diff options
Diffstat (limited to 'doc/share/authz')
| -rw-r--r-- | doc/share/authz/ReBAC.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/share/authz/ReBAC.md b/doc/share/authz/ReBAC.md index 95700c63..9e458fe5 100644 --- a/doc/share/authz/ReBAC.md +++ b/doc/share/authz/ReBAC.md @@ -105,6 +105,18 @@ A policy language facilitates: 1. the specification of composite policies, which in turn forms the basis of trust delegation. 1. **the static analysis of policies and system configuration.** +## Context Hierarchy + +The context hierarchy assumes a tree shape: i.e., only single inheritance is permitted. +Multiple inheritance corresponds to a more flexible means of constraining when +relationships can be "activated" simultaneously. + +## Conclusion + +Relationship-Based Access Control works best in application domains in which +binary relations are more natural for expressing authorization decisions than +unary relations (e.g., roles). + ## See also * [Relationship-Based Access Control: Protection Model and Policy Language by Philip W. L. Fong](https://cspages.ucalgary.ca/~pwlfong/Pub/codaspy2011.pdf) |