Over the past decade, interest in role-based access control (RBAC) has increased dramatically, with most major information technology (IT) vendors offering a product that incorporates some form of role-based access. The profusion of new RBAC products offers many advantages for security administrators and software developers, but sorting out the capabilities of different products can be challenging. Until now, RBAC research has been documented in hundreds of research papers, but not consolidated in book form. This book explains RBAC and its administrative and cost advantages and implementation issues and the migration from conventional access control methods to RBAC. Specialized topics--including role hierarchies, separation of duties, combining RBAC with military security models, and recent efforts toward standardization--are detailed. To enable system integrators to integrate RBAC into the various IT infrastructures found in enterprise-like Web applications, such as Java and Federated Database Systems, the book provides an analysis of research ideas and prototypes built so far. The book also describes RBAC implementations in various commercial products and includes a case study documenting a large organization's migration to a role-based security architecture.