At the end of Tim Weil’s presentation on RBAC at Catalyst last month, Nishant asked a basic question: is the NSIT RBAC model sufficient and complete? Not receiving a satisfactory answer, he has taken his question to the blogosphere.
Nishant’s question touches upon two of the hobgoblins of identity: context and intention. I talked about issues of context years ago in an unrefined form.
This week I have been out here in Utah working at Burton Group’s headquarters trying to figure out what I will be researching in the coming quarters. I have not found my research topics yet, but in conversations with the team it is becoming clear to me that lurking behind a lot of the topics we’d like to dig into are the problems of describing context and recognizing intentionality. We’ll see what the coming months of research uncover.
[...] at the NIST RBAC model and finds it wanting. Dave Kearns agrees. Ian Glazer throws his two cents in here. So a government agency takes on defining something as contentious as RBAC and the results are [...]
[...] Glazer thinks that I have opened Pandora’s box by talking about the need to bring context and intent into the area of RBAC by using relationships [...]