Two categories of security policy, rule-based and identity-based, are identified in International Telegraph and Telephone Consultative Committee (CCITT) Rec. X.800 | ISO 7498-2. [ISO 10181-3] Initiator-based access control policies are based on rules specific to an individual initiator, a group of initiators, entities acting on behalf of initiators, or originators acting in a specific role. Access control policies stated in terms of groups of initiators or in terms of initiators acting in specific roles are types of initiator-based policies. [ISO 10181-3] This class is derived from ISO 10181-3 and CCITT Rec. X.800 | ISO 7498-2.