ABSTRACT
When the identity of the object has been verified via
authentication, the network should know why the person
or object requires access. The network infrastructure
should know the role of the person or object within the
organization (e.g., printer, network administrator, regular
user). This is a function common in most network operat-
ing systems. Group-based access policies for server-based
resources have been around for many years. Unfortunately,
implementation of role-based access to the network infra-
structure at OSI layers two and three is almost non-existent.
It is very rare to find a network that requires authentication
before granting port-level access to Transmission Control
Protocol/Internet Protocol (TCP/IP) or other network
services.