Structured Methods

One of the most challenging problems in managing large networks is the complexity of security administration. Role based access control (also called role based security), as formalized in 1992 by David Ferraiolo and Rick Kuhn (pdf), has become the predominant model for advanced access control because it reduces this cost. A variety of IT vendors, including IBM, Sybase, Secure Computing, and Siemens began developing products based on this model in 1994. In 2000, the Ferraiolo-Kuhn model was integrated with the framework of Sandhu et al. (pdf) to create a unified model for RBAC, published as the NIST RBAC model (Sandhu, Ferraiolo, and Kuhn, 2000 – pdf) and adopted as an ANSI/INCITS standard in 2004.