Nishant Kaushik looks at the NIST RBAC model and finds it wanting. Dave Kearns agrees. Ian Glazer throws his two cents in here. So a government agency takes on defining something as contentious as RBAC and the results are viewed as less than sufficient. Who is really surprised here? Rather than criticize the NIST RBAC work I am going to be a contrarian and say there shouldn’t even be a NIST RBAC. Not yet at least.
Let different vendors and enterprises work on this for a while. The best approach will eventually become obvious. Let Adam Smith’s invisible hand sort it all out. Let’s figure out what really works the best and then standardize it.
But then Dave has to go and say nasty things about my lady Ada:
Alternatively, you could thing of it as being in the same relationship to actual role implementation as the Dept. of Defense’s ADA programming language is to Java or C#.
He didn’t even get her name right; it’s Ada, not ADA. Like Pascal, who is also a good friend of mine, though a little behind the times. Ah Ada. What a classy lady (at least since 1995). What cool threads she had. I had such a crush on her I still keep this faded picture in my wallet:
I will miss Ada. A lady of beauty and refinement. Not at all like those wicked trollops Ruby and Perl.