Reconciling role based management and role based access control

Abstract

Role Based Access Control is only a subset of the security management and distributed systems management. Yet, the characteristics and use of the role objects in RBAC or Role Based Management (RBM) may differ significantly. In this paper we outline a Role Management Framework based on the specification of policies and examine its differences and similarities with the RBAC concepts. In particular, two aspects of roles required in RBM are emphasised: the need for obligation policies which changes the way roles are used within the system and the Object Oriented role model which uses inheritance for re-use of the specification rather than implementing set-subset relationships on access rights.