Historical
INCITS 494-2012
Information Technology - Role Based Access Control Policy Enhanced
Role Based Access Control (RBAC) has been criticized for the difficulty of setting up an initial role structure and for inflexibility in rapidly changing domains. A pure RBAC solution may provide inadequate support for dynamic attributes, such as time of day, which might need to be considered when determining user permissions. This RBAC Policy-Enhanced standard (to be referenced as RPE) provides a framework and functional specifications to handle the relationship between roles and dynamic constraints. Some of the administrative and user permission review advantages of RBAC are retained while allowing the access control system to work in a rapidly changing environment
InterNational Committee for Information Technology Standards [incits]