Contents -- Preface -- Acknowledgments -- Chapter 1 Introduction -- 1.1 The purpose and fundamentals of access control -- 1.2 A brief history of access control -- 1.3 Comparing RBAC to DAC and MAC -- 1.4 RBAC and the enterprise -- References -- Chapter 2 Access Control: Properties, Policies, and Models -- 2.1 Access control: objectives and enforcement artifacts -- 2.2 Access control: core entities and principles -- 2.3 Reference monitor and security kernel -- 2.4 Access control matrix -- 2.5 Access control data structures -- 2.6 Discretionary access control (DAC) policies -- 2.7 MAC policies and models -- 2.8 Biba's integrity model -- 2.9 The Clark-Wilson model -- 2.10 The Chinese wall policy model -- 2.11 The Brewer-Nash model -- 2.12 Domain-type enforcement (DTE) model -- References -- Chapter 3 Core RBAC Features -- 3.1 Roles versus ACL groups -- 3.2 Core RBAC -- 3.3 Mapping the enterprise view to the system view -- Chapter 4 Role Hierarchies -- 4.1 Building role hierarchies from flat roles -- 4.2 Inheritance schemes -- 4.3 Hierarchy structures and inheritance forms -- 4.4 Accounting for role types -- 4.5 General and limited role hierarchies -- 4.6 Accounting for the Stanford model -- References -- Chapter 5 SoD and Constraints in RBAC Systems -- 5.1 Types of SoD -- 5.2 Using SoD in real systems -- 5.3 Temporal constraints in RBAC -- References -- Chapter 6 RBAC, MAC, and DAC -- 6.1 Enforcing DAC using RBAC -- 6.2 Enforcing MAC on RBAC systems -- 6.3 Implementing RBAC on MLS systems -- 6.4 Running RBAC and MAC simultaneously -- References -- Chapter 7 Privacy and Regulatory Issues -- 7.1 Privacy requirements and access control framework -- 7.2 Integrate privacy policy support in the role engineering process -- 7.3 Authorization using privacy-RBAC-ACF -- 7.4 RBAC and regulatory compliance -- References -- Selected Bibliography.

Chapter 8 RBAC Standards and Profiles -- 8.1 The ANSI/INCITS RBAC standard -- 8.2 XACML profile for role-based access control -- References -- Chapter 9 Role-Based Administration of RBAC -- 9.1 Background and terminology -- 9.2 URA02 and PRA02 -- 9.3 Crampton-Loizou administrative model -- 9.4 Role control center -- References -- Chapter 10 Role Engineering -- 10.1 Scenario-driven role-engineering approach -- 10.2 Goal driven/hybrid role engineering approach -- 10.3 Tools for role discovery and role management -- 10.4 Example RBAC installations -- 10.5 Role engineering: health care example -- References -- Chapter 11 Enterprise Access Control Frameworks Using RBAC and XML Technologies -- 11.1 Conceptual view of EAFs -- 11.2 Enterprise Access Central Model Requirements -- 11.3 EAM specification and XML schemas -- 11.4 Specification of the ERBAC model in the XML schema -- 11.5 Encoding of enterprise access control data in XML -- 11.6 Verification of the ERBAC model and data specifications -- 11.7 Limitations of XML schemas for ERBAC model constraint representation -- 11.8 Using XML-encoded enterprise access control data for enterprisewide access control implementation -- 11.9 Conclusions -- References -- Chapter 12 Integrating RBAC with Enterprise IT Infrastructures -- 12.1 RBAC for WFMSs -- 12.2 RBAC integration in Web environments -- 12.3 RBAC for UNIX environments -- 12.4 RBAC in Java -- 12.5 RBAC for FDBSs -- 12.6 RBAC in autonomous security service modules -- 12.7 Conclusions -- References -- Chapter 13 Migrating to RBAC-Case Study: Multiline Insurance Company -- 13.1 Background -- 13.2 Benefits of using RBAC to manage extranet users -- 13.3 Benefits of using RBAC to manage employees (intranet users) -- 13.4 RBAC implementation costs -- 13.5 Time series of benefits and costs -- Reference -- Chapter 14 RBAC Features in Commercial Products.

14.1 RBAC in relational DBMS products -- 14.2 RBAC in enterprise security administration software -- 14.3 Conclusions -- References -- Appendix A: XML Schema for the RBAC Model -- Appendix B: XML-Encoded Data for RBAC Model.