This project will pursue a combination of basic and applied research on role-based control (RBAC), using a three-pronged approach, by developing 1) models, 2) mechanisms and 3) tools, to support the effective deployment of RBAC in future systems. The basic concept of RBAC is that users are not directly granted access permissions. Instead permissions are granted based on roles, and users are made members of appropriate roles. This simplifies management of authorizations. RBAC owes its origins to multi-user and multi-application on-line systems of the early 1970's. There has been a recent resurgence of interest in RBAC stemming from its use at application level. This project will provide a sound scientific and engineering foundation for providing general purpose facilities for using RBAC, both at the operating systems level and applications level.
