D. Richard Kuhn is a computer scientist in the Computer Security Division of NIST. His primary technical interests are information security and software testing and assurance. He developed, in conjunction with David Ferraiolo, the first formal model for role based access control, and is overseeing NIST's proposed standard for RBAC.
Ramaswamy Chandramouli is a computer scientist in the Computer Security Division of NIST. He has more than 17 years experience in design and development of IT solutions in industry and government, and coauthored the first international security protection profile for RBAC. His current work focuses on automated security testing tools, and he is coauthor of NIST's proposed RBAC standard. --This text refers to the Paperback edition.
Chapters 1 through 3 give a solid foundation for understanding RBAC and how it evolved, starting with an introduction, an exhaustive survey of access control methods needed to fully understand the evolution, and a solid and detailed overview of RBAC itself.
In the subsequent chapters each aspect of RBAC is covered in depth. Topics include role hierarchies, separation of duty policies, administration, integrating RBAC into existing infrastructures, and migration to RBAC. In addition, there are chapters on related topics that give this book wide scope - "Using RBAC to Implement Military Policies" shows how to implement multi-level security models with RBAC. This information uses military policies, but the material is also of interest to any commercial organization seeking tightly integrated access controls and a high security posture. The chapter on the proposed NIST RBAC standard also covers key items of interest, including Common Criteria RBAC protection profiles and other conformance issues. There are also chapters on RBAC research and prototypes, and commercial products.
While this book is well written and uses illustrations to impart key concepts, you will need to be conversant with set theory in order to get the most from it, as well as understand RBAC itself. If you are a bit rusty I recommend refreshing your skills before diving into this book.
If you want to explore RBAC and the work of each of the authors visit NIST Computer Security Division and Computer Security Research by pasting the ASIN, B0001O48Y4, into the search box, selecting all products and clicking GO. Once you are on the site you'll find the RBAC section under Security Research/Emerging Technologies->Authorization Management and Advanced Access Control Models (AM&AACM) link.