014A0/handle/yse/179603 | |
| description abstract | Next Generation Access Control (NGAC) is a fundamental reworking of traditional access control into a form that suits the needs of the modern distributed interconnected enterprise. Access control is both an administrative and an automated process of defining and restricting which users and their processes can perform which operations on which system resources. The information that provides the basis by which access requests are granted or denied is known as a policy, and a wide variety of types of policies have been created to address different situations. Well-known examples of mechanisms by which specific policy types are enforced are access control lists (ACLs), capabilities, role-based access control (RBAC), and type enforcement, and well-known policies are discretionary access control (DAC), RBAC, multi-level security (MLS), Chinese Wall, separation of duty etc. NGAC diverges from traditional approaches to access control in defining a generic architecture that is separate from any particular policy or type of policy. NGAC is not an extension of, or adaption of, any existing access control mechanism, but instead is a redefinition of access control in terms of a fundamental and reusable set of data abstractions and functions. NGAC provides a unifying framework capable without extension of supporting not only current many access control approaches, but also novel types of policy that have been conceived but never implemented due to the lack of a suitable enforcement mechanism. NGAC accommodates combinations of different policies merely by changes to its control information, and thus it is possible to have several types of policies supported concurrently in a manner that is both deterministic and manageable. NGAC is particularly suitable for situations where some information is stored locally, and some is stored in a grid or cloud, as quite different policies can be put in place for each situation. Even more generally, NGAC supports a situation where a formal policy determined by a central organization is combined with a local, specific and more ad-hoc policy required to meet local needs. In addition to its support of policies, NGAC also enables support for a variety of data services, including e-mail, workflow, records management etc. Support for these services is established through information contained in a database within NGAC. The set of NGAC standards specifies the architecture, functions, operations, and interfaces necessary to ensure interoperability between conforming NGAC implementations. This standard contains an abstract functional description of an architecture. The description is abstract because it excludes all irrelevant details, and is functional because it partitions the entities comprising the architecture purely on the basis of their function and excludes all other constraints. Conforming implementations may employ any design technique that does not violate interoperability. | |
| language | English | |
| title | ANSI INCITS 499 | num |
| title | Information Technology – Next Generation Access Control – Functional Architecture (NGAC-FA) | en |
| type | standard | |
| page | 61 | |
| status | Active | |
| tree | ANSI - American National Standards Institute:;2013 | |
| contenttype | fulltext |