diff options
| author | mo khan <mo@mokhan.ca> | 2025-03-14 11:14:17 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-03-14 11:14:17 -0600 |
| commit | 9ecf8c07697f3ffad2ea52a6521ef76175abec05 (patch) | |
| tree | 5a806e2f7544221d6626035a101f1f76440bc67b /doc | |
| parent | d034240ecdffaaf7c50b740a3958f80a07cbd6b3 (diff) | |
docs: describe the ReBAC model and how it differs from RBAC
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/share/authz/README.md | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/doc/share/authz/README.md b/doc/share/authz/README.md index 52d330f8..fd72bbc9 100644 --- a/doc/share/authz/README.md +++ b/doc/share/authz/README.md @@ -157,6 +157,24 @@ A Social Network System (SNS) maintains a social network for at least two reason 2. The social network is used as a basis for formulating the access control policies of user contributed resources. +Access Control Paradigm: + +1. the explicit tracking of one or more social networks by the protection system +1. the expression of access control policies in terms of the relationship + between the resource owner and the resource accessor + +Suited for domains in which relationship and authorization decisions are from +the structure of trust that is inherent in the application domain rather than +subjective assessment of users. + +It is more natural to base authz decisions on whether the resource owner and +accessor are in a particular kind of relationship. + +In a standard RBAC system, when a permission `p` is assigned to role `R`, we are +essentially formulating the following policy: `grant p to user u if R(u)`. + +PriMA is another recently proposed privacy protection mechanism for SNSs. + References * [Relationship-Based Access Control: Protection Model and Policy Language by Philip W. L. Fong](https://cspages.ucalgary.ca/~pwlfong/Pub/codaspy2011.pdf) |