OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: roles and the social structure


I've had need to chew on Figure 14 and the surrounding text in the RA PR1, and was somewhat uncomfortable with the seemingly central role of Role.  My concern was whether this leaned to the RBAC version of access control, where there are concerns about scalability and a resulting (at least local) leaning towards ABAC.  Also, to what extent is this relevant to the general question of authorization.

Figure 14 states that a Social Structure defines a Role and that Role has certain Rights, Responsibilities, and Authority (RRA).  (We won't get into what Action means here.)  It also says the Role requires Qualification which requires Skill.  

Now to begin, while the Role is certainly defined in the context of a Social Structure, whether someone designated to fill that role has any qualifications or skill is not a mandatory consideration.  President Lincoln removed numerous generals from commanding the Union army because while they were designated for the role and could exercise rights relevant to their responsibility and authority, they did not demonstrate the qualifications or skill for the job.

Conversely, it is often recommended that if you want a job (especially promotion to a position), demonstrate you have the qualifications and skill. and an observant management will give you the role.  Moreover, there are numerous examples where demonstrated qualifications and skill results in someone being associated with a role whether or not they have been officially given the role.

So while I agree that the Role is defined by the Social Structure, I would look at Qualification and Skill as being indicative of the ability to fulfill a Role.  Thus, the definition of the Role is much more a collection of Social Structure-recognized attributes, and Role is often a convenient name for the aggregation of these attributes and the RRA that follows.  

This line of thought then allows me to have consistency with a attribute-based approach.  As already noted in the text, the Responsibility, Authority, and Rights can be bestowed without bestowing the named Role.

Any problems with this? 

Ken


------------------------------------------------------------------------------------------

Ken Laskey

MITRE Corporation, M/S H305     phone:  703-983-7934

7515 Colshire Drive                        fax:        703-983-1379

McLean VA 22102-7508




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]