Representing Flexible Role-Based Access Control Policies Using Objects and Defeasible Reasoning.