-
Documentation
-
Resolution:
Unresolved
-
Minor
-
None
-
None
-
-
- ABAC, RBAC, and Grouper - Chris Hyzer
- perhaps we should add a section that is more explicit about how 800-162 abac model is mapped to the GDG approach? and how that compares to RBAC?
- Make it more explicit, and explain how things relate to RBAC
- GDG takes spirit of the RBAC and ABAC standards
- Suggest that GDG is like RBAC or ABAC, and maybe summarize what is useful from it and how Grouper relates to it
- Grouper uses attributes (as explained in RBAC and ABAC), but Grouper does the access policy and Grouper has ad hoc attributes
- Use of permissions in Grouper is not exactly like in RBAC and ABAC
- Grouper uses hybrid model
- Matt: best to talk about natural language constructs versus talking about role or attribute
- Deployment model changes whether access control policy or whether its an attribute
- Last mile to the application varies
- Something can be attribute to one application and a role to another
- Using the RBAC model doesn’t totally fit
- Good to mention that Grouper can support the models
- Focus on natural language
- Bill: good ideas from RBAC are around unanticipated user, attributes on users change and can update automatically , Grouper does accomplish this
- SUMMARY: GDG should tone down the emphasis on “you must read RBAC”
- in the GDG intro, define ABAC and RBAC and say Grouper is related … then talk about natural language.