【正文】 in the role of account_rep cannot also be acting in either of the roles of account_holder or teller. The policy of the bank is that an account representative, an employee of the bank, can have an account in the bank but such an individual may not simultaneously process their personal account while processing accounts of others. Likewise, because a teller has an open cash drawer that must balance when closed, an individual acting in the role of account_rep and sitting at a desk away from a teller39。, 2D graph. To improve readability, clarity and flexibility, the role hierarchy is anized into layers, where each layer contains another level of detail. By 39。 of the graph where role relationships may have been obscured when viewed as a 39。 and manipulate the view perspective of the 3D model, known as a scene graph. For example, the scene graph can be rotated to show the 39。s navigational controls allows the user to interactively 39。vermal39。 actions through the establishment and definition of roles, role hierarchies, relationships, and constraints. We define static separation of duty to mean that roles which have been specified as mutually exclusive cannot both be included in a user39。s job responsibilities and petencies in the anization. Each role is assigned one or more privileges (., information access, deletion, creation), see Figure 1. It is a user39。s security policy to a relatively lowlevel set of controls, typically access control lists. With RBAC, security is managed at a level that corresponds closely to the anization39。附錄 A：英文原文 RoleBased Access Control for the Web John F. Barkley, D. Richard Kuhn, Lynne S. Rosenthal, Mark W. Skall, and Anthony V. Cincotta, National Institute of Standards and Technology Gaithersburg, Maryland 20899 ABSTRACT Establishing and maintaining a presence on the World Wide Web (Web), once a sideline for . industry, has bee a key strategic aspect of marketing and sales. Many panies have demonstrated that a well designed Web site can have a positive effect on their profitability. Enabling customers to answer their own questions by clicking their way through Web pages, instead of dealing with operators and voice response systems, increases the efficiency of the customer interface. One of the most challenging problems in managing large worked systems is the plexity of security administration. This is particularly true for anizations that are attempting to manage security in distributed multimedia environments such as those using World Wide Web services. Today, security administration is costly and prone to error because administrators usually specify access control lists for each user on the system individually. Rolebased access control (RBAC) is a technology that is attracting increasing attention, particularly for mercial applications, because of its potential for reducing the plexity and cost of security administration in large worked applications. The concept and design of RBAC is perfectly suited for use on both intras and inters. It provides a secure and effective way to manage access to an anization’s Web information. This paper describes a research effort to develop RBAC on the Web. The security and software ponents that provide RBAC for worked servers using Web protocols have been implemented and are described in this paper. The RBAC ponents can be linked with mercially available web servers, and require no modification of the server software. Introduction Establishing and maintaining a presence on the World Wide Web (Web), once a sideline for . industry, has bee a key strategic aspect of marketing and sales. Many panies have demonstrated that a welldesigned Web site can have a positive effect on their profitability. Enabling customers to answer their own questions by clicking their way through Web pages, instead of dealing with operators and voice response systems, increases the efficiency of the customer interface. Companies are seizing the Web as a swift way to stre