RBAC96: LIBERAL *-PROPERTY
user ? xR, user has clearance x
user ? LW, independent of clearance
Need constraints
- session ? xR iff session ? xW
- read can be assigned only to xR roles
- write can be assigned only to xW roles
- (O,read) assigned to xR iff
(O,write) assigned to xW