Changes between Version 1 and Version 2 of Internal/Rbac/RbacResources


Ignore:
Timestamp:
Aug 31, 2006, 4:43:57 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Internal/Rbac/RbacResources

    v1 v2  
    1616
    1717=== RBAC References ===
    18 to be attached here, all 225 of them
     18  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01647810.pdf AC05]] Raman Adaikkalavan and Sharma Chakravarthy. Active Authorization Rules for Enforcing Role-Based Access Control and its Extensions. In ''21st International Conference on Data Engineering Workshops'', pages 1197--1206, Washington, DC, USA, April 2005. IEEE Computer Society.
     19
     20  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/WOSIS2004.pdf AH04]] Gail-Joon Ahn and Seng-Phil Hong. Group Hierarchies with Constrained User Assignment in Linux. In ''Proceedings of The Second International Workshop on Security In Information Systems (WOSIS)'', pages 24--33, April 2004.
     21
     22  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-gail.pdf Ahn99]] Gail-Joon Ahn. ''The RCL 2000 Language for Specifying Role-Based Authorization Constraints''. PhD thesis, George Mason University, 1999. Dissertation Director: Dr. Ravi Sandhu.
     23
     24  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ahn01conuga.pdf AK01]] Gail-Joon Ahn and Kwangjo Kim. CONUGA: Constrained User Group Assignment. ''J. Netw. Comput. Appl.'', 24(2):87--100, 2001.
     25
     26  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-mohammad.pdf AK04]] Mohammad Abdullah Al-Kahtani. ''A Family of Models for Rule-Based User-Role Assignment''. PhD thesis, George Mason University, 2004. Dissertation Director: Dr. Ravi Sandhu.
     27
     28  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01176307.pdf AKS02]] Mohammad A. Al-Kahtani and Ravi S. Sandhu. A Model for Attribute-Based User-Role Assignment. In ''ACSAC '02: Proceedings of the 18th Annual Computer Security Applications Conference'', pages 353--362, Washington, DC, USA, 2002. IEEE Computer Society.
     29
     30  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p142-al-kahtani.pdf AKS03]] Mohammad A. Al-Kahtani and Ravi S. Sandhu. Induced Role Hierarchies with Attribute-Based RBAC. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 142--148, New York, NY, USA, 2003. ACM Press.
     31
     32  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01377248.pdf AKS04]] Mohammad A. Al-Kahtani and Ravi S. Sandhu. Rule-Based RBAC With Negative Authorization. In ''20th Annual Computer Security Applications Conference (ACSAC'04)'', pages 405--415, Washington, DC, USA, December 2004. IEEE Computer Society.
     33
     34  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbacwebapps.pdf Ali05]] Saqib Ali. RBAC for WebApps using LDAP, August 2005. http://www.networksecurityarchive.org/html/Web-App-Sec/2005-08/msg00036.html.
     35
     36  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01286758.pdf AM04a]] Gail-Joon Ahn and Badrinath Mohan. Secure Information Sharing Using Role-Based Delegation. In ''Proceedings of the International Conference on Information Technology: Coding and Computing, ITCC 2004, Volume 2'', pages 810--815, Washington, DC, USA, April 2004. IEEE Computer Society.
     37
     38  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ao04role.pdf AM04b]] Xuhui Ao and Naftaly H. Minsky. On the Role of Roles: from Role-Based to Role-Sensitive Access Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 51--60, New York, NY, USA, 2004. ACM Press.
     39
     40  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sdarticle.pdf AMH06]] Gail-Joon Ahn, Badrinath Mohan, and Seng-Phil Hong. Secure information sharing using role-based delegation. ''Journal of Network and Computer Applications'', 2006. In press.
     41
     42  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p207-ahn.pdf AS00]] Gail-Joon Ahn and Ravi S. Sandhu. Role-Based Authorization Constraints Specification. ''ACM Trans. Inf. Syst. Secur.'', 3(4):207--226, 2000.
     43
     44  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00953406.pdf AS01]] Gail-Joon Ahn and Michael E. Shin. Role-Based Authorization Constraints Specification Using Object Constraint Language. In ''WETICE '01: Proceedings of the 10th IEEE International Workshops on Enabling Technologies'', pages 157--162, Washington, DC, USA, 2001. IEEE Computer Society.
     45
     46  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2928_1724_76-10-01.pdf ASKP00]] Gail-Joon Ahn, Ravi S. Sandhu, Myong Kang, and Joon Park. Injecting RBAC to Secure a Web-based Workflow System. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 1--10, New York, NY, USA, 2000. ACM Press.
     47
     48  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/health_paper.pdf Bar95]] John Barkley. Application Engineering in Health Care. In ''Proceedings of the 2nd Annual CHIN Summit'', 1995.
     49
     50  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p69-bartz.pdf Bar97]] Larry S. Bartz. hyperDRIVE: Leveraging LDAP to Implement RBAC on the Web. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 69--74, New York, NY, USA, 1997. ACM Press.
     51
     52  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-Ezedin.pdf Bar02]] Ezedin S. Barka. ''Framework for Role-Based Delegation Models''. PhD thesis, George Mason University, 2002. Dissertation Director: Dr. Ravi Sandhu.
     53
     54  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p23-berry.pdf BBB05]] Lior Berry, Lyn Bartram, and Kellogg S. Booth. Role-Based Control of Shared Application Views. In ''UIST '05: Proceedings of the 18th Annual ACM Symposium on User Interface Software and Technology'', pages 23--32, New York, NY, USA, 2005. ACM Press.
     55
     56  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p191-bertino.pdf BBF01]] Elisa Bertino, Piero Andrea Bonatti, and Elena Ferrari. TRBAC: A Temporal Role-Based Access Control Model. ''ACM Trans. Inf. Syst. Secur.'', 4(3):191--233, 2001.
     57
     58  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01314738.pdf BBG05]] Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. A Trust-Based Context-Aware Access Control Model for Web-Services. ''Distrib. Parallel Databases'', 18(1):83--105, 2005.
     59
     60  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/CACM_Accepted.pdf BBG06]] Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. An Integrated Approach to Federated Identity and Privilege Management in Open Systems. ''Communications of the ACM'', 2006. Accepted for publication.
     61
     62  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p71-bertino.pdf BCFP03]] Elisa Bertino, Barbara Catania, Elena Ferrari, and Paolo Perlasca. A Logical Framework for Reasoning about Access Control Models. ''ACM Trans. Inf. Syst. Secur.'', 6(1):71--127, 2003.
     63
     64  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p100-lodderstedt.pdf BDL03]] David Basin, Jürgen Doser, and Torsten Lodderstedt. Model Driven Security for Process-Oriented Systems. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 100--109, New York, NY, USA, 2003. ACM Press.
     65
     66  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p39-basin.pdf BDL06]] David Basin, Jürgen Doser, and Torsten Lodderstedt. Model Driven Security: From UML Models to Access Control Infrastructures. ''ACM Trans. Softw. Eng. Methodol.'', 15(1):39--91, 2006.
     67
     68  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/botha.pdf BE01]] Reinhardt A. Botha and Jan H. P. Eloff. Separation of Duties for Access Control Enforcement in Workflow Environments. ''IBM Syst. J.'', 40(3):666--682, 2001.
     69
     70  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/belokosztolszki03shielding.pdf BE03]] András Belokosztolszki and David Eyers. Shielding RBAC Infrastructures from Cyberterrorism. In ''Research Directions in Data and Applications Security'', pages 3--14. Kluwer Academic Publishers, 2003.
     71
     72  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01206964.pdf BEM03]] András Belokosztolszki, David M. Eyers, and Ken Moody. Policy Contexts: Controlling Information Flow in Parameterised RBAC. In ''Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks, POLICY 2003'', pages 99--110, Washington, DC, USA, June 2003. IEEE Computer Society.
     73
     74  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/belokosztolszki03rolebased.pdf BEPE03]] András Belokosztolszki, David M. Eyers, Peter R. Pietzuch, Jean Bacon, and Ken Moody. Role-Based Access Control for Publish/Subscribe Middleware Architectures. In ''DEBS '03: Proceedings of the 2nd International Workshop on Distributed Event-Based Systems'', pages 1--8, New York, NY, USA, 2003. ACM Press.
     75
     76  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/belokosztolszki03policy.pdf BEWM03]] András Belokosztolszki, David M. Eyers, Wei Wang, and Ken Moody. Policy Storage for Role-Based Access Control Systems. In ''Proceedings of the Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'03)'', pages 196--201, 2003.
     77
     78  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p187-bhatti.pdf BGBJ05]] Rafae Bhatti, Arif Ghafoor, Elisa Bertino, and James B. D. Joshi. X-GTRBAC: an XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control. ''ACM Trans. Inf. Syst. Secur.'', 8(2):187--227, 2005.
     79
     80  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-27.pdf Bha03]] Rafae Bhatti. X-GTRBAC: an XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control. Master's thesis, Purdue University, May 2003.
     81
     82  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p78-bhatti.pdf BJBG04]] Rafae Bhatti, James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. X-GTRBAC Admin: A Decentralized Administration Model for Enterprise-Wide Access Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 78--86, New York, NY, USA, 2004. ACM Press.
     83
     84  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/bell76.pdf BL76]] David E. Bell and Leonard J. LaPadula. Secure Computer Systems: Unified Exposition and MULTICS Interpretation. Technical Report MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA, March 1976.
     85
     86  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p59-bacon.pdf BM02a]] Jean Bacon and Ken Moody. Toward Open, Secure, Widely Distributed Services. ''Commun. ACM'', 45(6):59--64, 2002.
     87
     88  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01011298.pdf BM02b]] András Belokosztolszki and Ken Moody. Meta-policies for distributed role-based access control systems. In ''Policy 2002: IEEE 3rd International Workshop on Policies for Distributed Systems and Networks'', pages 106--115, Washington, DC, USA, 2002. IEEE Computer Society.
     89
     90  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p492-bacon.pdf BMY02]] Jean Bacon, Ken Moody, and Walt Yao. A Model of OASIS Role-Based Access Control and Its Support for Active Security. ''ACM Trans. Inf. Syst. Secur.'', 5(4):492--540, 2002.
     91
     92  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p71-brooks.pdf Bro99]] Kami Brooks. Migrating to Role-Based Access Control. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 71--81, New York, NY, USA, 1999. ACM Press.
     93
     94  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/brucker02cvsserver.pdf BRW02]] Achim D. Brucker, Frank Rittinger, and Burkhart Wolff. The CVS-Server Case Study: A Formalized Security Architecture. In G. Schellhorn D. Haneberg and W. Reif, editors, ''FM-TOOLS 2002, The 5th Workshop on Tools for System Design and Verification, Reisensburg, Germany'', Report 2002-11, pages 47--52. Universität Augsburg, Institut für Informatik, July 2002.
     95
     96  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/barka00rolebased.pdf BS00]] Ezedin Barka and Ravi S. Sandhu. A Role-Based Delegation Model and Some Extensions. In ''23rd National Information Systems Security Conference'', Washington, DC, USA, October 2000. IEEE Computer Society.
     97
     98  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01377247.pdf BS04]] Ezedin Barka and Ravi S. Sandhu. Role-Based Delegation Model/Hierarchical Roles (RBDM1). In ''20th Annual Computer Security Applications Conference'', pages 396--404, Washington, DC, USA, December 2004. IEEE Computer Society.
     99
     100  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p388-bhatti.pdf BSBE05]] Rafae Bhatti, Basit Shafiq, Elisa Bertino, Arif Ghafoor, and James B. D. Joshi. X-GTRBAC Admin: A Decentralized Administration Model for Enterprise-Wide Access Control. ''ACM Trans. Inf. Syst. Secur.'', 8(4):388--423, 2005.
     101
     102  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rwhat.pdf BSCE05]] Sacha Brostoff, M. Angela Sasse, David Chadwick, James Cunningham, Uche Mbanaso, and Sassa Otenko. R-What? Development of a Role-Based Access Control (RBAC) Policy-Writing Tool for e-Scientists. ''Software: Practice and Experience'', 35(9):835--856, July 2005.
     103
     104  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01565245.pdf BTKV05]] Elisa Bertino, Evimaria Terzi, Ashish Kamra, and Athena Vakali. Intrusion Detection in RBAC-administered Databases. In ''21st Annual Computer Security Applications Conference'', volume l, pages 10--19, Washington, DC, USA, December 2005. IEEE Computer Society.
     105
     106  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p77-burrow.pdf Bur04]] Andrew Lincoln Burrow. Negotiating Access within Wiki: A System to Construct and Maintain a Taxonomy of Access Rules. In ''HYPERTEXT '04: Proceedings of the Fifteenth ACM Conference on Hypertext and Hypermedia'', pages 77--86, New York, NY, USA, 2004. ACM Press.
     107
     108  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fmics_03.pdf BW03]] Achim D. Brucker and Burkhart Wolff. A Case Study of a Formalized Security Architecture. In ''Electr. Notes Theor. Comput. Sci., FMICS'03: Eighth International Workshop on Formal Methods for Industrial Critical Systems'', volume 80, pages 1--17, Netherlands, June 2003. Elsevier Science B. V.
     109
     110  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/862262.pdf Car03]] Gerald Carter. ''LDAP System Administration''. O'Reilly Media, Inc., Sebastopol, CA, USA, March 2003.
     111
     112  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ACM_XML_Paper_Final.pdf Cha00]] Ramaswamy Chandramouli. Application of XML Tools for Enterprise-Wide RBAC Implementation Tasks. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 11--18, New York, NY, USA, 2000. ACM Press.
     113
     114  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/chandramouli01framework.pdf Cha01]] Ramaswamy Chandramouli. A Framework for Multiple Authorization Types in a Healthcare Application System. In ''ACSAC '01: Proceedings of the 17th Annual Computer Security Applications Conference'', page 137, Washington, DC, USA, December 2001. IEEE Computer Society.
     115
     116  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_validate.pdf Cha03]] Ramaswamy Chandramouli. Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints. In ''World Multiconference on Systems, Cybernetics and Informatics, July 27-30, 2003'', July 2003.
     117
     118  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01506523.pdf CJ05]] Suroop Mohan Chandran and James B. D. Joshi. Towards Administration of a Hybrid Role Hierarchy. In ''2005 IEEE International Conference on Information Reuse and Integration'', pages 500--505, Washington, DC, USA, August 2005. IEEE Computer Society.
     119
     120  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p6-crampton.pdf CL01]] Jason Crampton and George Loizou. Authorisation and Antichains. ''SIGOPS Oper. Syst. Rev.'', 35(3):6--15, 2001.
     121
     122  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p201-crampton.pdf CL03]] Jason Crampton and George Loizou. Administrative Scope: A Foundation for Role-Based Administrative Models. ''ACM Trans. Inf. Syst. Secur.'', 6(2):201--231, 2003.
     123
     124  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p111-crampton.pdf CLB06]] Jason Crampton, Wing Leung, and Konstantin Beznosov. The Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 111--120, New York, NY, USA, 2006. ACM Press.
     125
     126  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p135-chadwick.pdf CO02a]] David W. Chadwick and Alexander Otenko. The PERMIS X.509 Role Based Privilege Management Infrastructure. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 135--140, New York, NY, USA, 2002. ACM Press.
     127
     128  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/chadwickRBAC509.pdf CO02b]] David W. Chadwick and Alexander Otenko. RBAC Policies in XML for X.509 Based Privilege Management. In M. A. Ghonaimy, M. T. El-Hadidi, and H.K. Aslan, editors, ''Security in the Information Society: Visions and Perspectives: IFIP TC11 17th Int. Conf. On Information Security (SEC2002), Cairo, Egypt'', pages 39--53. Kluwer Academic Publishers, May 2002.
     129
     130  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Sec2002Final.pdf CO02c]] David W. Chadwick and Alexander Otenko. RBAC Policies in XML for X.509 Based Privilege Management -- Final, 2002.
     131
     132  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/InternetComputingPaperv4.pdf COB04]] David W. Chadwick, Alexander Otenko, and Edward Ball. Implementing Role Based Access Controls Using X.509 Attribute Certificates - the PERMIS Privilege Management Infrastructure. In ''Security and Privacy in Advanced Networking Technologies'', pages 26--39, 2004.
     133
     134  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cs1050005.pdf Com04a]] Government Reform Committee. Report of the Best Practices and Metrics Teams. Technical Report CS1/05-0005, United States House of Representatives, November 2004. Corporate Information Security Working Group of the Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census of the Government Reform Committee.
     135
     136  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cd-xacml-rbac-profile-01.pdf Com04b]] OASIS Technical Committee. XACML Profile for Role Based Access, February 2004.
     137
     138  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_control-xacml-2.0-rbac-profile1-spec-os.pdf Com05a]] OASIS Technical Committee. Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML v2.0. Technical report, Organization for the Advancement of Structured Information Standards, February 2005.
     139
     140  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_control-markup.pdf Com05b]] OASIS Technical Committee. OASIS eXtensible Access Control Markup Language (xacml) v2.0. Technical report, Organization for the Advancement of Structured Information Standards, February 2005. XACML-2.0-OS-NORMATIVE.zip.
     141
     142  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/STAT_RBAC_Paper.pdf Cor06]] Harris Corp. Role-Based Access Control In Network Vulnerability Management. Technical report, Harris Corp., March 2006.
     143
     144  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/qut-isrc-tr-1999-005.pdf CR99a]] William Caelli and Anthony Rhodes. Implementation of Active Role Based Access Control in a Collaborative Environment. Technical Report QUT-ISRC-TR-1999-005, University of Queensland, Australia, 1999.
     145
     146  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/qut-isrc-tr-1999-003.pdf CR99b]] William Caelli and Anthony Rhodes. RBACManager: Implementing a Minimal Role Based Access Control Scheme (RBACm) Under the Windows NT 4.0 Workstation Operating System. Technical Report QUT-ISRC-TR-1999-003, Information Security Institute, Queensland University of Technology, Brisbane, Australia, 1999.
     147
     148  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p49-chakraborty.pdf CR06]] Sudip Chakraborty and Indrajit Ray. TrustBAC: Integrating Trust Relationships into the RBAC Model for Access Control in Open Systems. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 49--58, New York, NY, USA, 2006. ACM Press.
     149
     150  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p85-crampton.pdf Cra03a]] Jason Crampton. On Permissions, Inheritance and Role Hierarchies. In ''CCS '03: Proceedings of the 10th ACM Conference on Computer and Communications Security'', pages 85--92, New York, NY, USA, 2003. ACM Press.
     151
     152  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p43-crampton.pdf Cra03b]] Jason Crampton. Specifying and Enforcing Constraints in Role-Based Access Control. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 43--50, New York, NY, USA, 2003. ACM Press.
     153
     154  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p158-crampton.pdf Cra05]] Jason Crampton. Understanding and Developing Role-Based Administrative Models. In ''CCS '05: Proceedings of the 12th ACM Conference on Computer and Communications Security'', pages 158--167, New York, NY, USA, 2005. ACM Press.
     155
     156  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/clark_wilson.pdf CW87]] David D. Clark and David R. Wilson. A Comparison of Commercial and Military Computer Security Policies. In ''1987 IEEE Symposium on Security and Privacy'', pages 184--194, Washington, DC, USA, 1987. IEEE.
     157
     158  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sacmat04-tbac.pdf DBEE04]] Nathan Dimmock, András Belokosztolszki, David Eyers, Jean Bacon, and Ken Moody. Using Trust and Risk in Role-Based Access Control Policies. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 156--162, New York, NY, USA, 2004. ACM Press.
     159
     160  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/risk-tbac-itrust05.pdf DBIM05]] Nathan Dimmock, Jean Bacon, David Ingram, and Ken Moody. Risk Models for Trust-Based Access Control (TBAC). In ''iTrust 2005'', pages 364--371. University of Cambridge, 2005.
     161
     162  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/tcsec-dod85.pdf Def85]] Department of Defense. ''Department of Defense Trusted Computer System Evaluation Criteria''. United States Government Printing Office, December 1985. DOD 5200.28-STD (The Orange Book).
     163
     164  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cts2006-oce-dynamic-access-control-05.pdf DGTE06]] Yuri Demchenko, Leon Gommans, Andrew Tokmakoff, Rene van Buuren, and Cees de Laut. Policy Based Access Control in Dynamic Grid-based Collaborative Environment. In ''International Symposium on Collaborative Technologies and Systems CTS 2006'', pages 64--73. University of Amsterdam, May 2006.
     165
     166  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01578976.pdf DJYM05]] Wu Di, Lin Jian, Dong Yabo, and Zhu Miaoliang. Using Semantic Web Technologies to Specify Constraints of RBAC. In ''Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2005'', pages 543--545, Washington, DC, USA, December 2005. IEEE Computer Society.
     167
     168  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01265447.pdf DMP04]] Fredj Dridi, Björn Muschall, and Günther Pernul. Administration of an RBAC System. In ''Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS '04)'', volume 07, pages 70187b--92, Los Alamitos, CA, USA, 2004. IEEE Computer Society.
     169
     170  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/acpande.pdf DPS03]] Sabrina De Capitani di Vimercati, Stefano Paraboschi, and Pierangela Samarati. Access Control: Principles and Solutions. ''Software: Practice and Experience'', 33(5):397--421, 2003.
     171
     172  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p53-evered.pdf EB04]] Mark Evered and Serge Bögeholz. A Case Study in Access Control Requirements for a Health Information System. In ''ACSW Frontiers '04: Proceedings of the Second Workshop on Australasian Information Security, Data Mining and Web Intelligence, and Software Internationalisation'', pages 53--61, Darlinghurst, Australia, Australia, 2004. Australian Computer Society, Inc.
     173
     174  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-pete.pdf Eps02]] Pete A. Epstein. ''Engineering of Role/Permission Assignments''. PhD thesis, George Mason University, 2002. Dissertation Director: Dr. Ravi Sandhu.
     175
     176  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/uml-org.pdf ES99]] Pete Epstein and Ravi Sandhu. Towards a UML Based Approach to Role Engineering. In ''RBAC '99: Proceedings of the fourth ACM workshop on Role-based access control'', pages 135--143, New York, NY, USA, 1999. ACM Press.
     177
     178  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p34-ferraiolo.pdf FBK99]] David F. Ferraiolo, John F. Barkley, and D. Richard Kuhn. A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet. ''ACM Transactions on Information and System Security'', 2(1):34--64, 1999.
     179
     180  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ferraiolo-cugini-kuhn-95.pdf FCK95]] David F. Ferraiolo, Janet A. Cugini, and D. Richard Kuhn. Role-Based Access Control: Features and Motivations. In ''Proceedings of the 11th Annual Computer Security Applications Conference (CSAC '95)'', 1995.
     181
     182  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/EDACcase-study.pdf Fer05a]] Richard Fernandez. Enterprise Dynamic Access Control (EDAC) Case Study. Technical report, United States Pacific Fleet, May 2005.
     183
     184  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/EDACcompliance.pdf Fer05b]] Richard Fernandez. Enterprise Dynamic Access Control (EDAC) Compliance with the American National Standards Institute (ANSI) Role Based Access Control (RBAC). Technical report, United States Pacific Fleet, May 2005.
     185
     186  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/EDACv2overview.pdf Fer06]] Richard Fernandez. Enterprise Dynamic Access Control Version 2 Overview. Technical report, United States Pacific Fleet, January 2006.
     187
     188  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p141-fraser.pdf FFME01]] Timothy Fraser, David Ferraiolo, Mikel L. Matthews, Casey Schaufler, Stephen Smalley, and Robert Watson. Panel: Which Access Control Technique Will Provide the Greatest Overall benefit? In ''SACMAT '01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies'', pages 141--149, New York, NY, USA, 2001. ACM Press.
     189
     190  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fernandez97determining.pdf FH97]] Eduardo B. Fernandez and J. C. Hawkins. Determining Role Rights from Use Cases. In ''Proceedings of the 2nd ACM Workshop on Role Based Access Control (RBAC'97)'', pages 121--126, 1997.
     191
     192  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ferraiolo-kuhn-92.pdf FK92]] David Ferraiolo and Richard Kuhn. Role-Based Access Control. In ''Proceedings of the 15th NIST-NCSC National Computer Security Conference'', pages 554--563, 1992.
     193
     194  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/nistrbacintro.pdf FK95]] David Ferraiolo and Richard Kuhn. An introduction to Role-Based Access Control. Technical report, National Institute of Standards and Technology, December 1995. http://csrc.nist.gov/rbac/NIST-ITL-RBAC-bulletin.html.
     195
     196  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/861998.pdf FKC03]] David F. Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli. ''Role-Based Access Control''. Artech House, Inc., Norwood, MA, USA, 2003.
     197
     198  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/NIST-rbac-site.pdf FKCB06]] David Ferraiolo, Rick Kuhn, Ramaswamy Chandramouli, and John Barkley. Role-Based Access Control. National Institute of Standards and Technology web site, August 2006. http://csrc.nist.gov/rbac/.
     199
     200  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p196-fisler.pdf FKMT05]] Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, and Michael Carl Tschantz. Verification and Change-Impact Analysis of Access-Control Policies. In ''ICSE '05: Proceedings of the 27th international conference on Software engineering'', pages 196--205, New York, NY, USA, 2005. ACM Press.
     201
     202  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/drbac-icdcs02.pdf FPPE02]] Eric Freudenthal, Tracy Pesin, Lawrence Port, Edward Keenan, and Vijay Karamcheti. dRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments. In ''Proceedings of the 22nd International Conference on Distributed Computing Systems'', pages 411--420, 2002.
     203
     204  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbacSTD-ACM.pdf FSGE01]] David F. Ferraiolo, Ravi S. Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed NIST Standard for Role-Based Access Control. ''ACM Trans. Inf. Syst. Secur.'', 4(3):224--274, 2001.
     205
     206  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p81-gavrila.pdf GB98a]] Serban I. Gavrila and John F. Barkley. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 81--90, New York, NY, USA, 1998. ACM Press.
     207
     208  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p55-goh.pdf GB98b]] Cheh Goh and Adrian Baldwin. Towards a More Complete Model of Role. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 55--62, New York, NY, USA, 1998. ACM Press.
     209
     210  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2957.pdf GC04]] Jeroen van de Graaf and Osvaldo Carvalho. Reflecting on X.509 and LDAP or How Separating Identity and Attributes Could Simplify a PKI. In ''Fourth Workshop em Segurança de Sistemas Computacionais WSEG2004''. UFMG, 2004.
     211
     212  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00674833.pdf GGF98]] Virgi D. Gligor, Serban I. Gavrila, and David Ferraiolo. On the Formal Definition of Separation-of-Duty Policies and Their Composition. In ''Proceedings of the 19th IEEE Computer Society Symposium on Research in Security and Privacy'', pages 1--12, Washington, DC, USA, May 1998. IEEE Computer Society.
     213
     214  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/myrbacheresy.pdf Gif06]] Bob Gifford. My RBAC Heresy. ''Digital Business Strategy'', June 2006. url = http://digitalbusinessstrategy.com/?p=48.
     215
     216  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p11-giuri.pdf Giu99]] Luigi Giuri. Role-Based Access Control on the Web Using Java. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 11--18, New York, NY, USA, 1999. ACM Press.
     217
     218  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/computerworldsecurity.pdf GL03]] Trey Guerin and Richard Lord. How role-based access control can provide security and business benefits. ''ComputerWorld'', November 2003. url = www.computerworld.com/securitytopics/security/story/0,10801,86699,00.html.
     219
     220  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p21-georgiadis.pdf GMPT01]] Christos K. Georgiadis, Ioannis Mavridis, George Pangalos, and Roshan K. Thomas. Flexible Team-Based Access Control Using Contexts. In ''SACMAT '01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies'', pages 21--27, New York, NY, USA, 2001. ACM Press.
     221
     222  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01624027.pdf GPR06]] Zvi Gutterman, Benny Pinkas, and Tzachy Reinman. Analysis of the Linux Random Number Generator. Cryptology ePrint Archive, Report 2006/086, 2006. url = http://eprint.iacr.org/.
     223
     224  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01636184.pdf HKF06]] Vincent C. Hu, D. Richard Kuhn, and David F. Ferraiolo. The Computational Complexity of Enforceability Validation for Generic Access Control Rules. In ''IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06)'', volume 1, pages 260--267, Los Alamitos, CA, USA, 2006. IEEE Computer Society.
     225
     226  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/hua98modeling.pdf HO98]] Lingling Hua and Sylvia Osborn. Modeling UNIX Access Control with a Role Graph. In ''Proceedings of 1998 International Conference on Computers and Information'', June 1998.
     227
     228  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00646185.pdf Hof97]] J. Hoffman. Implementing RBAC on a Type Enforced System. In ''ACSAC '97: Proceedings of the 13th Annual Computer Security Applications Conference'', pages 158--163, Washington, DC, USA, 1997. IEEE Computer Society.
     229
     230  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ActiveRbacManual.pdf Hol06]] Manuel Holtgrewe. ''The ActiveRBAC Manual for ActiveRBAC 0.3.1'', 0.3.1 edition, April 2006.
     231
     232  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01541190.pdf HPN05]] Zhijun He, Tuan Phan, and Thu D. Nguyen. Enforcing Enterprise-Wide Policies Over Standard Client-Server Interactions. In ''SRDS '05: Proceedings of the 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05)'', pages 119--131, Washington, DC, USA, 2005. IEEE Computer Society.
     233
     234  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbac-std-ncits.pdf Inc03]] American National Standards Institute Inc. DRAFT American National Standard for Information Technology - Role Based Access Control. BSR INCITS 359, April 2003.
     235
     236  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ANSI+INCITS+359-2004.pdf Inc04]] American National Standards Institute Inc. American National Standard for Information Technology - Role Based Access Control. ANSI INCITS 359-2004, February 2004.
     237
     238  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/report02-1.pdf Ins02]] Research Triangle Institute. The Economic Impact of Role Based Access Control. Technical Report Planning Report 02-01, NIST, 2002.
     239
     240  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/c021573_ISO_IEC_13568_2002E.pdf ISO02]] ISO/IEC. Information Technology - Z Formal Specification Notation - Syntax, Type System and Semantics. Technical Report 13568:2002, ISO/IEC, July 2002. International Standard.
     241
     242  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/jansen98revised.pdf Jan98]] W. A. Jansen. A Revised Model for Role-Based Access Control. IR 6192, NIST, July 1998.
     243
     244  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p81-joshi.pdf JB06]] James B. D. Joshi and Elisa Bertino. Fine-Grained Role-Based Delegation in the Presence of the Hybrid Role Hierarchy. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 81--90, New York, NY, USA, 2006. ACM Press.
     245
     246  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01355921.pdf JBBG04]] James B. D. Joshi, Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. Access-Control Language for Multidomain Environments. ''IEEE Internet Computing'', 8(6):40--50, 2004.
     247
     248  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01363762.pdf JBLG05]] James B. D. Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. A Generalized Temporal Role-Based Access Control Model. ''IEEE Transactions on Knowledge and Data Engineering'', 17(1):4--23, 2005.
     249
     250  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p65-jaeger.pdf JT00]] Trent Jaeger and Jonathon E. Tidswell. Rebuttal to the NIST RBAC Model Proposal. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 65--66, New York, NY, USA, 2000. ACM Press.
     251
     252  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p29-kane.pdf KB06]] Kevin Kane and James C. Browne. On Classifying Access Control Implementations for Distributed Systems. In ''SACMAT '06: Proceedings of the Eleventh ACM symposium on Access Control Models and Technologies'', pages 29--38, New York, NY, USA, 2006. ACM Press.
     253
     254  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Or-BAC.pdf KBME03]] Anas Abou El Kalam, Salem Benferhat, Alexandre Miège, Rania El Baida, Frédéric Cuppens, Claire Saurel, Philippe Balbiani, Yves Deswarte, and Gilles Trouessin. Organization Based Access Control. In ''POLICY '03: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks'', page 120, Washington, DC, USA, 2003. IEEE Computer Society.
     255
     256  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/policiesvspractice.pdf Kea05]] Dave Kearns. Rules and policies vs. actual practice - Network World. ''Network World'', February 2005. url = http://www.networkworld.com/newsletters/dir/2005/0207id1.html.
     257
     258  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p87-kern.pdf KKKR04]] Axel Kern, Martin Kuhlmann, Rainer Kuropka, and Andreas Ruthert. A Meta Model for Authorisations in Application Security Systems and Their Integration into RBAC Administration. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 87--96, New York, NY, USA, 2004. ACM Press.
     259
     260  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p332-koch.pdf KMPP02]] Manuel Koch, Luigi V. Mancini, and Francesco Parisi-Presicce. A Graph-Based Formalism for RBAC. ''ACM Trans. Inf. Syst. Secur.'', 5(3):332--365, 2002.
     261
     262  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p97-koch.pdf KMPP04]] M. Koch, L. V. Mancini, and F. Parisi-Presicce. Administrative Scope in the Graph-Based Framework. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 97--104, New York, NY, USA, 2004. ACM Press.
     263
     264  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/kandala02secure.pdf KS02]] Savith Kandala and Ravi S. Sandhu. Secure Role-Based Workflow Models. In ''DAS'01: Proceedings of the Fifteenth Annual Working Conference on Database and Application Security'', pages 45--58, Norwell, MA, USA, 2002. Kluwer Academic Publishers.
     265
     266  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p210-keppler.pdf KSJ06]] David Keppler, Vipin Swarup, and Sushil Jajodia. Redirection Policies for Mission-Based Information Sharing. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 210--218, New York, NY, USA, 2006. ACM Press.
     267
     268  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p3-kern.pdf KSM03]] Axel Kern, Andreas Schaad, and Jonathan Moffett. An Administration Concept for the Enterprise Role-Based Access Control Model. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 3--11, New York, NY, USA, 2003. ACM Press.
     269
     270  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p23-kuhn.pdf Kuh97]] D. Richard Kuhn. Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 23--30, New York, NY, USA, 1997. ACM Press.
     271
     272  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p130-kern.pdf KW05]] Axel Kern and Claudia Walhorn. Rule Support for Role-Based Access Control. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 130--138, New York, NY, USA, 2005. ACM Press.
     273
     274  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p42-li.pdf LBT04]] Ninghui Li, Ziad Bizri, and Mahesh V. Tripunitara. On Mutually-Exclusive Roles and Separation of Duty. In ''CCS '04: Proceedings of the 11th ACM conference on Computer and communications security'', pages 42--51, New York, NY, USA, 2004. ACM Press.
     275
     276  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p11-lupu.pdf LMSY96]] Emil C. Lupu, Damian A. Marriott, Morris S. Sloman, and Nicholas Yialelis. A Policy Based Role Framework for Access Control. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', page 11, New York, NY, USA, 1996. ACM Press.
     277
     278  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00800059.pdf LN99]] HyungHyo Lee and BongNam Noh. An Integrity Enforcement Application Design and Operation Framework in Role-Based Access Control Systems: A Session-Oriented Approach. In ''Proceedings of the 1999 International Workshop on Parallel Processing'', pages 179--184, Washington, DC, USA, September 1999. IEEE Computer Society.
     279
     280  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01552918.pdf LSQ05]] Qi Li, Jingpu Shi, and Sihan Qing. An Administration Model of DRBAC on the Web. In ''2005 IEEE International Conference on e-Business Engineering (ICEBE 2005)'', pages 364--367, Washington, DC, USA, October 2005. IEEE Computer Society.
     281
     282  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p126-li.pdf LT04]] Ninghui Li and Mahesh V. Tripunitara. Security Analysis in Role-Based Access Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 126--135, New York, NY, USA, 2004. ACM Press.
     283
     284  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p112-liu.pdf LWGE06]] Yanhong A. Liu, Chen Wang, Michael Gorbovitski, Tom Rothamel, Yongxi Cheng, Yingchao Zhao, and Jing Zhang. Core Role-Based Access Control: Efficient Implementations by Transformations. In ''PEPM '06: Proceedings of the 2006 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation'', pages 112--120, New York, NY, USA, 2006. ACM Press.
     285
     286  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01176310.pdf Mar02]] Andrew D. Marshall. A Financial Institution's Legacy Mainframe Access Control System in Light of the Proposed NIST RBAC Standard. In ''Proceedings of the 18th Annual Computer Security Applications Conference'', pages 382--390, Washington, DC, USA, 2002. IEEE Computer Society.
     287
     288  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/radicore.pdf Mar04]] Tony Marston. A Role-Based Access Control (RBAC) System for PHP, May 2004. url = http://www.tonymarston.net/php-mysql/role-based-access-control.html.
     289
     290  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01214883.pdf MDS03]] Till Mossakowski, Michael Drouineaud, and Karsten Sohr. A Temporal-Logic Extension of Role-Based Access Control Covering Dynamic Separation of Duties. In ''Proceedings of the Fourth International Conference on Temporal Logic and 10th International Symposium on Temporal Representation and Reasoning'', pages 83--90, Washington, DC, USA, July 2003. IEEE Computer Society.
     291
     292  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/moffett99uses.pdf ML99]] Jonathan D. Moffett and Emil Lupu. The Uses of Role Hierarchies in Access Control. In ''ACM Workshop on Role-Based Access Control'', pages 153--160, 1999.
     293
     294  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/an-approach-to-extract.pdf MSSN04]] Jan Mendling, Mark Strembeck, Gerald Stermsek, and Gustaf Neumann. An Approach to Extract RBAC Models from BPEL4WS Processes. In ''13th IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprises (WETICE 2004)'', pages 81--86, Washington, DC, USA, June 2004. IEEE Computer Society.
     295
     296  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-qamar.pdf Mun00]] Qamar Munawer. ''Administrative Models for Role-Based Access Control''. PhD thesis, George Mason University, 2000. Dissertation Director: Dr. Ravi Sandhu.
     297
     298  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-icics-nabhen-jamhour-maziero.pdf NJM03]] Ricardo Nabhen, Edgard Jamhour, and Carlos Maziero. A Policy-Based Framework for RBAC. In Marcus Brunner and Alexander Keller, editors, ''Self-Managing Distributed Systems, Proceedings of the 14th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2003'', volume 2867 of ''Lecture Notes in Computer Science'', pages 181--193. Springer, October 2003.
     299
     300  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2004-wgrs-nabhen-jamhour-maziero.pdf NJM04]] Ricardo Nabhen, Edgard Jamhour, and Carlos Maziero. RBPIM: Enforcing RBAC Policies in Distributed Heterogeneous Systems. In ''Workshop de Gerência e Operação de Redes e Serviços'', 2004.
     301
     302  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/neumann01design.pdf NS01]] Gustaf Neumann and Mark Strembeck. Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language. In ''ACM Conference on Computer and Communications Security'', pages 58--67, 2001.
     303
     304  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/IC_TECH_REPORT_200131.pdf NW01]] Txomin Nieva and Alain Wegmann. A Role-based Use Case Model for Remote Data Acquisition Systems. Technical Report DSC/201/031, Institute for Computer Communications and Applications (ICA), Swiss Federal Institute of Technology, Lausanne, Switzerland, 2001.
     305
     306  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01000036.pdf OF02]] Rafael R. Obelheiro and Joni S. Fraga. Role-Based Access Control for CORBA Distributed Object Systems. In ''WORDS '02: Proceedings of the The Seventh IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2002)'', page 53, Washington, DC, USA, 2002. IEEE Computer Society.
     307
     308  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/osborn00modeling.pdf OG00]] Sylvia Osborn and Yuxia Guo. Modeling Users in Role-Based Access Control. In ''ACM RBAC 2000'', pages 31--37, 2000.
     309
     310  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00945161.pdf OP01]] Sejong Oh and Seog Park. Enterprise Model as a Basis of Administration on Role-Based Access Control. In ''The Proceedings of the Third International Symposium on Cooperative Database Systems for Advanced Applications, CODAS 2001'', pages 150--158, Washington, DC, USA, April 2001. IEEE Computer Society.
     311
     312  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/guide.pdf Ope05]] The OpenLDAP Foundation. ''OpenLDAP Software 2.3 Administrator's Guide'', 2005.
     313
     314  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p163-osborn.pdf Osb02]] Sylvia L. Osborn. Information Flow Analysis of an RBAC System. In ''ACM Symposium on Access Control Models and Technologies'', pages 163--168, 2002.
     315
     316  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p85-osborn.pdf OSM00]] Sylvia L. Osborn, Ravi S. Sandhu, and Qamar Munawer. Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ''Information and System Security'', 3(2):85--106, 2000.
     317
     318  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-jean.pdf Par99]] Joon S. Park. ''Secure Attribute Services on the Web''. PhD thesis, George Mason University, 1999. Dissertation Director: Dr. Ravi Sandhu.
     319
     320  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-jae.pdf Par03]] Jaehong Park. ''Usage Control: A Unified Framework for Next Generation Access Control''. PhD thesis, George Mason University, 2003. Dissertation Director: Dr. Ravi Sandhu.
     321
     322  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Joon S. Park, Gail-Joon Ahn, and Ravi S. Sandhu. Role-Based Access Control on the Web Using LDAP. In ''Proceeding of the 15th IFIP WG 11.3 Working Conference on Database and Application Security'', pages 19--30, 2001.
     323
     324  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p163-park.pdf PCND04]] Joon S. Park, Keith P. Costello, Teresa M. Neven, and Josh A. Diosomito. A Composite RBAC Approach for Large, Complex Organizations. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 163--172, New York, NY, USA, 2004. ACM Press.
     325
     326  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/phillipsdissdraft.pdf {Phi}04]] Charles Edward Phillips, Jr. ''Security Assurance for a Resource-Based RBAC/DAC/MAC Security Model''. PhD thesis, University of Connecticut, 2004. Major Advisor: Steven A. Demurjian.
     327
     328  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01544776.pdf PJ05]] Smithi Piromruen and James B. D. Joshi. An RBAC Framework for Time Constrained Secure Interoperation in Multi-Domain Environments. In ''WORDS '05: Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems'', pages 36--48, Washington, DC, USA, 2005. IEEE Computer Society.
     329
     330  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01566202.pdf PM05]] Aneta Poniszewska-Maranda. Role Engineering of Information System Using Extended RBAC Model. In ''WETICE '05: Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise'', pages 154--159, Washington, DC, USA, 2005. IEEE Computer Society.
     331
     332  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1-park.pdf PS99a]] Joon S. Park and Ravi S. Sandhu. RBAC on the Web by Smart Certificates. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 1--9, New York, NY, USA, 1999. ACM Press.
     333
     334  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] Joon S. Park and Ravi S. Sandhu. Smart Certificates: Extending X.509 for Secure Attribute Services on the Web. In ''Proc. of 22nd National Information Systems Security Conference (NISSC)'', October 1999.
     335
     336  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00binding.pdf PS00a]] J. S. Park and Ravi S. Sandhu. Binding Identities and Attributes Using Digitally Signed Certificates. In ''ACSAC 2000'', pages 120--127, 2000.
     337
     338  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00secure.pdf PS00b]] Joon S. Park and Ravi S. Sandhu. Secure Cookies on the Web. ''IEEE Internet Computing'', 4(4):36--44, 2000.
     339
     340  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p128-park.pdf PS04]] Jaehong Park and Ravi Sandhu. The UCONABC Usage Control Model. ''ACM Trans. Inf. Syst. Secur.'', 7(1):128--174, 2004.
     341
     342  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p37-park.pdf PSA01]] Joon S. Park, Ravi S. Sandhu, and Gail-Joon Ahn. Role-Based Access Control on the Web. ''ACM Trans. Inf. Syst. Secur.'', 4(1):37--71, 2001.
     343
     344  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park99rbac.pdf PSG99]] Joon S. Park, Ravi S. Sandhu, and SreeLatha Ghanta. RBAC on the Web by Secure Cookies. In ''IFIP Workshop on Database Security'', pages 49--62, 1999.
     345
     346  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p87-phillips.pdf PTD02]] Charles E. Phillips, Jr., T.C. Ting, and Steven A. Demurjian. Information Sharing and Security in Dynamic Coalitions. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 87--96, New York, NY, USA, 2002. ACM Press.
     347
     348  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbacopensolaris.pdf Roc03]] Ben Rockwood. Using RBAC on (Open)Solaris, September 2003. url = http://cuddletech.com/blog/pivot/entry.php?id=362.
     349
     350  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/RBAC_DBMS_Comparison.pdf RS98]] Chandramouli Ramaswamy and Ravi S. Sandhu. Role-Based Access Control Features in Commercial Database Management Systems. In ''Proc. 21st NIST-NCSC National Information Systems Security Conference'', pages 503--511, 1998.
     351
     352  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p103-roeckle.pdf RSW00]] Haio Roeckle, Gerhard Schimpf, and Rupert Weidinger. Process-Oriented Approach for Role-Finding to Implement Role-Based Security Administration in a Large Industrial Organization. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 103--110, New York, NY, USA, 2000. ACM Press.
     353
     354  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01607578.pdf RY05]] Indrakshi Ray and Lijun Yu. Short Paper: Towards a Location-Aware Role-Based Access Control Model. In ''Proceedings of the 1st IEEE Conference on Security and Privacy for Emerging Areas in Commmunication Networks'', pages 234--236, Los Alamitos, CA, USA, September 2005. IEEE Computer Society.
     355
     356  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fulltext.pdf SACJ04]] Dongwan Shin, Gail-Joon Ahn, Sangrae Cho, and Seunghun Jin. A Role-Based Infrastructure Management System: Design and Implementation. ''Concurr. Comput. : Pract. Exper.'', 16(11):1121--1141, September 2004.
     357
     358  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fulltext-1.pdf SAGM05]] Karsten Sohr, Gail-Joon Ahn, Martin Gogolla, and Lars Migge. Specification and Validation of Authorisation Constraints Using UML and OCL. In Sabrina De Capitani di Vimercati, Paul F. Syverson, and Dieter Gollmann, editors, ''Computer Security, Proceedings of the 10th European Symposium on Research in Computer Security - ESORICS 2005'', volume 3679 of ''Lecture Notes in Computer Science'', pages 64--79, Berlin / Heidelberg, September 2005. Springer.
     359
     360  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p15-sohr.pdf SAM05]] Karsten Sohr, Gail-Joon Ahn, and Lars Migge. Articulating and Enforcing Authorisation Policies with UML and OCL. In ''SESS '05: Proceedings of the 2005 Workshop on Software engineering for secure systems - building trustworthy applications'', pages 1--7, New York, NY, USA, 2005. ACM Press.
     361
     362  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu96access.pdf San96a]] Ravi S. Sandhu. Access Control: The Neglected Frontier. In ''ACISP '96: Proceedings of the First Australasian Conference on Information Security and Privacy'', pages 219--227, London, UK, 1996. Springer-Verlag.
     363
     364  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/issue.pdf San96b]] Ravi S. Sandhu. Issues in RBAC. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', pages I--21--I--46, New York, NY, USA, 1996. ACM Press.
     365
     366  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/role-group.pdf San96c]] Ravi S. Sandhu. Roles Versus Groups. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', pages I--25--I--26, New York, NY, USA, 1996. ACM Press.
     367
     368  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/summary-1.pdf San96d]] Ravi S. Sandhu. Workshop Summary. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', pages I--1--I--7, New York, NY, USA, 1996. ACM Press.
     369
     370  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p33-sandhu.pdf San98a]] Ravi S. Sandhu. Role Activation Hierarchies. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 33--40, New York, NY, USA, 1998. ACM Press.
     371
     372  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu97rolebased.pdf San98b]] Ravi S. Sandhu. Role-Based Access Control. In M. Zerkowitz, editor, ''Advances in Computers'', volume 48. Academic Press, 1998.
     373
     374  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu00engineering.pdf San00]] Ravi S. Sandhu. Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way. In ''ACM RBAC 2000'', pages 111--119, 2000.
     375
     376  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/icgt-04.pdf San04]] Ravi S. Sandhu. A Perspective on Graphs and Access Control Models (Invited Talk). In H. Ehrig, G. Engels, F. Parisi-Presicce, and G. Rozenberg, editors, ''Proc. 2nd Intl. Conference on Graph Transformations (ICGT 2004)'', volume 3256 of ''Lecture Notes in Computer Science'', pages 2--12, Berlin/Heidelberg, 2004. Springer-Verlag.
     377
     378  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01045125.pdf SAP02]] Dongwan Shin, Gail-Joon Ahn, and Joon S. Park. An Application of Directory Service Markup Language (DSML) for Role-Based Access Control (RBAC). In ''Proceedings of the 26th Annual International Computer Software and Applications Conference, COMPSAC 2002'', pages 934--939, Washington, DC, USA, 2002. IEEE Computer Society.
     379
     380  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu97ura.pdf SB97]] Ravi S. Sandhu and Venkata Bhamidipati. The URA97 Model for Role-Based User-Role Assignment. In ''IFIP Workshop on Database Security'', pages 262--275, 1997.
     381
     382  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu98rolebasedURA97.pdf SB99]] Ravi S. Sandhu and Venkata Bhamidipati. Role-Based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation. ''Journal of Computer Security'', 7(4), 1999.
     383
     384  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p41-sandhu.pdf SBCE97]] Ravi Sandhu, Venkata Bhamidipati, Edward Coyne, Srinivas Canta, and Charles Youman. The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline. In ''Proceedings of 2nd ACM Workshop on Role-Based Access Control'', pages 41--54, New York, NY, USA, November 1997. ACM.
     385
     386  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p58-shehab.pdf SBG05a]] Mohamed Shehab, Elisa Bertino, and Arif Ghafoor. Secure Collaboration in Mediator-Free Environments. In ''CCS '05: Proceedings of the 12th ACM conference on Computer and communications security'', pages 58--67, New York, NY, USA, 2005. ACM Press.
     387
     388  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p159-shehab.pdf SBG05b]] Mohamed Shehab, Elisa Bertino, and Arif Ghafoor. SERAT: SEcure Role mApping Technique for Decentralized Secure Interoperability. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 159--167, New York, NY, USA, 2005. ACM Press.
     389
     390  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p105-sandhu.pdf SBM99]] Ravi Sandhu, Venkata Bhamidipati, and Qamar Munawer. The ARBAC97 Model for Role-Based Administration of Roles. ''ACM Trans. Inf. Syst. Secur.'', 2(1):105--135, 1999.
     391
     392  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00367293.pdf SCFY94]] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control: A Multi-Dimensional View. In ''Proceedings of the 10th Annual Computer Security Applications Conference'', pages 54--62, December 1994.
     393
     394  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu96rolebased.pdf SCFY96]] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control Models. ''IEEE Computer'', 29(2):38--47, 1996.
     395
     396  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/schaad03framework.pdf Sch03]] Andreas Schaad. ''A Framework for Organisational Control Principles''. PhD thesis, The University of York, July 2003. Advisor: Dr. Jonathan Moffett.
     397
     398  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p332-sohr.pdf SDA05]] Karsten Sohr, Michael Drouineaud, and Gail-Joon Ahn. Formal Specification of Role-Based Security Policies for Clinical Information Systems. In ''SAC '05: Proceedings of the 2005 ACM Symposium on Applied Computing'', pages 332--339, New York, NY, USA, 2005. ACM Press.
     399
     400  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu94three.pdf SF94]] Ravi S. Sandhu and Hal L. Feinstein. A Three Tier Architecture for Role-Based Access Control. In ''Proc. 17th NIST-NCSC National Computer Security Conference'', pages 34--46, 1994.
     401
     402  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu00nist.pdf SFK00]] Ravi Sandhu, David Ferraiolo, and Richard Kuhn. The NIST Model for Role-Based Access Control: Towards a Unified Standard. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 47--63, New York, NY, USA, 2000. ACM Press.
     403
     404  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rolesprojrpt.pdf SGGE02]] Calvin Smith, Patrick Garvey, Marc Gratacos, E. Liggett, and Charis Kaskiris. ROLES Project Final Report. Technical report, University of California, Berkeley, The Center for Document Engineering, December 2002. http://dream.sims.berkeley.edu/doc-eng/projects/ROLES/roles-final-report.htm%l.
     405
     406  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/beyondroles.pdf Sho06]] Idan Shoham. Beyond Roles: A Practical Approach to Enterprise User Provisioning. Technical report, M-Tech, 2006. http://idsynch.com/docs/beyond-roles-google.html.
     407
     408  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/secure-interoperation-tkde.pdf SJBG05]] Basit Shafiq, James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. Secure Interoperation in a Multidomain Environment Employing RBAC Policies. ''IEEE Transactions on Knowledge and Data Engineering'', 17(11):1557--1577, 2005.
     409
     410  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01454316.pdf SJN05]] Timothy E. Squair, Edgard Jamhour, and Ricardo C. Nabhen. An RBAC-Based Policy Information Base. In ''POLICY '05: Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05)'', pages 171--180, Washington, DC, USA, 2005. IEEE Computer Society.
     411
     412  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p139-schaad.pdf SLS06]] Andreas Schaad, Volkmar Lotz, and Karsten Sohr. A Model-Checking Approach to Analysing Organisational Controls in a Loan Origination Process. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 139--149, New York, NY, USA, 2006. ACM Press.
     413
     414  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/231728.pdf SM94]] Sebastiaan H. von Solms and Isak van der Merwe. The Management of Computer Security Profiles Using a Role-Oriented Approach. ''Computers and Security'', 13(8):673--680, 1994.
     415
     416  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p47-sandhu.pdf SM98]] Ravi S. Sandhu and Qamar Munawer. How to do Discretionary Access Control Using Roles. In ''ACM Workshop on Role-Based Access Control'', pages 47--54, 1998.
     417
     418  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01176294.pdf SM02a]] Andreas Schaad and Jonathan D. Moffett. A Framework for Organisational Control Principles. In ''Proceedings of the 18th Annual Computer Security Applications Conference'', pages 229--238, Washington, DC, USA, December 2002. IEEE Computer Society.
     419
     420  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p13-schaad.pdf SM02b]] Andreas Schaad and Jonathan D. Moffett. A Lightweight Approach to Specification and Analysis of Role-Based Access Control Extensions. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 13--22, New York, NY, USA, 2002. ACM Press.
     421
     422  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1380-schaad.pdf SM04]] Andreas Schaad and Jonathan Moffett. Separation, Review and Supervision Controls in the Context of a Credit Application Process -- A Case Study of Organisational Control Principles. In ''SAC '04: Proceedings of the 2004 ACM Symposium on Applied Computing'', pages 1380--1384, New York, NY, USA, 2004. ACM Press.
     423
     424  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01544773.pdf SMJG05]] Basit Shafiq, Ammar Masood, James Joshi, and Arif Ghafoor. A Role-Based Access Control Policy Verification Framework for Real-Time Systems. In ''10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems'', pages 13--20, Washington, DC, USA, February 2005. IEEE Computer Society.
     425
     426  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01504134.pdf SMLP05]] Yuqing Sun, Xiangxu Meng, Shijun Liu, and Peng Pan. An Approach for Flexible RBAC Workflow System. In ''Proceedings of the Ninth International Conference on Computer Supported Cooperative Work in Design'', volume 1, pages 524--529, Washington, DC, USA, May 2005. IEEE Computer Society.
     427
     428  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p392-strembeck.pdf SN04]] Mark Strembeck and Gustaf Neumann. An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ''ACM Trans. Inf. Syst. Secur.'', 7(3):392--427, 2004.
     429
     430  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1-sandhu.pdf SP98]] Ravi S. Sandhu and Joon S. Park. Decentralized User-Role Assignment for Web-Based Intranets. In ''ACM Workshop on Role-Based Access Control'', pages 1--12, 1998.
     431
     432  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/researchpaper.pdf Spe04]] Bradley Spengler. Increasing Performance and Granularity in Role-Based Access Control Systems -- A Case Study in GRSECURITY. Technical report, OpenOffice.org, May 2004.
     433
     434  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/zrm.pdf Spi98]] J. M. Spivey. ''The Z Notation: A Reference Manual, Second Edition''. Oriel College. J. M. Spivey, Oxford, UK, 1998.
     435
     436  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p170-sreedhar.pdf Sre06]] Vugranam C. Sreedhar. Data-Centric Security: Role Analysis and Role Typestates. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 170--179, New York, NY, USA, 2006. ACM Press.
     437
     438  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00312842.pdf SS94]] Ravi S. Sandhu and Pierangela Samarati. Access Control: Principles and Practice. ''IEEE Communications Magazine'', 32(9):40--48, September 1994.
     439
     440  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1328-schaad.pdf SSW05]] Andreas Schaad, Pascal Spadone, and Helmut Weichsel. A Case Study of Separation of Duty Properties in the Context of the Austrian "eLaw" Process. In ''SAC '05: Proceedings of the 2005 ACM Symposium on Applied Computing'', pages 1328--1332, New York, NY, USA, 2005. ACM Press.
     441
     442  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/stoupa04xmlbased.pdf SVLT04]] Konstantina Stoupa, Athena Vakali, Fang Li, and Ioannis Tsoukalas. XML-Based Revocation and Delegation in a Distributed Environment. In Wolfgang Lindner, Marco Mesiti, Can Türker, Yannis Tzitzikas, and Athena Vakali, editors, ''Lecture Notes in Computer Science, Current Trends in Database Technology - EDBT 2004'', volume 3268, pages 299--308. Springer, Berlin / Heidelberg, March 2004.
     443
     444  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Specs2.pdf Swa06]] Siswati Swami. Requirements Specifications for ORBIT Access Control. Technical report, Rutgers University, New Brunswick, New Jersey USA, June 2006.
     445
     446  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cs1050129.pdf SWPE02]] Marianne Swanson, Amy Wohl, Lucinda Pope, Tim Grance, Joan Hash, and Ray Thomas. Contingency Planning Guide for Information Technology Systems. Technical Report Special Publication 800-34, NIST, 2002.
     447
     448  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p29-tolone.pdf TAPH05]] William Tolone, Gail-Joon Ahn, Tanusree Pai, and Seng-Phil Hong. Access Control in Collaborative Systems. ''ACM Comput. Surv.'', 37(1):29--41, 2005.
     449
     450  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/draft-rbac-implementation-std-v01.pdf {Tec}06]] INCITS Committee on Information Technology Standards. DRAFT Role Based Access Control Implementation Standard, January 2006. url = http://csrc.nist.gov/draft-rbac-implementation-std-v01.pdf.
     451
     452  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p13-thomas.pdf Tho97]] Roshan K. Thomas. Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 13--19, New York, NY, USA, 1997. ACM Press.
     453
     454  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/CRPITV21ATaylor.pdf TM03]] Kerry Taylor and James Murty. Implementing Role Based Access Control for Federated Information Systems on the Web. In ''ACSW Frontiers '03: Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003'', pages 87--95, Darlinghurst, Australia, Australia, 2003. Australian Computer Society, Inc.
     455
     456  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p91-wang.pdf WO06]] He Wang and Sylvia L. Osborn. Delegation in the Role Graph Model. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 91--100, New York, NY, USA, 2006. ACM Press.
     457
     458  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01357989.pdf WT04]] Roosdiana Wonohoesodo and Zahir Tari. A Role Based Access Control for Web Services. In ''Proceedings of the 2004 IEEE International Conference on Services Computing (SCC 2004)'', pages 49--56, Washington, DC, USA, September 2004. IEEE Computer Society.
     459
     460  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01578944.pdf YHHL05]] Hanbing Yao, Heping Hu, Baohua Huang, and Ruixuan Li. Dynamic Role and Context-Based Access Control for Grid Applications. In ''Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2005'', pages 404--406, Los Alamitos, CA, USA, December 2005. IEEE Computer Society.
     461
     462  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01232433.pdf YZ03]] Cungang Yang and Chang N. Zhang. Secure Web-Based Applications with XML and RBAC. In ''Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society'', pages 276-- 281, Washington, DC, USA, June 2003. IEEE Computer Society.
     463
     464  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Paper_code16.pdf ZM04]] Wei Zhou and Christoph Meinel. Implement Role Based Access Control with Attribute Certificates. In ''The 6th International Conference on Advanced Communication Technology'', pages 536--540, Washington, DC, USA, 2004. IEEE Computer Society.
     465
     466  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/04-zhang-logic.pdf ZPPPS04]] Xinwen Zhang, Jaehong Park, Francesco Parisi-Presicce, and Ravi Sandhu. A Logical Specification for Usage Control. In ''SACMAT '04: Proceedings of the Ninth ACM symposium on Access Control Models and Technologies'', pages 1--10, New York, NY, USA, 2004. ACM Press.
     467