Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Enterprise Access Control Frameworks Using RBAC and XML Technologies



Ramaswamy Chandramouli


In this chapter, we show that we can develop an Enterprise Access Control Framework using Role-based Access Control (RBAC) and Extensible Markup Language (XML) technologies. In the first section, we outline the general requirements for the Enterprise Access Control Model (EAM) and describe as to how RBAC meets those requirements. We call the resultant RBAC model as the "Enterprise RBAC Model". In the second section we briefly outline the facilities that XML technologies provides for specification and processing of structured data. The meat of this chapter is in the third section where a detailed description of the development of an Enterprise RBAC Model for a commercial bank is provided using one of the XML schema languages called the "XML Schema." In the rest of the sections we illustrate as to how XML APIs and toolsets can be utilized to perform tasks of validating the enterprise access control data in the XML document for conformance to the specification of the Enterprise RBAC Model and for mapping this data into different formats required by the access control modules in platforms hosting the various application systems of the enterprise.
Role-Based Access Control
Publisher Info
Artech House, Norwood, MA


Enterprise access control framework, role-based access control models, XML schemas


Chandramouli, R. (2003), Enterprise Access Control Frameworks Using RBAC and XML Technologies, Role-Based Access Control, Artech House, Norwood, MA (Accessed June 24, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created January 1, 2003, Updated February 19, 2017