Towards a UML based approach to role engineering

Role based access control (RBAC) is a promising technology for scalable access control. For RBAC to rise to its full potential, the roles must be properly constructed to reflect organizational access control policy and needs. This requires a discipline of Role Engineering to develop various components of RBAC such as role hierarchy, permissions land permission-role assignment), and constraints. The importance of Role Engineering has been recognized but very little work has been done to date. In this paper we explore the possibility of using the Unified Modeling Language (UML) to support Role Engineering. We chose UML because it is a de facto standard and reflects a consensus in the modeling community. To investigate the capability of UML for Role Engineering, we represent an existing Role framework recently published by Thomsen, O'Brien, and Bogle. This framework can be modeled in UML, with the assistance of adding a new user defined UML vocabulary.