This document discusses shortcomings of the ANSI RBAC standard and potential extensions to address those shortcomings. It identifies vagueness in key RBAC concepts like the notion of a role and role hierarchies. It also finds RBAC has limited expressiveness, failing to address things like usage control, negative authorization, temporal access, distributed access, and spatial access. Several extensions are proposed that could enhance RBAC, such as UCON/TUCON for usage control, SBAC for distributed access control, and TRBACN and DEBAC for introducing temporal and event-based constraints. The goal of these extensions is to make RBAC more richly expressive and applicable to dynamic distributed environments.