docs: add conclusion on ReBAC paper

author: mo khan <mo@mokhan.ca> 2025-03-17 11:34:04 -0600
committer: mo khan <mo@mokhan.ca> 2025-03-17 11:34:04 -0600
commit: 877469fb38fc505abe80aa7234d1399e8e73dda0 (patch)
tree: 3cb52f2635bb1b180a0531001014a3b3f6971156 /doc/share/authz
parent: 8548a32c1be99d38460e0005a4fd5e652c1919f3 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/share/authz/ReBAC.md b/doc/share/authz/ReBAC.md
index 95700c63..9e458fe5 100644
--- a/doc/share/authz/ReBAC.md
+++ b/doc/share/authz/ReBAC.md
@@ -105,6 +105,18 @@ A policy language facilitates:
 1. the specification of composite policies, which in turn forms the basis of trust delegation.
 1. **the static analysis of policies and system configuration.**
 
+## Context Hierarchy
+
+The context hierarchy assumes a tree shape: i.e., only single inheritance is permitted.
+Multiple inheritance corresponds to a more flexible means of constraining when
+relationships can be "activated" simultaneously.
+
+## Conclusion
+
+Relationship-Based Access Control works best in application domains in which
+binary relations are more natural for expressing authorization decisions than
+unary relations (e.g., roles).
+
 ## See also
 
 * [Relationship-Based Access Control: Protection Model and Policy Language by Philip W. L. Fong](https://cspages.ucalgary.ca/~pwlfong/Pub/codaspy2011.pdf)
author	mo khan <mo@mokhan.ca>	2025-03-17 11:34:04 -0600
committer	mo khan <mo@mokhan.ca>	2025-03-17 11:34:04 -0600
commit	877469fb38fc505abe80aa7234d1399e8e73dda0 (patch)
tree	3cb52f2635bb1b180a0531001014a3b3f6971156 /doc/share/authz
parent	8548a32c1be99d38460e0005a4fd5e652c1919f3 (diff)