On Wed, Nov 6, 2013 at 2:10 AM, Kent Fredric <kentfred...@gmail.com> wrote:
> Exactly, even in the global contexts of the definition of "Role" in human > language, Role is simply one, of a list of many methods, to provide an > access control mechansim. > > That is to say, "Role" does not infer "access control". > > ie: You're providing a mechanism for access control, and the mechanism is > applied using the role approach. > > It is not that it is a role that is the distinguishing character, it is > that it is an access control mechanism. > I would say that Role, and Access Control are actually both equally important because we must distinguish between whether we're talking RBAC, DAC, MAC. You should not call it a Group for example, because a Group is something different, though easily confused by the layman, from a Role. > The reason you need to seperate the word "Role" from the mental model, is > that non-roles are required to make it work, for instance, RBAC may need a > way of authenticating the user somehow, whether it be integral, or > externally governed. > That really doesn't help with the naming problems though... which is what I'm trying to get sorted... a AccessControl::Role::Role::Role - instead of RBAC::Trait::Role is really, really confusing. assumes that the first Role is referring to the type of authorization and could be replaced with Discretionary, Mandatory, or whatever the other 2 or 3 forms of authorization that I'm forgetting are, the 2nd meaning Perl Role, and the 3rd being the implementation detail that is a compositional behavioral unit for a role in RBAC. Obviously we must distinguish between whether we're talking RBAC, DAC, MAC. The word Role is /very/ important in the context of RBAC even as important as it is in the context of Perl Role. note: the last 2 "Roles" are realistically only important in a programming context, the very first can be important in all kinds of contexts such as "Role Engineering" and database design, perhaps ldap integration, because design would be extremely different for MAC or DAC. -- Caleb Cushing http://xenoterracide.com Calendar: https://www.google.com/calendar/embed?src=xenoterracide%40gmail.com&ctz=America/Chicago
