ДСТУ EN IEC 62351-8:2022 Управление энергетическими системами и связанный с ним информационный обмен. Безопасность данных и коммуникаций. Часть 8. Управление доступом с использованием ролей (EN IEC 62351-8:20...
ДСТУ EN IEC 62351-8:2022
(EN IEC 62351-8:2020, IDT; IEC 62351-8:2020, IDT)
Управління енергетичними системами та пов`язаний із ним інформаційний обмін.
Безпека даних та комунікацій. Частина 8. Управління доступом із використанням ролей
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)
Contents
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 RBAC process model
5.1 Overview of RBAC process model
5.2 Generic RBAC concepts
5.3 Separation of subjects, roles, and permissions
5.4 Criteria for defining roles
6 Definition of roles
6.1 Role-to-permission assignment inside the entity in general
6.2 Role-to-permission assignment with respect to power systems
6.3 Role to permission assignment for specific roles
6.4 Role-to-permission assignment with respect to other non-power system domains (e.g. industrial process control)
7 RBAC credential distribution using the PUSH model
7.1 General
7.2 Secure access to an LDAP-enabled repository
7.3 Secure access to an identity provider for retrieval of a JWT
8 RBAC credential distribution using the PULL model
8.1 General
8.2 Secure access to an LDAP-enabled repository
8.3 Secure access to the RADIUS-enabled repository
8.4 Secure access to the JWT provider
9 General application of RBAC access token (informative)
9.1 General
9.2 Session-based approach
9.3 Message-based approach
10 Definition of access tokens
10.1 General
10.2 Supported profiles
10.3 Identification of access token
10.4 General structure of the access tokens
10.5 Specific structure of the access tokens
11 Transport profiles
11.1 Usage in TCP-based protocols
11.2 Usage in non-Ethernet based protocols
12 Verification of access tokens
12.1 General
12.2 Multiple access token existence
12.3 Subject authentication
12.4 Access token availability
12.5 Validity period
12.6 Access token integrity
12.7 Issuer
12.8 RolelD
12.9 Revision number
12.10 Area of responsibility
12.11 Role definition
12.12 Revocation state
12.13 Operation
12.14 Sequence number
12.15 Revocation methods
13 Conformity
13.1 General
13.2 Notation
13.3 Conformance to access token format
13.4 Conformance to access token content
13.5 Access token distribution
13.6 Role information exchange
13.7 Mapping to existing authorization mechanisms
13.8 Security events
14 Repository interaction for the defined RBAC profiles
Annex A (informative) Informative example for specific role definition
Bibliography
Полная версия документа доступна в тарифе «ВСЕ ВКЛЮЧЕНО».