These are the ARBAC documents that came up in our meeting with Shawn McKinney at Summit: 1. OpenStack RBAC proposal slide deck http://people.redhat.com/jlennox/OpenStackRbacProposal2014.pdf 2. ANSI RBAC (INCITS 359-2004) Specification document: http://profsandhu.com/journals/tissec/ANSI+INCITS+359-2004.pdf 3. ARBAC02 Model: http://profsandhu.com/journals/tissec/p113-oh.pdf 4. Development of a standard LDAP Schema for RBAC: http://daasi.de/wp-content/uploads/2013/11/Development.of_.RBAC_.schema.v31.pdf 5. Java One 2013 - RBAC talk - Oracle San Francisco (first half of presentation goes over RBAC misconceptions): https://oracleus.activeevents.com/2013/connect/fileDownload/session/CD39984569B4EFA3C08EC9A3F3A8C185/CON2381_McKinney.pptx 6. The Z Notation: a reference manual (INCITS 359 specs written in Z): http://spivey.oriel.ox.ac.uk/mike/zrm/ And the Fortress APIs that implement it: 1. RBAC functional model: a. Administrative Commands for RBAC: http://www.jts.us/iamfortress/javadocs/api/us/jts/fortress/AdminMgr.html b. Policy Review Commands for RBAC: http://www.jts.us/iamfortress/javadocs/api/us/jts/fortress/ReviewMgr.html c. System Commands (Policy Enforcement) for RBAC: http://www.jts.us/iamfortress/javadocs/api/us/jts/fortress/AccessMgr.html 2. ARBAC functional model: a. Administrative Commands for ARBAC: http://www.jts.us/iamfortress/javadocs/api/us/jts/fortress/DelAdminMgr.html b. Policy Review Commands for ARBAC: http://www.jts.us/iamfortress/javadocs/api/us/jts/fortress/DelReviewMgr.html c. System Commands for ARBAC: http://www.jts.us/iamfortress/javadocs/api/us/jts/fortress/DelAccessMgr.html