Friday Aug 15, 2008

What's wrong with the ANSI RBAC standard? Part 3 - what happens when you remove an inheritance relationship?

The ANSI standard for RBAC (ANSI 359-2004) includes role hierarchies as an optional feature. The model of role hierarchies defined is simple, easy to understand, and generally good stuff. It does have a few problems, one of which I think should be addressed: When in a role hierarchy an inheritance relation between two roles is removed, the specification doesn't say what should happen. It should. There are two possible behaviors in theory. In a world where workflow, approval, and attestation are important - our world - there is really only one good behavior.

[Read More]
About

Articles and thoughts, many far too long, relating to Identity Management.

Search

Top Tags
Archives
August 2008
SunMonTueWedThuFriSat
     
2
3
4
5
6
7
9
10
11
12
13
14
16
17
18
19
20
21
23
24
25
26
27
28
29
30
31
      
Today