LDAP Schema for Role Based Access Control

Document Type Expired Internet-Draft (individual)
Author Larry Bartz 
Last updated 1997-10-14
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Role Based Access Control (RBAC) is an authorization strategy in which an entity's permission to access and manipulate targeted resources is determined by the entity's role or function within a certain organizational context. RBAC's principal motivation is to streamline security policy administration. Many discrete authoriza- tions can be aggregated within a defined role. One or many roles may be assigned or attributed to individuals. This draft describes LDAP object classes and attributes which support RBAC. Adoption of this schema across multiple LDAP implementations will enable RBAC intero- perability among heterogeneous underlying directory services.


Larry Bartz (lbartz@infostream.cr.irs.gov)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)