Web sites such as Internet sites often provide resources such as information, products, services, and the like to their users. In distributed services such as web services, access refers to the capability to do something with a service or a service's resource (e.g. execute, change, view, and create). Access control is the mechanism by which this capability is explicitly enabled or restricted in some way. Access control systems can dictate who or what process may have access to a specific resource as well as what type of access is permitted. These controls can be implemented within the service itself or external services and applications that interoperate with the service. With the proliferation of web services, it is important to define and enforce access to various resources over a distributed network.
Role-based authorization systems allow access to a resource by role. A role identifies the permissions, tasks, responsibilities, or qualifications of a user or a group of users. Conventional role-based systems define access to the resource by associating a specific role with a specific resource. However, such conventional systems are limited to specifying resources generally.
Accordingly, an improved access control system is desired to address one or more of these and other disadvantages.