NIST has published NIST Internal Report (NIST IR) 8403, Blockchain for Access Control Systems. Protecting system resources against unauthorized access is the primary objective of an access control system. As information systems rapidly evolve, the need for advanced access control mechanisms that support decentralization, scalability, and trust – all major challenges for traditional mechanisms – has grown.
Blockchain technology offers high confidence and tamper resistance implemented in a distributed fashion without a central authority, which means that it can be a trustable alternative for enforcing access control policies. This document presents analyses of blockchain access control systems from the perspectives of properties, components, architectures, and model supports, as well as discussions on considerations for implementation.