In recent years, technology known as OpenFlow has been proposed (see Non-Patent Literature (NPL) 1 and 2). In OpenFlow, communication is taken as end-to-end flow, and path control, failure recovery, load balancing and optimization are performed on a per-flow basis. An OpenFlow switch as specified in Non-Patent Literature 2 is provided with a secure channel for communication with an OpenFlow controller, and operates according to a flow table in which appropriate addition or rewriting is instructed by the OpenFlow controller. In the flow table, for each flow there are definitions of sets of match conditions (Match Fields) that match packet headers, flow statistical information (Counters), and instructions (Instructions) that define processing content (refer to “4.1 Flow Table” in Non Patent Literature 2).
For example, when an OpenFlow switch receives a packet, a search is made for an entry having a match condition (refer to “4.3 Match Fields” in Non-Patent Literature 2) that matches header information of the received packet, from the flow table. As a result of the search, in a case where an entry matching the received packet is found, the OpenFlow switch updates the flow statistical information (Counters) and also implements processing content (packet transmission from a specified port, flooding, dropping and the like) described in an Instructions field of the entry in question, for the received packet. On the other hand, as a result of the search, in a case where an entry matching the received packet is not found, the OpenFlow switch transmits a request for entry setting to the OpenFlow controller via the secure channel, that is, a request (Packet-In message) to transmit control information for processing the received packet. The OpenFlow switch receives a flow entry with determined processing content and updates the flow table. In this way, the OpenFlow switch performs packet forwarding using entries stored in the flow table as control information.
Patent Literature (PTL) 1 discloses an example of an access control apparatus that performs Role-Based Access Control (below, “RBAC”). The access control apparatus of the same patent literature stores a user information table in which attribute values are set for respective users, a role information table in which roles indicating attribute value combinations are set, and an access control table in which role IDs are set as access conditions for respective contents. The access control apparatus of the same patent literature then sets a list of users where attribute values correspond to roles, in a user list information table for respective roles, based on the user information table and the role information table. There is a description that when a request to access content is made, an access control unit identifies an access condition role based on the access control table, and identifies access authority according to whether an accessing user is included in a user list for a particular role.    [PTL 1] Japanese Patent Kokai Publication No. JP2010-117885A    [NPL 1] Nick McKeown and seven other authors, “OpenFlow: Enabling Innovation in Campus Networks”, [online], [Search performed on Aug. 7, 2013], Internet <URL: http://www.openflow.org/documents/openflow-wp-latest.pdf>    [NPL 2] “Openflow Switch Specification” Version 1.1.0. Implemented (Wire Protocol 0x02), [online], [Search performed on Aug. 7, 2013], Internet <URL: URL: http://www.openflow.org/documents/openflow-spec-v1.1.0.pdf>