IEC 62351 -8:2020 pdf download – Power systems management and associated information exchange – Data and communications security – Part 8: Role-based access control for power system management.
5 RBAC process model 5.1 Overview of RBAC process model The purpose of an access control mechanism is to protect system resources, formally called “objects”. Role-based access control (RBAC) is a technology that has the potential to reduce the complexity and cost of security administration in networks with large numbers of intelligent devices. Under RBAC, security administration is simplified through the use of roles and constraints to organize subject access levels. RBAC reduces costs within an organization primarily because it accepts that employees change roles and responsibilities more frequently than the permissions within roles and responsibilities have to be changed. For a system that implements RBAC, system resources can represent information containers (e.g., files, directories in an operating system and/or columns rows, tables, and views within a database management system) or exhaustible device resources, such as printers, disk space, and CPU cycles.
Typically, the application of RBAC is divided into different phases: – Phase 1 : Assignment • of actions to objects to build permissions (not very frequent); • of permissions to roles (less frequent, only when defining specific roles); • of subjects to roles (may be frequent depending on the use case). – Phase 2: Operation (Enforcement) • authentication of the subject towards the relying party; • authorization of the subject to perform a sepcifc task, based on the supplied role information and the associated permissions. The role information in the context of this document is contained in an access token. Note that phase 1 is the precondition for phase 2 as it binds the subject authentication to the access token. Note also that the relying party may perform the authentication directly or delegate it to a (access token) repository providing the associated information. 5.2 Generic RBAC concepts This document defines a set of role-based access control methods supporting RBAC in power automation systems. The purpose of this document is therefore to: 1 ) introduce subjects-roles-permissions as authorization concept; 2) promote role-based access control for all levels in power system management; and 3) enable interoperability across the multi-vendor environments of power system automation. As subject names change more frequently than role names and as role names change more frequently than the permissions of a data model (e.g. IEC 61 850), it is advisable to store the frequently changing entities (i.e. the subjects’ names) outside the object. The less frequently changing role names and permissions are stored inside the object. Figure 1 provides a generic picture for access control. It consists of a subject, an identity provider and an object.
The subject wants to access the resources of the entity (relying party) by means of an access token provided by the identity provider. There are generally two ways to do this: – the access token can be fetched by the entity from the repository of the identity provider when the subject connects to the entity: this case is called “PULL”; – alternatively, the subject can first fetch the access token from the repository of the identity provider prior to accessing the entity: this case is called “PUSH”. The access token contains the role of the subject and further information regarding validity of the access token and further parameters. RBAC is part of a general authentication, authorization and accounting infrastructure for access control to data and services. In general, the subject has permissions assigned via roles that are pushed to or pulled by the entity. In any case, it is expected that the controlled entity validates the access token after authenticating the subject and allowing access as granted.