this article we propose a standard for role-based access control (RBAC). Although RBAC models have received broad support as a generalized approach to access control, and are well recognized for their many advantages in performing large-scale authorization management, no single authoritative definition of RBAC exists today. This lack of a widely accepted model results in uncertainty and confusion about RBAC's utility and meaning. The standard proposed here seeks to resolve this situation by unifying ideas from a base of frequently referenced RBAC models, commercial products, and research prototypes. It is intended to serve as a foundation for product development, evaluation, and procurement specification. Although RBAC continues to evolve as users, researchers, and vendors gain experience with its application, we feel the features and components proposed in this standard represent a fundamental and stable set of mechanisms that may be enhanced by developers in further meeting the needs of their customers. As such, this document does not attempt to standardize RBAC features beyond those that have achieved acceptance in the commercial marketplace and research community, but instead focuses on defining a fundamental and stable set of RBAC components. This standard is organized into the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The reference model defines the scope of features that comprise the standard and provides a consistent vocabulary in support of the specification. The RBAC System and Administrative Functional Specification defines functional requirements for administrative operations and queries for the creation, maintenance, and review of RBAC sets and relations, as well as for specifying system level functionality in sup...

We describe in more detail than before the reference model for role-based access control introduced by Nyanchama and Osborn, and the role-graph model with its accompanying algorithms, which is one way of implementing role-role relationships. An alternative role insertion algorithm is added, and it is shown how the role creation policies of Fernandez et al. correspond to role addition algorithms in our model. We then use our reference model to provide a taxonomy for kinds of conflict. We then go on to consider in some detail privilegeprivilege and role-role conflicts in conjunction with the role graph model. We show how role-role conflicts lead to a partitioning of the role graph into nonconflicting collections that can together be safely authorized to a given user. Finally, in an appendix, we present the role graph algorithms with additional logic to disallow roles that contain conflicting privileges.

This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in [1], and [2], with adjustments that have resulted through experiences gained by prototype implementations, market analysis, and observations made by Jansen [3], and Hoffman [4]. The implementation of RBAC for the Web (RBAC/Web) provides an alternative to the conventional means of administering and enforcing authorization policy on a server-by-server basis. RBAC/Web provides administrators with a means of managing authorization data at the enterprise level, and in a manner that is consistent with the current set of laws, regulations, and practices that face businesses today. Categories and Subject Descriptors: C.2.4 [Computer Systems Organization]: Computercommunication Networks ---Distributed Systems; C.2.5 [Computer Systems Organization]:

This paper describes NIST’s enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992] and Ferraiolo et al. [1995], with adjustments resulting from experience gained by prototype implementations, market analysis, and observations made by Jansen [1988] and Hoffman [1996]. The implementation of RBAC for the web (RBAC/Web) provides an alternative to the conventional means of administering and enforcing authorization policy on a server-by-server basis. RBAC/Web provides administrators with a means of managing authorization data at the enterprise level, in a manner consistent with the current set of laws, regulations, and practices.

Abstract: Constraints are an important aspect of role-based access control (RBAC) and its different extensions. They are often regarded as one of the principal motivations behind these access control models. There are two important issues relating to constraints: their specification and their enforcement. However, the existing approaches cannot comprehensively support both of them. On the other hand, the early research effort mainly concentrates on separation of duty. In this paper, we introduce two novel authorization constraint specification schemes named prohibition constraint scheme and obligation constraint scheme respectively. Both of them can be used for both expressing and enforcing authorization constraints. These schemes are strongly bound to authorization entity set functions and relation functions that could be mapped to the functions that need to be developed in application systems, so they can provide the system developers a clear view about which functions should be developed in an authorization constraint system. Based on these functions, various constraint schemes can be easily defined. The security administrators can use these functions to create constraint schemes for their day-to-day operations. A constraint system could be scalable through defining new entity set functions and entity relation functions. This approach goes beyond the well known separation of duty constraints, and considers many aspects of entity relation constraints.