in scanning through the rbac doc, i agree with your assessment. however
-- just for background purposes -- the snippet below is a remnant from a
thread that was started during the f2f discussing the statement made
there that 'groups and roles are the same thing'. implementationally
this is likely to be the case, but the topic kinda spiraled down into
the realm of the techno-pedantic as we struggled to achieve the proper
wording/example to make our point (in my case that they are not the same
thing). i think that this is why the thread may have seemed some
somewhat bizarre when you first came across it.
again, none of this takes away from the value of the rbac stuff, it's
just that i wanted to clarify how we got to this point for those that
think we might have started to lose our grip on the twig :o)
b
Hal Lockhart wrote:
>
> I will take this opportunity to post the NIST RBAC paper, as
> www.list.gmu.edu seems to still be down.
>
> I believe what Simon is describing is what they call Restricted and
> Unrestricted Hierarchies.
>
> Hal
>
> >