John Barkley

Manager, Software Quality Group

Software and Systems Division
Information Technology Laboratory
National Institute of Standards and Technology

jbarkley@nist.gov

(301) 975-3346, FAX: (301) 926-3696

National Institute of Standards and Technology
100 Bureau Drive STOP 8970
Gaithersburg MD 20899-8970

RECENT PUBLICATIONS

"RDF Friendly Chemical Taxonomies for Semantic Web" (Bhat, Barkley, 2006), First International Workshop on the Semantic Web in Health Care and the Life Sciences. (Abstract: PDF; Use Case: HTML)
"Using Semantic Web Methods to Improve Information Resource Quality" (Barkley, 2006), NIST Internal Report 7354. (PDF)
"SMPTE Engineering Guideline: Overview of Delcarative Data Essence" (Declarative Data Essence Ad-hoc Group, Data Essence Technology - D27), SMPTE (Society of Motion Picture and Television Engineers) EG 39-2003, January 2003.
"SMPTE Declarative Data Essence: Comparison to ATSC DASE" (Barkley, Dolan, Koo, McCaffrey, Gebase, Souppaya, 2001), The 2nd Annual Digital TV Application Software Environment (DASE) Symposium 2001: End-to-End Data Services, Interoperability and Applications, June 2001. (Word (zipped))
"Advanced System Control Architecture: System Overview" (Advanced System Control Architectures Working Group - S22.02, 2000), SMPTE (Society of Motion Picture and Television Engineers) Journal, May 2000. (Word (zipped))
"A Resource Access Decision Service for CORBA-based Distributed Systems" (Beznosov, Deng, Blakley, Burt, Barkley, 1999), ACSAC (Annual Computer Security Applications Conference). (PDF )
"Supporting Relationships in Access Control using Role Based Access Control" (Barkley, Beznosov, Uppal, 1999), Fourth ACM Workshop on Role-Based Access Control. (PDF )
"Object Retrieval and Access Management in Electronic Commerce" (Wakid, Barkley, Skall, 1999), IEEE Communications Magazine, September 1999. ( HTML )
"A Role Based Access Control Model and Reference Implementation within a Corporate Intranet" (Ferraiolo, Barkley, Kuhn, 1999), ACM Transactions on Information Systems Security, Volume 1, Number 2, February 1999. ( PDF )
"Managing Role/Permission Relationships Using Object Access Types" (Barkley, Cincotta, 1998), Third ACM Workshop on Role-Based Access Control. ( HTML )
"Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management" (Gavrila, Barkley, 1998), Third ACM Workshop on Role-Based Access Control. ( PDF )
"Role-Based Access Control for the Web" (Barkley, Kuhn, Rosenthal, Skall, Cincotta, 1998), CALS Expo International & 21st Century Commerce 1998: Global Business Solutions for the New Millennium. ( HTML )
"Comparing Simple Role Based Access Control Models and Access Control Lists" (Barkley, 1997), Second ACM Workshop on Role-Based Access Control. ( PDF)
"Specifying and Managing Role-Based Access Control within a Corporate Intranet" (Ferraiolo, Barkley, 1997), Second ACM Workshop on Role-Based Access Control. ( PDF )
"Role Based Access Control for the World Wide Web" (Barkley, Cincotta, Ferraiolo, Gavrilla, Kuhn, 1997), 20th National Information System Security Conference. ( PDF)
"Distributed Communication Methods and Role Based Access Control for Use in Health Care Applications" (Poole, Barkley, Brady, Cincotta, Salamon, 1996), NIST Internal Report 5820. ( HTML)
"Implementing Role Based Access Control Using Object Technology" (Barkley, 1995), First ACM Workshop on Role-Based Access Control. ( HTML or PDF)
"Application Engineering in Health Care" (Barkley, 1995), Second Annual CHIN Summit 1995. (HTML or PDF)
"An Introduction to Role Based Access Control" (Barkley, Ferraiolo, Radack, 1995), NIST CSL Bulletin. ( Text)
"Reducing the Risks of Internet Connection and Use" (Barkley, 1994), NIST CSL Bulletin. ( Text)
"Security in Open Systems" (Bagwill, Barkley, Carnahan, Chang, Kuhn, Markovitz, Nakassis, Olsen, Ransom, Wack, 1994), NIST Special Publication 800-7. (PDF)
"Comparing Remote Procedure Calls" (Barkley, 1993), NIST Internal Report 5277. ( HTML)
"Issues in Transparent File Access" (Olsen & Barkley, 1991), NIST Special Publication 500-186. ( HTML)
"Introduction to Heterogeneous Computing Environments" (Barkley & Olsen, 1989), NIST Special Publication 500-176. ( HTML)

PATENTS

NIST: US Patent #6,202,066, "Implementation of Role/Group Permission Association Using Object Access Type" (Barkley, Cincotta, 2001). ( PDF )
NIST: US Patent #6,088,679, "Workflow Management Employing Role-Based Access Control" (Barkley, 2000). ( PDF)

PATENTS REFERENCING NIST PATENTS #6,202,066 & #6,088,679 LISTED ABOVE

NCR: US Patent #7,260,849, "Providing security in a database system" (Frazier, et al., 2007).
IBM: US Patent #7,257,580, "Method, system, and program for restricting modifications to allocations of computational resources" (Kumar, 2007).
Oracle International Corporation: US Patent #7,249,369, "Post data processing" (Knouse, et al., 2007).
BEA Systems, Inc.: US Patent #7,249,157, "Collaboration system for exchanging of data between electronic participants via collaboration space by using a URL to identify a combination of both collaboration space and business protocol" (Stewart, et al., 2007).
BEA Systems, Inc.: US Patent #7,240,280, "System and method for application flow integration in a portal framework" (Jolley, et al., 2007).
Microsoft: US Patent #7,233,927, "Method and system for authenticating accounts on a remote server" (Norton, et al., 2007).
Oracle International Corporation: US Patent #7,231,661, "Authorization services with external authentication" (Villavicencio, et al., 2007).
Hewlett-Packard Development Company, L.P.: US Patent #7,228,328, "Multinode activation and termination method and system" (Casati, et al., 2007).
Oracle International Corporation: US Patent #7,225,256, "Impersonation in an access system" (Villavicencio, 2007).
IBM: US Patent #7,216,125, "Methods and apparatus for pre-filtered access control in computing systems" (Goodwin, 2007).
Hewlett-Packard Development Company, L.P.: US Patent #7,207,069, "Branch locking of job tickets to control concurrency" (Foster, et al., 2007).
Oracle International Corporation: US Patent #7,194,764, "User authentication" (Martherus, et al., 2007).
Kabushiki Kaisha Toshiba: US Patent #7,194,631, "Information-processing apparatus having a user-switching function and user-switching method for use in the apparatus" (Numano, 2007).
Oracle International Corporation: US Patent #7,185,364, "Access system interface" (Knouse, et al., 2007).
Unisys: US Patent #7,174,348, "Computer program having an object module and a software development tool integration module which automatically interlink artifacts generated in different phases of a software project" (Sadhu, et al., 2007).
IBM: US Patent #7,171,373, "Database driven workflow management system for generating output material based on customer input" (Lahey, et al., 2007).
Unisys: US Patent #7,159,206, "Automated process execution for project management" (Sadhu, et al., 2007).
Unisys: US Patent #7,155,700, "Computer program having an object module and a software project definition module which customize tasks in phases of a project represented by a linked object structure" (Sadhu, et al., 2006).
Qgenisys, Inc.: US Patent #7,155,400, "Universal task management system, method and product for automatically managing remote workers, including automatically recruiting workers" (Jilk, et al., 2006).
Oracle International Corporation: US Patent #7,124,203, "Selective cache flushing in identity and access management systems" (Joshi, et al., 2006).
IBM: US Patent #7,124,192, "Role-permission model for security policy administration and enforcement" (High, Jr., et al., 2006).
US Patent #7,089,243, "Method and apparatus for a professional practice application" (Zhang, 2006).
Attenex Corporation: US Patent #7,080,076, "System and method for efficiently drafting a legal document using an authenticated clause table" (Williamson, et al., 2006).
Microsoft: US Patent #7,035,910, "System and method for document isolation" (Dutta, et al., 2006).
IBM: US Patent #7,028,303, "Method, system, and program for processing a job in an event driven workflow environment" (Lahey, et al., 2006).
Cisco Technology, Inc.: US Patent #7,010,600, "Method and apparatus for managing network resources for externally authenticated users" (Prasad, et al., 2006).
IBM: US Patent #6,985,955, "System and method for provisioning resources to users based on roles, organizational information, attributes and third-party information or authorizations" (Gullotta, et al., 2006).
IBM: US Patent #6,950,874, "Method and system for management of resource leases in an application framework system" (Chang, et al., 2005).
Microsoft: US Patent #6,950,818, "System and method for implementing group policy" (Dennis, et al., 2005).
IBM: US Patent #6,947,989, "System and method for provisioning resources to users based on policies, roles, organizational information, and attributes" (Gullotta, et al., 2005).
E.Piphany, Inc.: US Patent #6,944,777, "System and method for controlling access to resources in a distributed environment" (Belani, et al., 2005).
Qgenisys, Inc.: US Patent #6,938,048, "Universal task management system, method and product for automatically managing remote workers, including automatically training the workers" (Jilk, et al., 2005).
e-Talk Corporation: US Patent #6,901,426, "System and method for providing access privileges for users in a performance evaluation system" (Powers, et al., 2005).
IBM: US Patent #6,892,376, "Flexible infrastructure for managing a process" (McDonald, et al., 2005).
Qgenisys, Inc.: US Patent #6,859,523, "Universal task management system, method and product for automatically managing remote workers, including assessing the work product and workers" (Jilk, et al., 2005).
IBM: US Patent #6,823,513, "Workflow distribution process granting to operators with assigned activities access to needed computer resources and withdrawing such access upon the completion of the assigned activity" (McNally, et al., 2004).
E.Piphany, Inc.: US Patent #6,772,350, "System and method for controlling access to resources in a distributed environment" (Belani, et al., 2004).
Unisys: US Patent #6,766,457, "Method for controlling access to a multiplicity of objects using a customizable object-oriented access control hook" (Baisley, 2004).
Phoenix Technology Patent Development Limited: US Patent #6,725,224, "Controller system for interfacing with a work flow management system" (McCarthy, et al., 2004).
Siemens Medical Solutions Health Services Corporation: US Patent #6,714,913, "System and user interface for processing task schedule information" (Brandt, et al., 2004).
Secure Computing Corporation: US Patent #6,640,307, "System and method for controlling access to documents stored on an internal network" (Viets, et al., 2003).
e-talk Corporation: US Patent #6,615,182, "System and method for defining the organizational structure of an enterprise in a performance evaluation system" (Powers, et al., 2003).
American Management Systems, Inc.: US Patent #6,606,740, "Development framework for case and workflow systems" (Lynn, et al., 2003).
IBM: US Patent #6,594,661, "Method and system for controlling access to a source application" (Tagg, 2003).
Electronic Data Systems: US Patent #6,578,029, "System and method for selectivety defining access to application features" (Gershfield, et al., 2003).
Xerox Corporation: US Patent #6,535,884, "System, method and article of manufacture for providing an attribute system with primitive support of dynamic and evolvable roles in support of fluid and integrative application development" (Thornton, et al., 2003).
Microsoft: US Patent #6,466,932, "System and method for implementing group policy" (Dennis, et al., 2002).
Entrust, Inc.: US Patent #6,453,353, "Role-based navigation of information resources" (Win, et al., 2002).
US Patent #6,445,968, "Task manager" (Jalla, 2002).
Accenture LLP: US Patent #6,442,748, "System, method and article of manufacture for a persistent state and persistent object separator in an information services patterns environment" (Bowman-Amuah, 2002).
IBM: US Patent #6,438,549, "Method for storing sparse hierarchical data in a relational database" (Aldred, et al., 2002).
Electronic Data Systems: US Patent #6,430,549, "System and method for selectivety defining access to application features" (Gershfield, et al., 2002).
Microsoft: US Patent #6,412,070, "Extensible security system and method for controlling access to objects in a computing environment" (Van Dyke, et al., 2002).
Unisys: US Patent #6,401,100, "Method for associating classes contained in the same or different models" (Gladieux, 2002).
IBM: US Patent #6,381,579, "System and method to provide secure navigation to resources on the internet" (Gervais, et al., 2002).
Secure Computing Corp.: US Patent #6,357,010, "System and method for controlling access to documents stored on an internal network" (Viets, et al., 2002).
Epicentric, Inc.: US Patent #6,327,628, "Portal server that provides a customizable user Interface for access to computer networks" (Anuff, et al., 2001).

PATENTS REFERENCING NIST ACCESS CONTROL PUBLICATIONS LISTED ABOVE

Microsoft: US Patent #7,243,271, "Wrapped object for observing object events" (Teegan, et al., 2007).
Microsoft: US Patent #7,240,244, "Object-based software management" (Teegan, et al., 2007).
Microsoft: US Patent #7,237,245, "Object connectivity through loosely coupled publish and subscribe events" (Hinson, et al., 2007).
Sun Microsystems: US Patent #7,194,472, "Extending role scope in a directory server system" (Excoffier, et al., 2007).
US Patent #7,181,017, "System and method for secure three-party communications" (Nagel, et al., 2007).
Microsoft: US Patent #7,165,104, "Method and apparatus for managing computing devices on a network" (Wang, 2007).
Hewlett-Packard Development Company, L.P.: US Patent #7,159,210, "Performing secure and insecure computing operations in a compartmented operating system" (Griffin, et al., 2007).
Microsoft: US Patent #7,076,784, "Software component execution management using context objects for tracking externally-defined intrinsic properties of executing software components within an execution environment" (Russell, et al., 2006).
Microsoft: US Patent #7,076,655, "Multiple trusted computing environments with verifiable environment identities" (Griffin, et al., 2006).
Microsoft: US Patent #7,062,770, "Recycling components after self-deactivation" (Limprecht, et al., 2006).
Intel Corporation: US Patent #7,054,944, "Access control management system utilizing network and application layer access control lists" (Tang, et al., 2006).
Microsoft: US Patent #7,043,734, "Component self-deactivation while client holds a returned reference" (Limprecht, et al., 2006).
Microsoft: US Patent #7,043,733, "Server application components with control over state duration" (Limprecht, et al., 2006).
Microsoft: US Patent #6,920,636, "Queued component interface passing for results outflow from queued method invocations" (Dievendorff, et al., 2005).
Microsoft: US Patent #6,829,770, "Object connectivity through loosely coupled publish and subscribe events" (Hinson, et al., 2004).
Microsoft: US Patent #6,813,769, "Server application components with control over state duration" (Limprecht, et al., 2004).
Sun Microsystems: US Patent #6,785,686, "Method and system for creating and utilizing managed roles in a directory system" (Boreham, et al., 2004).
Sun Microsystems: US Patent #6,768,988, "Method and system for incorporating filtered roles in a directory system" (Boreham, et al., 2004).
Microsoft: US Patent #6,748,555, "Object-based software management" (Teegan, et al., 2004).
Microsoft: US Patent #6,748,455, "Object connectivity through loosely coupled publish and subscribe events with filtering" (Hinson, et al., 2004).
Microsoft: US Patent #6,714,962, "Multi-user server application architecture with single-user object tier" (Helland, et al., 2004).
Microsoft: US Patent #6,678,696, "Transaction processing of distributed objects with declarative transactional attributes" (Helland, et al., 2004).
Microsoft: US Patent #6,606,711, "Object security boundaries" (Andrews, et al., 2003).
Microsoft: US Patent #6,604,198, "Automatic object caller chain with declarative impersonation and transitive trust" (Beckman, et al., 2003).
Microsoft: US Patent #6,574,736, "Composable roles" (Andrews, 2003).
Microsoft: US Patent #6,487,665, "Object security boundaries" (Andrews, et al., 2002).
Microsoft: US Patent #6,473,791, "Object load balancing" (Al-Ghosein, et al., 2002).
Microsoft: US Patent #6,442,620, "Environment extensibility and automatic services for component applications using contexts, policies and activators" (Thatte, et al., 2002).
Microsoft: US Patent #6,425,017, "Queued method invocations on distributed component applications" (Dievendorff, et al., 2002).
Microsoft: US Patent #6,385,724, "Automatic object caller chain with declarative impersonation and transitive trust" (Beckman, et al., 2002).
Microsoft: US Patent #6,301,601, "Disabling and enabling transaction committal in transactional application components" (Helland, et al., 2001).
Microsoft: US Patent #6,014,666, "Declarative and Programmatic Access Control of Component-Based Server Applications Using Roles" (Helland, et al., 2000). (PDF)

NIST RBAC RESEARCH SAVES IDUSTRY $295 MILLION

PDF

DEPARTMENT OF COMMERCE/NIST GOLD MEDAL AWARD:

�For creating, developing, and transferring the Role-Based Access Control technology to private industry.�

RECENT WHITE PAPERS

"Comparing Authorization Management Cost for Identity-Based and Role-Based Access Control" (Ferraiolo, Barkley, Chandramouli, 1999). ( Word)
"Overview of HTTP 1.1 and SSL 3.0 Security Services" (Barkley, 1999). ( HTML)
"Security" (Schuermann, Barkley, 1998). ( HTML)

PRIVACY POLICY/SECURITY NOTICE
NIST is an agency of the U.S. Commerce Department's Technology Administration.

Created on November 7, 1997
Last Modified: October 15, 2007
SSD Division Webmaster: webmaster-SSD@nist.gov