1     Scope
 2     Normative references
        2.1     Identical Recommendations | International Standards
        2.2     Paired Recommendations | International Standards equivalent in technical content
 3     Definitions
 4     Abbreviations
 5     General discussion of access control
        5.1     Goal of access control
        5.2     Basic aspects of access control
                  5.2.1     Performing access control functions
                  5.2.2     Other access control activities
                  5.2.3     ACI forwarding
        5.3     Distribution of access control components
                  5.3.1     Incoming access control
                  5.3.2     Outgoing access control
                  5.3.3     Interposed access control
        5.4     Distribution of access control components across multiple security domains
        5.5     Threats to access control
 6     Access control policies
        6.1     Access control policy expression
                  6.1.1     Access control policy categories
                  6.1.2     Groups and roles
                  6.1.3     Security labels
                  6.1.4     Multiple initiator access control policies
        6.2     Policy management
                  6.2.1     Fixed policies
                  6.2.2     Administratively-imposed policies
                  6.2.3     User-selected policies
        6.3     Granularity and containment
        6.4     Inheritance rules
        6.5     Precedence among access control policy rules
        6.6     Default access control policy rules
        6.7     Policy mapping through cooperating security domains
 7     Access control information and facilities
        7.1     ACI 
                  7.1.1     Initiator ACI
                  7.1.2     Target ACI
                  7.1.3     Access request ACI
                  7.1.4     Operand ACI
                  7.1.5     Contextual information
                  7.1.6     Initiator-bound ACI
                  7.1.7     Target-bound ACI
                  7.1.8     Access request-bound ACI
        7.2     Protection of ACI
                  7.2.1     Access control certificates
                  7.2.2     Access control tokens
        7.3     Access control facilities
                  7.3.1     Management related facilities
                  7.3.2     Operation related facilities

 8     Classification of access control mechanisms
        8.1     Introduction
        8.2     ACL scheme
                  8.2.1     Basic features
                  8.2.2     ACI
                  8.2.3     Supporting mechanisms
                  8.2.4     Variations of this scheme
        8.3     Capability scheme
                  8.3.1     Basic features
                  8.3.2     ACI
                  8.3.3     Supporting mechanisms
                  8.3.4     Variation of this scheme – Capabilities without specific operations
        8.4     Label based scheme
                  8.4.1     Basic features
                  8.4.2     ACI
                  8.4.3     Supporting mechanisms
                  8.4.4     Labeled channels as targets
        8.5     Context based scheme
                  8.5.1     Basic features
                  8.5.2     ACI
                  8.5.3     Supporting mechanisms
                  8.5.4     Variations of this scheme
 9     Interaction with other security services and mechanisms
        9.1     Authentication
        9.2     Data integrity
        9.3     Data confidentiality
        9.4     Audit
        9.5     Other access-related services
Annex  A – Exchange of access control certificates among components
        A.1     Introduction
        A.2     Forwarding access control certificates
        A.3     Forwarding multiple access control certificates
                  A.3.1     Example  
                  A.3.2     Generalization
                  A.3.3     Simplifications
Annex  B – Access control in the OSI reference model
        B.1     General
        B.2     Use of access control within the OSI layers
                  B.2.1     Use of access control at the network layer
                  B.2.2     Use of access control at the transport layer
                  B.2.3     Use of access control at the application layer
Annex  C – Non-uniqueness of access control identities
Annex  D – Distribution of access control components
        D.1     Aspects considered
        D.2     AEC and ADC locations
        D.3     Interactions among access control components
Annex  E – Rule-based versus identity-based policies
Annex  F – A mechanism to support ACI forwarding through an initiator
Annex  G – Access control security service outline