From 877469fb38fc505abe80aa7234d1399e8e73dda0 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Mon, 17 Mar 2025 11:34:04 -0600
Subject: docs: add conclusion on ReBAC paper

---
 doc/share/authz/ReBAC.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'doc/share')

diff --git a/doc/share/authz/ReBAC.md b/doc/share/authz/ReBAC.md
index 95700c6..9e458fe 100644
--- a/doc/share/authz/ReBAC.md
+++ b/doc/share/authz/ReBAC.md
@@ -105,6 +105,18 @@ A policy language facilitates:
 1. the specification of composite policies, which in turn forms the basis of trust delegation.
 1. **the static analysis of policies and system configuration.**
 
+## Context Hierarchy
+
+The context hierarchy assumes a tree shape: i.e., only single inheritance is permitted.
+Multiple inheritance corresponds to a more flexible means of constraining when
+relationships can be "activated" simultaneously.
+
+## Conclusion
+
+Relationship-Based Access Control works best in application domains in which
+binary relations are more natural for expressing authorization decisions than
+unary relations (e.g., roles).
+
 ## See also
 
 * [Relationship-Based Access Control: Protection Model and Policy Language by Philip W. L. Fong](https://cspages.ucalgary.ca/~pwlfong/Pub/codaspy2011.pdf)
-- 
cgit v1.2.3