RBAC Introductory References

Context

IAM

Title

RBAC Introductory References

Description

A selection of prioritized introductory references on RBAC and role engineering. The goal of this read list is to help IAM professionals build strong foundations for their RBAC implementation program.

Item 1

https://open-measure.atlassian.net/wiki/spaces/BIB/pages/112590997 This book contains everything you need to know to implement RBAC properly. This is very practically oriented towards implementation in organizations and will delight IAM professionals responsible for role engineering.

Item 2

Sussex, 2013 An excellent reference to get your hands dirty on RBAC implementation. If you are looking into initiating an RBAC project, read this first.

Item 3

https://open-measure.atlassian.net/wiki/spaces/BIB/pages/81101465 This is THE reference book on RBAC. Perhaps a little academic for busy professionals but still very much accessible. I wish Ferraiolo publishes a 3rd edition. Fundamental concepts are discussed in details and even provided with the historical context of their emergence.

Item 4

Wisegate, 2012 A surprisingly good report for a consulting company (I tend to think that consulting companies have strong biases). Introduces the concept of polyarchy that is a key to move out of the common “organization chart” mistake in role engineering.

Item 5

https://open-measure.atlassian.net/wiki/spaces/BIB/pages/112525340 For an introduction to RBAC, do not read the full article. But read the introduction and skim through the rest of the article to understand how responsibility is interlinked with RBAC and grab a few key concepts.

Item 6

Fernandez et al., 2012 A 2012 survey on RBAC practical usage in enterprises. Provides interesting insights around RBAC assumptions, strengths and weaknesses.

Item 7

O’Connor and Loomis, 2010 An economical analysis of RBAC. A great report to pick strong arguments and build up your RBAC business case.


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.