1、 IEC/TS 62351-8 Edition 1.0 2011-09 TECHNICAL SPECIFICATION Power systems management and associated information exchange Data and communications security Part 8:Role-based access control IEC/TS 62351-8:2011(E)colourinsideCopyrighted material licensed to BR Demo by Thomson Reuters(Scientific),Inc.,do
2、wnloaded on Nov-28-2014 by James Madison.No further reproduction or distribution is permitted.Uncontrolled when printed.THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2011 IEC,Geneva,Switzerland All rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utiliz
3、ed in any form or by any means,electronic or mechanical,including photocopying and microfilm,without permission in writing from either IEC or IECs member National Committee in the country of the requester.If you have any questions about IEC copyright or have an enquiry about obtaining additional rig
4、hts to this publication,please contact the address below or your local IEC member National Committee for further information.Droits de reproduction rservs.Sauf indication contraire,aucune partie de cette publication ne peut tre reproduite ni utilise sous quelque forme que ce soit et par aucun procd,
5、lectronique ou mcanique,y compris la photocopie et les microfilms,sans laccord crit de la CEI ou du Comit national de la CEI du pays du demandeur.Si vous avez des questions sur le copyright de la CEI ou si vous dsirez obtenir des droits supplmentaires sur cette publication,utilisez les coordonnes ci
6、-aprs ou contactez le Comit national de la CEI de votre pays de rsidence.IEC Central Office 3,rue de Varemb CH-1211 Geneva 20 Switzerland Email:inmailiec.ch Web:www.iec.ch About IEC publications The technical content of IEC publications is kept under constant review by the IEC.Please make sure that
7、you have the latest edition,a corrigenda or an amendment might have been published.Catalogue of IEC publications:www.iec.ch/searchpub The IEC on-line Catalogue enables you to search by a variety of criteria(reference number,text,technical committee,).It also gives information on projects,withdrawn a
8、nd replaced publications.IEC Just Published:www.iec.ch/online_news/justpub Stay up to date on all new IEC publications.Just Published details twice a month all new publications released.Available on-line and also by email.Electropedia:www.electropedia.org The worlds leading online dictionary of elec
9、tronic and electrical terms containing more than 20 000 terms and definitions in English and French,with equivalent terms in additional languages.Also known as the International Electrotechnical Vocabulary online.Customer Service Centre:www.iec.ch/webstore/custserv If you wish to give us your feedba
10、ck on this publication or need further assistance,please visit the Customer Service Centre FAQ or contact us:Email:csciec.ch Tel.:+41 22 919 02 11 Fax:+41 22 919 03 00 Copyrighted material licensed to BR Demo by Thomson Reuters(Scientific),Inc.,downloaded on Nov-28-2014 by James Madison.No further r
11、eproduction or distribution is permitted.Uncontrolled when printed.IEC/TS 62351-8 Edition 1.0 2011-09 TECHNICAL SPECIFICATION Power systems management and associated information exchange Data and communications security Part 8:Role-based access control INTERNATIONAL ELECTROTECHNICAL COMMISSION X ICS
12、 33.200 PRICE CODE ISBN 978-2-88912-723-8 Registered trademark of the International Electrotechnical Commission colourinsideCopyrighted material licensed to BR Demo by Thomson Reuters(Scientific),Inc.,downloaded on Nov-28-2014 by James Madison.No further reproduction or distribution is permitted.Unc
13、ontrolled when printed.2 TS 62351-8 IEC:2011(E)CONTENTS FOREWORD.5 INTRODUCTION.7 1 Scope.8 2 Normative references.9 3 Terms,definitions and abbreviations.10 3.1 Terms and definitions.10 3.2 Abbreviations.12 4 RBAC process model.13 4.1 General.13 4.2 Separation of subjects,roles,and rights.14 4.2.1
14、General.14 4.2.2 Subject assignment.15 4.2.3 Role assignment.16 4.2.4 Right assignment.16 4.3 Criteria for defining roles.16 4.3.1 Policies.16 4.3.2 User,roles,and rights.16 4.3.3 Introducing roles reduces complexity.16 5 Definition of roles.17 5.1 Role-to-right assignment inside the object in gener
15、al.17 5.1.1 General.17 5.1.2 Number of supported rights.17 5.1.3 Number of supported roles.17 5.1.4 Flexibility of role-to-right mapping.17 5.2 Role-to-right assignment with respect to power systems.17 5.2.1 Mandatory roles and rights for logical-device access control.17 5.2.2 Power utility automati
16、on IEC 61850.20 5.2.3 CIM IEC 61968.22 5.2.4 AMI.22 5.2.5 DER.22 5.2.6 Markets.23 5.3 Role-to-right assignment with respect to other non-power system domains(e.g.industrial process control).23 6 General architecture for the PUSH model.23 6.1 General.23 6.2 Secure access to the LDAP-enabled service.24 7 General architecture for the PULL model.24 7.1 General.24 7.2 Secure access to the LDAP-enabled service.26 7.3 LDAP directory organization.26 8 General application of RBAC access token.26 8.1 G