Wednesday, August 17, 2016

IEC just published Draft Guidelines for Handling Role-based Access Control in Power Systems

IEC TC 57 just published (57/1764/DC):

Draft IEC TR 62351-90-1, Power systems management and associated information exchange – Data and communications security – Part 90-1: Guidelines for Handling Role-based Access Control in Power Systems

This draft technical report addresses the handling of access control of users and automated agents
to data objects in power systems by means of role-based access control (RBAC) as defined in
IEC 62351-8. IEC 62351-8 defines three different profiles to distribute role information and
also defines a set of mandatory roles to be supported. Adoption of RBAC has shown that the
defined mandatory roles are not always sufficient and that the method for defining custom
roles should be standardized to ensure interoperability. Hence, the main focus of this
document lies in developing a standardized method for defining and engineering custom
roles, their role-to-right mappings and the corresponding infrastructure support needed to
utilize these custom roles in power systems.

Comments are welcome latest by 2016-10-07.

No comments: