- [16] R. Sandhu, D. Ferraiolo, and R. Kuhn. The NIST model for role-based access control: towards a unified standard. Proceedings of the fifth ACM workshop on Role-based access control, pages 47–63, 2000.
- [17] R. Sandhu and P. Samarati. Access control: principle and practice. Comm. Magazine, IEEE, 32(9):40–48, 1994.
- [9] R. Johnson et al. Professional Java Development with the Spring Framework. Wrox Press Birmingham, UK, 2005.
- [19] R. S. Sandhu. Role-based access control. In M. Zerkowitz, editor, Advances in Computers, volume 48. Academic Press, 1998.
- [8] D. Ferraiolo, D. Kuhn, and R. Chandramouli. Role-based Access Control. Artech House, 2003.
- [12] T. Mikkonen and A. Taivalsaari. Web Applications: Spaghetti Code for the 21st Century. Technical Report TR- 2007-166, Sun Microsystems, June 2007.
- [14] J. Park and R. Sandhu. The UCON ABC Usage Control Model. ACM Transactions on Information and System Security, 7(1):128–174, 2004.
- [11] U. Latif. A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering, 17(1):4–23, 2005.
- [2] A. Anderson. XACML Profile for Role Based Access Control (RBAC). OASIS Access Control TC Committee Draft, 1:13, 2004.
- [15] P. Samarati and S. D. C. di Vimercati. Access control: Policies, models, and mechanisms. In Foundations of Security Analysis and Design on Foundations of Security Analysis and Design (FOSAD’00), pages 137–196, London, UK, 2001. Springer-Verlag.
- [18] R. S. Sandhu. Lattice-based access control models. Computer, 26(11):9–19, 1993.
- [3] E. Bertino, E. Ferrari, and V. Atluri. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security, 2(1):65–104, 1999.
- [6] N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder Policy Specification Language. Policies for Distributed Systems and Networks: Int. Workshop, Policy 2001, Bristol, Uk, January 29-31, 2001: Proceedings, 2001.
- [7] M. Evered and S. B¨ogeholz. A case study in access control requirements for a health information system. In ACSW Frontiers, pages 53–61, Darlinghurst, Australia, 2004. Australian Computer Society, Inc.
- [26] X. Zhang, S. Oh, and R. Sandhu. PBDM: a flexible delegation model in RBAC. Proceedings of the eighth ACM symposium on Access control models and technologies, pages 149–157, 2003.
- [24] M. Yuan and T. Heute. JBoss Seam: Simplicity and Power Beyond Java EE. Prentice Hall PTR Upper Saddle River, NJ, USA, 2007.
- [13] T. Moses et al. eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard, 200502, 2005.
- [25] L. Zhang, G. J. Ahn, and B. T. Chu. A rule-based framework for role-based delegation and revocation. ACM Transactions Information and System Security, 6(3):404–441, 2003.
- [1] B. Alex. Acegi Security, Reference Documentation 1.0.7. http://www.acegisecurity.org/guide/springsecurity.pdf, 2008.