Whenever new technologies or novel designs and ideas emerge in some area, there arises a problem of how to introduce the new without having to entirely discard the old. In an area as rapidly evolving as computer science, this problem is accentuated. Design compromises must often be made in order to accommodate what are often called legacy systems, into which much money and competence are invested. In chapter 3, we pointed at the possibility of integrating old systems into new environments by encapsulating them into autonomous objects. In this chapter we look at a less general but more concrete approach where we propose small changes to an existing distributed infrastructure to make it possible to introduce RBAC into the system.
As we have argued in chapter 4, RBAC provides a conceptually simple model for organizing and representing access control information and can provide facilitated administration and better overview of security information.
However great the benefits of adapting a role-based view for expressing access control information may be, the issue of legacy systems remains. In this chapter we present a design that enables the introduction of RBAC into a distributed system that uses the Network File System (NFS). A prototype implementation shows that our design can be realized with little effort and with acceptable impact on general operation and performance.