A Policy-Based Framework for RBAC

  • Ricardo Nabhen
  • Edgard Jamhour
  • Carlos Maziero
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2867)


This paper presents a PCIM-based framework for storing and enforcing RBAC (Role Based Access Control) policies in distributed heterogeneous systems. PCIM (Policy Core Information Model) is an information model proposed by IETF. It defines a vendor independent model for storing network policies that control how to share network resources. PCIM is a generic core model. Application-specific areas must be addressed by extending the policy classes and associations proposed by PCIM. In this context, this paper proposes a PCIM extension, called RBPIM (Role-Based Policy Information Model), in order to represent network access policies based on the RBAC model. A RBPIM implementation framework based on the PDP/PEP (Policy Decision Point/Policy Enforcement Point) approach is also presented and evaluated.


Information Model Policy Rule Access Control Policy Role Base Access Control Explicit Variable 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ferraiolo, D.F., Sandhu, R.S., Serban, G.: A Proposed Standard for Role-Based Access Control. ACM Transactions on Information System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  2. 2.
    Bartz, L.S.: LDAP Schema for Role Based Access Control, IETF Internet Draft, expired (1997)Google Scholar
  3. 3.
    Bartz, L.S.: CADS-2 Information Model, not published. IRS: Internal Revenue Service (2001)Google Scholar
  4. 4.
    Distributed Management Task Force (DMTF), Common Information Model (CIM) Specification (2003),
  5. 5.
    Moore, B., Elleson, E., Strasser, J., Weterinen, A.: Policy Core Information Model. IETF RFC 3060 (February 2001)Google Scholar
  6. 6.
    Moore, B., Elleson, E., Strasser, J., Weterinen, A.: Policy Core Information Model Extensions. IETF RFC 3460 (February 2001)Google Scholar
  7. 7.
    Yeong, W., Howes, T., Killie, S.: LightWeight Directory Access Protocol. IETF RFC 1777 (March 1995)Google Scholar
  8. 8.
    Distributed Management Task Force (DMTF): Guidelines for CIM-to-LDAP Directory Mappings. Whitepaper, May 8 (2000),
  9. 9.
    Strassner, J., Ellesson, E., Moore, B., Moats, R.: Policy Core LDAP Schema. IETF Internet Draft (January 2002)Google Scholar
  10. 10.
    Yavatkar, R., Pendarakis, D., Guerin, R.: A Framework for Policy-based Admission Control. IETF RFC 2753 (January 2000)Google Scholar
  11. 11.
    Durham, D. (ed.), Boyle, J., Cohen, R., Herzog, S., Rajan, R., Sastry, A.: The COPS (Common Open Policy Service) Protocol. IETF RFC 2748 (January 2000)Google Scholar
  12. 12.
    Snir, Y., Ramberg, Y., Strassner, J., Cohen, R., Moore, B.: Policy QoS Information Model. IETF internet-draft (November 2001)Google Scholar
  13. 13.
    OASIS: eXtensible Access Control Markup Language (XACML) -Version 1.03. OASIS Standard (February 2003),
  14. 14.
    RBPIM Project WebSite (2003),

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Ricardo Nabhen
    • 1
  • Edgard Jamhour
    • 1
  • Carlos Maziero
    • 1
  1. 1.Pontifícia Universidade Católica do Paraná, PUCPR, PPGIACuritibaBrazil

Personalised recommendations