How role based access control is implemented in SESAME

In this paper we want to share our experiences with implementing a scheme that enforces role based access control in a distributed, heterogeneous computing environment. This work was done in the framework of the EC-RACE project SESAME (A Secure European System in A Multi-vendor Environment). The SESAME project relies on the work done by ECMA (European Computer Manufacturers Association) to represent the credentials of the users and fully supports the GSS-API to help the application developers. We conclude that enforcing such a scheme is realistic and that writing applications, that benefit from the advantages of role based access control, is very feasible. We have built several demonstration applications.