Fair enough.
Here's the same diagram of the mechanism adapted with classes from the Clique Space(TM) data model.
The adapted RBAC data model does not use all the classes defined in the Clique Space data model. However, it can clearly be seen by me that those Clique Space classes that do match the function of the RBAC ones do so rather well.
There are obvious omissions (incompletenesses) in RBAC.
Firstly, RBAC has only one hierarchy. RBAC does not distinguish between 1. the functional compatibility of various different devices and 2. the responsibility assigned to different individual roles. RBAC has the equivalent of point 2 only; the Affiliation does the same thing as the User/Role Constraint association of the RBAC model.
Secondly, I can't work out what the Role Activation Constraint class is meant to be. There is no equivalent to this beast in the Clique Space data model.
Thirdly, it seems that the Session class in RBAC represents some application or login session with a server-based system. Hence, the best fit for this class in the Clique Space data model appears to be the Connection Element, even if the relationship of the Agent Device to the device represented by a Connection is not quite identical. The Connection is an association between a Sovereign and a Media Profile in the same way that the Affiliation associates a Sovereign and a Mode Profile. Hence, a Connection has a single Sovereign, and so the Sovereign end of the association between it and the Connection has had its multiplicity changed to 1.
Finally, the RBAC model has no formal method of recording consent. Consent should be seen as the most important component of a system that models the interaction of individuals. Consent happens when the interacting is taking place; it cannot be given before or after. Clique Space models consent in the structure of the Clique and its Participants. An unspecified log-file mechanism laid over an RBAC database is the best that RBAC can do.
It almost appears that the person or people who designed RBAC gave up hope that their model could represent the flexibility of the multitude of personal relationships. It looks like they only saw the role side of these relationships, and were blind to the compatibility side. It appears that they decided that the incompleteness they experienced with this lack of a good mechanism could be swept under the metaphorical carpet by their Role Activation Constraint class.
I hope Clique Space will show these individuals the error of their ways. In time, I hope Clique Space will demonstrate a superior solution to the same problem domain as RBAC. Without an implementation, one can only hope. Still, hope is what drives me to this implementation.
No comments:
Post a Comment