The roots of Role Based Access Control (RBAC) at the National Institute of Standards and Technology (NIST) trace back to the early 1990s. Here are some key points:
Development and Formalization: RBAC was formalized by David Ferraiolo and Rick Kuhn at NIST in 1992. Their work aimed to simplify security administration by assigning permissions to roles rather than individual users.
Unified Model: In 2000, the Ferraiolo-Kuhn model was integrated with the framework to create a unified RBAC model. This model was published as the NIST RBAC model and became a widely accepted standard.
Standardization: The NIST RBAC model was adopted as an American National Standard (ANSI/INCITS 359-2004) by the American National Standards Institute in 2004. It was later revised in 2012.s
Economic Impact: NIST’s research on RBAC has had a significant economic impact, saving the industry an estimated $1.1 billion over multiple years by reducing the complexity and cost of security administration.
The NIST RBAC model has become a cornerstone in the field of access control, influencing many commercial products and research initiatives.