The ARBAC97 model makes an important contribution to the understanding and modeling of administration in role-based access control. However, there are several features of the model which we believe could be improved. We introduce the concept of administrative scope in a role hierarchy and show how this can be used to control updates to the hierarchy. We then incrementally develop a model for administering the role hierarchy and compare it to the RRA97 sub-model of ARBAC97. We conclude that our model offers significant advantages over RRA97.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	J. Crampton. Antichains and authorizations. PhD thesis, Birkbeck College, University of London, United Kingdom, 2002.
	2	B. A. Davey and H. A. Priestley. Introduction to Lattices and Order. Cambridge University Press, Cambridge, United Kingdom, 1990.
	3	Serban I. Gavrila , John F. Barkley, Formal specification for role based access control user/role and role/role relationship management, Proceedings of the third ACM workshop on Role-based access control, p.81-90, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286902]
	4	Virgil Gligor, Characteristics of role-based access control, Proceedings of the first ACM Workshop on Role-based access control, p.10-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States  [doi>10.1145/270152.270169]
	5	James Joshi , Arif Ghafoor , Walid G. Aref , Eugene H. Spafford, Digital Government Security Infrastructure Design Challenges, Computer, v.34 n.2, p.66-72, February 2001  [doi>10.1109/2.970579]
	6	Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999  [doi>10.1145/300830.300832]
	7	Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
	8	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
	9	Ravi Sandhu , David Ferraiolo , Richard Kuhn, The NIST model for role-based access control: towards a unified standard, Proceedings of the fifth ACM workshop on Role-based access control, p.47-63, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344301]
	10	Walt Yao , Ken Moody , Jean Bacon, A model of OASIS role-based access control and its support for active security, Proceedings of the sixth ACM symposium on Access control models and technologies, p.171-181, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373294]

• Improving the granularity of access control in Windows NT Proceedings of the sixth ACM symposium on Access control models and technologies
  Michael M. Swift ,  Peter Brundrett ,  Cliff Van Dyke ,  Praerit Garg ,  Anne Hopkins ,  Shannon Chan ,  Mario Goertzel ,  Gregory Jensenworth
  
  
• Inferring constraints from multiple snapshots ACM Transactions on Graphics (TOG)   12, 4
  David Kurlander ,  Steven Feiner
  
  
• Efficient, DoS-resistant, secure key exchange for internet protocols Proceedings of the 9th ACM conference on Computer and communications security
  William Aiello ,  Steven M. Bellovin ,  Matt Blaze ,  John Ioannidis ,  Omer Reingold ,  Ran Canetti ,  Angelos D. Keromytis
  
  
• Data structures for quadtree approximation and compression Communications of the ACM   28, 9
  Hanan Samet
  
  
• A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
  Kim S. Lee ,  Huizhu Lu ,  D. D. Fisher