• There are no items in your cart

ASTM E 2595 : 2007 : R2013

Withdrawn
Withdrawn

A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.

Standard Guide for Privilege Management Infrastructure (Withdrawn 2017)
Available format(s)

Hardcopy , PDF

Withdrawn date

04-24-2017

Language(s)

English

Published date

03-01-2013

CONTAINED IN VOL. 14.01, 2015 Describes interoperable mechanisms to manage privileges in a distributed environment.

1.1This guide defines interoperable mechanisms to manage privileges in a distributed environment. This guide is oriented towards support of a distributed or service-oriented architecture (SOA) in which security services are themselves distributed and applications are consumers of distributed services.

1.2This guide incorporates privilege management mechanisms alluded to in a number of existing standards (for example, Guide E1986 and Specification E2084). The privilege mechanisms in this guide support policy-based access control (including role-, entity-, and contextual-based access control) including the application of policy constraints, patient-requested restrictions, and delegation. Finally, this guide supports hierarchical, enterprise-wide privilege management.

1.3The mechanisms defined in this guide may be used to support a privilege management infrastructure (PMI) using existing public key infrastructure (PKI) technology.

1.4This guide does not specifically support mechanisms based on secret-key cryptography. Mechanisms involving privilege credentials are specified in ISO 9594-8:2000 (attribute certificates) and Organization for the Advancement of Structured Information Standards (OASIS) Security Assertion Markup Language (SAML) (attribute assertions); however, this guide does not mandate or assume the use of such standards.

1.5Many current systems require only local privilege management functionality (on a single computer system). Such systems frequently use proprietary mechanisms. This guide does not address this type of functionality; rather, it addresses an environment in which privileges and capabilities (authorizations) shall be managed between computer systems across the enterprise and with business partners.

1.6This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety and health practices and determine the applicability of regulatory limitations prior to use.

Committee
E 31
DocumentType
Guide
Pages
31
ProductNote
Reconfirmed 2013
PublisherName
American Society for Testing and Materials
Status
Withdrawn
Supersedes

ANSI X9.45 : 1999 ENHANCED MANAGEMENT CONTROLS USING DIGITAL SIGNATURES AND ATTRIBUTE CERTIFICATES
ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
ISO/TS 22600-2:2006 Health informatics Privilege management and access control Part 2: Formal models
ASTM E 2084 : 2000 Standard Specification for Authentication of Healthcare Information Using Digital Signatures (Withdrawn 2009)
ISO/TS 21298:2008 Health informatics Functional and structural roles
ANSI INCITS 359 : 2012 INFORMATION TECHNOLOGY - ROLE BASED ACCESS CONTROL

View more information
US$108.00
Excluding Tax where applicable

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.