NIST Issues Blockchain Guidance for Access Control Systems
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) issued Blockchain guidance for Access Control (AC) which “…is concerned with determining the allowed activities of legitimate users and mediating every attempt by a user to access a resource in the system. The objectives of an AC system are often described in terms of protecting system resources against inappropriate or undesired user access.” The May 19, 2022 publication entitled “Blockchain for Access Control Systems” included these comments about “the following infrastructural properties that are not included in traditional AC mechanisms unless specifically implemented”:
-
Tamper-evident and tamper-resistant design prevents the alteration AC data (i.e., attributes, policy rules, environment conditions, and access requests) and AC logs (i.e., request permissions and previous AC data) and reduces the probability of frauds.
-
The control of authorization processing is decentralized, and the storage of AC data/logs has no single point of failure, thus providing more system tolerance and availability.
-
The traceability of blocks allows AC data/logs and system states to be seen and tracked.
-
The execution of arbitrary programs in smart contracts allows for controls on distributed AC data and authorization processes.
-
Consensus mechanisms and protocols jointly regulate the participating AC entities/organizations in determining policy rules through blocks or smart contracts.
Great news for AC!
