Pining For the Fjords: The Role of RBAC in Today's Applications presented at AppSecUSA 2012

by Wendy Nather,

Tags: Security

Summary : Is role-based access control (RBAC) really dead? It has a few snipers lined up to take it out, but it\'s still a fixture in legacy applications, and the need to abstract and organize permissions isn\'t going away. The move to third-party application services is both creating a topological crisis for the enterprise and driving its further abstraction as an organization: when there is no more "central control" of an application infrastructure, how are roles supposed to maintain security? This talk describes current issues with RBAC and explores options for the future, including multi-contextual roles and identities, provider-centric roles, and role risk assessment. We promise not to call it RBAC 2.0.