[1] W. B. Shim, S. Park (2001). “Implementing Web Access control System for the Multiple web Servers in the Same Domain Using RBAC Concept”. IEEE Parallel and Distributed Systems, 768 — 773.
[2] D. F. Ferraiolo, R. Sandhu, S. Gavrila (2000). A Proposed Standard for Role-Based Access Control. National Institute of Standards and Technology (NIST).
[3] D. F. Ferraiolo, J. F. Barkley, D. Richard Kuhn (1999). “A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet “. ACM Transactions on Information and Systems Security, l2 (1).
[4] D.F. Ferraiolo, R. Sandhu, S. Gavrila, D. Richard Kuhn and R. Chandramouli (2001). “Proposed NIST Standard for Role-Based Access Control”. ACM Transactions on Information and Systems Security, 14 (3), 224-274.
[5] A. Schaad, J. Moffett, J. Jacob (2001). "The Access Control System of a European Bank". ACM SACMAT 2001, Chantilly, Virginia, USA.
[6] R Sandhu, E. Coyne, H. Feinstein, C. Youman (1996). ”Role-based access control models”. IEEE Computer, 29 (2).
[7] ISO/IEC JTC 1. (2000). Information technology ─ Security techniques ─ Evaluation criteria for IT security (ISO 15408).
[8] J. S. Park, R. Sandho, G. Ahn (2001). “Role-Based Access Control on the Web”. ACM Transactions on Information and System Security, l4 (1), 37-71.
[9] R. L. Krutz, R. D. Vines (2001). CISSP Prep Guide:Mastering the Ten Domains of Computer Security. Wiley Computer Publishing. 200-214.
[10] Bruce Schneier (2000). Secrets and Lies : digital security in a networked world. John Wiley & Sons Inc. 151-188.
[11] Tim Converse, Joyce Park (2001). PHP 4 Bible. IDG Books Worldwide.
[12] Harish Rawat, Sascha Schumann, et. al. (1999). Professional PHP Programming. Wrox.
[13] Wankyu Choi, Allan Kent, Chris Lea, Ganesh Prasad, et. al. (2000). Beginning PHP4. Wrox.
[14]黃景彰, (民90年6月),資訊安全-電子商務之基礎,初版,台北‧華泰文化。
[15]林勤經,樊國楨,方仁威,(民90年8月),資訊安全認證與電子化網路社會,WISE2001(Workshop in Internet Security Engineering),頁280-299。
[16] 洪敏翔,(民89年),使用XML設計執行權管制資訊流,國立交通大學資訊管理研究所碩士論文。