Roles are a powerful and policy neutral concept for facilitating distributed systems management and enforcing access control. Models which are now subject to becoming a standard have been proposed and much work on extensions to these models has been done over the last years as documented in the recent RBAC/SACMAT workshops. When looking at these extensions we can often observe that they concentrate on a particular stage in the life of a role. We investigate how these extensions fit into a more general theoretical framework in order to give practitioners a starting point from which to develop role-based systems. We believe that the life-cycle of a role could be seen as the basis for such a framework and we provide an initial discussion on such a role life-cycle, based on our experiences and observations in enterprise security management. We propose a life-cycle model that is based on an iterative-incremental process similar to those found in the area of software development.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Biddle B. and E. Thomas, Role Theory: Concepts and Research. New York: Robert E. Krieger Publishing Company, 1979.
	2	Ferraiolo D. and R. Kuhn, "Role-Based Access Control." presented at 15th NCSC National Computer Security Conference, Baltimore, 1992.
	3	Andreas Schaad , Jonathan Moffett , Jeremy Jacob, The role-based access control system of a European bank: a case study and discussion, Proceedings of the sixth ACM symposium on Access control models and technologies, p.3-9, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373257]
	4	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
	5	Lupu E., "A Role-Based Framework for Distributed Systems Management." PhD Thesis: Department of Computing. London, Imperial College, 1998.
	6	E. B. Fernandez , J. C. Hawkins, Determining role rights from use cases, Proceedings of the second ACM workshop on Role-based access control, p.121-125, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266767]
	7	Pete Epstein , Ravi Sandhu, Towards a UML based approach to role engineering, Proceedings of the fourth ACM workshop on Role-based access control, p.135-143, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319184]
	8	D. Thomsen , D. O'Brien , J. Bogle, Role-Based Access Control Framework for Network Enterprises, Proceedings of the 14th Annual Computer Security Applications Conference, p.50, December 07-11, 1998
	9	Haio Roeckle , Gerhard Schimpf , Rupert Weidinger, Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization, Proceedings of the fifth ACM workshop on Role-based access control, p.103-110, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344308]
	10	Axel Mönkeberg , René Rakete, Three for one: role-based access-control management in rapidly changing heterogeneous environments, Proceedings of the fifth ACM workshop on Role-based access control, p.83-88, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344306]
	11	John McDermid, Software engineer's reference book, CRC Press, Inc., Boca Raton, FL, 1993
	12	Roger S. Pressman, Software Engineering: A Practitioner's Approach, McGraw-Hill Higher Education, 2000
	13	Ian Sommerville, Software engineering (6th ed.), Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2001
	14	Ivar Jacobson , Grady Booch , James Rumbaugh, The unified software development process, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
	15	Balzert H., "Lehrbuch der Software-Technik II", Spektrum Akademischer Verlag, Heidelberg/Berlin, 1998.
	16	Roland Awischus, Role based access control with the security administration manager (SAM), Proceedings of the second ACM workshop on Role-based access control, p.61-68, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266758]
	17	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001  [doi>10.1145/501978.501980]
	18	Christos K. Georgiadis , Ioannis Mavridis , George Pangalos , Roshan K. Thomas, Flexible team-based access control using contexts, Proceedings of the sixth ACM symposium on Access control models and technologies, p.21-27, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373259]
	19	Anthony Finkelstein , Jeff Kramer , Bashar Nuseibeh, Software process modelling and technology, Research Studies Press Ltd., Taunton, UK, 1994
	20	Maria Letizia Jaccheri , Gian Pietro Picco , Patricia Lago, Eliciting software process models with the E3 language, ACM Transactions on Software Engineering and Methodology (TOSEM), v.7 n.4, p.368-410, Oct. 1998  [doi>10.1145/292182.292194]