Ferraiolo, D.
, Barkley, J.
and Kuhn, D.
(1999),
A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet, ACM Transactions on Information and System Security, [online], https://doi.org/10.1145/300830.300834
(Accessed October 9, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet
Published
Author(s)
, ,
Abstract
This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992] and Ferraiolo et al. [1995], with adjustments resulting from experience gained by prototype implementations, market analysis, and observations made by Jansen [1988] and Hoffman [1996]. The implementation of RBAC for the web (RBAC/Web) provides an alternative to the conventional means of administering and enforcing authorization policy on a server-by-server basis. RBAC/Web provides administrators with a means of managing authorization data at the enterprise level, in a manner consistent with the current set of laws, regulations, and practices.Citation
ACM Transactions on Information and System Security
Volume
2
Issue
1
Pub Type
Journals
Download Paper
Keywords
access control, authorization management, RBAC, Role-Based Access Control, World Wide Web, Web servers
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created February 1, 1999, Updated November 10, 2018