Equivalence of Clique Space access model to RBAC.
Hello people. I'm hoping this might be seen as a reasonable question that other members of this mail list might be able to help me with. I'm looking at the UML for RBAC I have found on Wikipedia<http://upload.wikimedia.org/wikipedia/en/c/c3/RBAC.jpg>(a source as reliable as any I have found) and I find that the Clique Space resource access model (CSRAM... maybe) corresponds loosely to the UML if one makes the following substitutions: Oganisation -> Clique Space Role -> Mode Profile Permission -> Property Operation -> Enabling Constraint User/Role Constraint -> Affiliation Subject -> Sovereign Session -> Connection With the exception of the property and the Enabling Constraint, all of these substitutions in the above list are made with Clique Space Elements. The concept of the Enabling Constraint and the Clique Space Elements were disclosed in my patent, but the concept of the property became an artefact that emerged in subsequent development. However, there appears to be no equivalent in Clique Space to the Role Activation Constraint class in the RBAC UML. I would appreciate it if someone could please point me to an explanation of, or fill me in with the function of the Role Activation Constraint. Thanks, Owen. -- Employment-from-home. Make mine part-time. Yes you can. Software developers certainly can be salaried and superannuated part-time from home. Make it so for this one. Clique Space(TM): A seat for the soul. www.owenpaulthomas.blogspot.com
Correction: Operation -> Limiting Constraint. The cardinality and the proximity of the relationship between the Permission and the Operation in the RBAC UML imply that a Limiting Constraint (a value to an Enabling Constraint - a device's functional parameter exposed to CS) is the correct substitution. Unlike the relationship between Role and Session in RBAC, Connections do not share a non trivial relationship to Mode Profiles; RBAC and CSRAM depart from each other at this point. CSRAM (gotta love it) actually incorporates much more detail that separates device type and compatibility from user access and privilege. The Clique Space role access model is extensible in that new device types necessarily introduce additional access and privilege constraints through the introduction of additional Enabling Constraints which expose a device's function; nodes in the Media Profile hierarchy (which facilitates the mapping of devices to Enabling Constraints) are used by Mode Profile hierarchies to build a user's access to resources. A particular user's authority to act in a role is given through an Affiliation. Hence, in an almost symmetric relationship shared by the Affiliation and its Mode Profile hierarchy, a Connection describes the user's possession of a device which can support a particular function given by that Connection's Media Profile hierarchy. What I'm trying to do is understand the RBAC model in order to communicate the similarities and differences between the two. Thanks again. Owen.
Oops... Operation -> component. A component is another emergent artefact of development. There is actually a whole set of abstractions to get from Clique Space's internal Element layer to its Clique and Participant layer where properties are expressed in Participants as Limiting Constraints. There's so much expressive detail about the variety of interaction between individuals that this RBAC UML appears to miss... I really should go to bed. Owen.
participants (1)
-
Owen Thomas