Correction: Operation -> Limiting Constraint.

 

The cardinality and the proximity of the relationship between the Permission and the Operation in the RBAC UML imply that a Limiting Constraint (a value to an Enabling Constraint - a device's functional parameter exposed to CS) is the correct substitution.

 

Unlike the relationship between Role and Session in RBAC, Connections do not share a non trivial relationship to Mode Profiles; RBAC and CSRAM depart from each other at this point. CSRAM (gotta love it) actually incorporates much more detail that separates device type and compatibility from user access and privilege. The Clique Space role access model is extensible in that new device types necessarily introduce additional access and privilege constraints through the introduction of additional Enabling Constraints which expose a device's function; nodes in the Media Profile hierarchy (which facilitates the mapping of devices to Enabling Constraints) are used by Mode Profile hierarchies to build a user's access to resources. A particular user's authority to act in a role is given through an Affiliation. Hence, in an almost symmetric relationship shared by the Affiliation and its Mode Profile hierarchy, a Connection describes the user's possession of a device which can support a particular function given by that Connection's Media Profile hierarchy.

 

What I'm trying to do is understand the RBAC model in order to communicate the similarities and differences between the two.

 

Thanks again.

 

  Owen.