Role Policy is used to specify the attributes identifying the user of a system used to access Protected Information. A role is a specialization of Composite Policy that defines a group of policies (authorization, obligation, delegation and refrain policies). [HL7 DAM] ISO 22600 more specifically defines a role as a "set of competences and/or performances which is associated with a task." If one considers a set of (target identity, operation type) pairs as initiator-bound ACI, and target identities as target-bound ACI, under an appropriate access control policy, one obtains what is essentially a capability scheme [ISO 10181-3]. Accordingly, the Role Policy class equates to the ISO 10181-3 capability scheme. This class is derived from ISO 22600-2, HL7 DAM, and ISO 10181-3.