ACCESS CONTROL AND AUTHENTICATION within an enterprise is a large-scale problem with multiple solutions. Each enterprise has its own way of handling it, depending on the risk that is associated with the information and activities on the network. The higher the risk of an attacker entering an organization and seeing or removing information, the more constraints the enterprise will put on users (subjects). An organization that maintains a large amount of credit card information or personally identifiable information (PII) on its customers will incur a higher impact if that information is removed or accessible. Corporations are now required to let a third party know when certain information has been compromised ...