RBAC Policy-Enhanced (ANSI 494-2012) Published
RBAC Policy-Enhanced (ANSI 494-2012) is now published (5 years in development). An Identity Management standard for the 21st century. Information Technology - Role Based Access Control - Policy-Enhanced
http://webstore.ansi.org/RecordDetail.aspx?sku=INCITS+494-2012
Role Based Access Control (RBAC) has been criticized for the difficulty of setting up an initial role structure and for inflexibility in rapidly changing domains. A pure RBAC solution may provide inadequate support for dynamic attributes, such as time of day, which might need to be considered when determining user permissions.
This RBAC Policy-Enhanced standard (to be referenced as RPE) provides a framework and functional specifications to handle the relationship between roles and dynamic constraints. Some of the administrative and user permission review advantages of RBAC are retained while allowing the access control system to work in a rapidly changing environment