Learn using the SPEC
Pick a technology stack you are comfortable with based on current knowledge, SLAs, data storage, and support requirements.
Design a very simple RBAC data model. Eight objects are all that is needed.
Design a simple RBAC software model.
Don't ignore the Audit
Code first as a POC. Start with the core - RBAC0. Get it right first.
Test driven development and automation key contributors to successful outcome.
Map existing IT entitlements to RBAC system using established role engineering techniques
Use parent roles as Business Roles and child roles as IT Roles.
Deploy RBAC system into application environment using established standards. Use declarative policy enforcement points like JEE security for coarse-grained, Spring for fine-grained.
Application teams own mapping between Business and IT roles.
Model administrative controls on ARBAC. More on ARBAC coming soon...