RHUL-MA-2005-6


Access control data structures generally need to evolve over time in order to reflect changes 
to security policy and personnel.  An administrative model defines the rules that control the 
state changes to an access control model and the data structures it defines.  We present a 
powerful framework for describing role-based administrative models. The framework is based on 
the concept of administrative domains and state changes that preserve certain aspects of those 
domains.  We define a number of different sets of criteria, each of which control the effect 
of state changes on the set of administrative domains and thereby lead to different role-based 
administrative models.  Using this framework we are able to identify some unexpected 
connections between the ARBAC97 and RHA administrative models and to compare their respective 
properties.  We also suggest some improvements to both models.