Comments on: The Debate over RBAC vs. Entitlement Management http://blog.talkingidentity.com/2007/08/the_debate_over_rbac_vs_entitl.html An Architect's Quest to make sense of the world of Identity and Access Management Thu, 01 Sep 2011 20:45:14 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: NishantKaushik http://blog.talkingidentity.com/2007/08/the_debate_over_rbac_vs_entitl.html/comment-page-1#comment-136 NishantKaushik Thu, 29 Oct 2009 13:24:02 +0000 http://talkingidentity.com/blog/?p=71#comment-136 There are a number of places where you can get information on the web. For RBAC, start with the NIST specifications (<a href="http://csrc.nist.gov/groups/SNS/rbac/" rel="nofollow">http://csrc.nist.gov/groups/SNS/rbac/</a>) and then just do a google search on RBAC. Burton Group (<a href="http://www.burtongroup.com/" rel="nofollow">http://www.burtongroup.com/</a>) has some free whitepapers and podcasts you could read. KuppingerCole has some freely available webcasts on the topic (check out <a href="http://www.kuppingercole.com/events/n40064" rel="nofollow">http://www.kuppingercole.com/events/n40064</a>) as well. There are a number of places where you can get information on the web. For RBAC, start with the NIST specifications (http://csrc.nist.gov/groups/SNS/rbac/) and then just do a google search on RBAC. Burton Group (http://www.burtongroup.com/) has some free whitepapers and podcasts you could read. KuppingerCole has some freely available webcasts on the topic (check out http://www.kuppingercole.com/events/n40064) as well.

]]> By: Paras http://blog.talkingidentity.com/2007/08/the_debate_over_rbac_vs_entitl.html/comment-page-1#comment-135 Paras Wed, 28 Oct 2009 20:37:54 +0000 http://talkingidentity.com/blog/?p=71#comment-135 Very good article<br><br>I am recent computer science graudate and have worked on a large scale Enterprise Content Management project and an Identity and Access Management project and I just could not merge the security concepts between the two projects in my head<br><br>This article was beautifuly explained all these concepts.<br><br>Would you be able to advise any further reading in this space<br><br>thanks Very good article

I am recent computer science graudate and have worked on a large scale Enterprise Content Management project and an Identity and Access Management project and I just could not merge the security concepts between the two projects in my head

This article was beautifuly explained all these concepts.

Would you be able to advise any further reading in this space

thanks

]]> By: Dave Kearns http://blog.talkingidentity.com/2007/08/the_debate_over_rbac_vs_entitl.html/comment-page-1#comment-35 Dave Kearns Thu, 16 Aug 2007 02:33:07 +0000 http://talkingidentity.com/blog/?p=71#comment-35 See <http://vquill.com/2007/07/more-on-entitlements.html> for my thoughts on Rajiv's piece. I've no quibble with the entitlement meme, and you've certainly drawn the lines where they should be drawn. But there is an element among the entitlement vendors to deprecate roles. It was explained to me by one of them that the problem is that customers can be deluded into believing that defining roles solves their access control problems. Of course, nothing could be farther from the truth. It's only by combining the well-defined roles with the well-defined entitlements that the rules necessary for well-defined access can be created! See <http://vquill.com/2007/07/more-on-entitlements.html> for my thoughts on Rajiv’s piece. I’ve no quibble with the entitlement meme, and you’ve certainly drawn the lines where they should be drawn. But there is an element among the entitlement vendors to deprecate roles. It was explained to me by one of them that the problem is that customers can be deluded into believing that defining roles solves their access control problems. Of course, nothing could be farther from the truth. It’s only by combining the well-defined roles with the well-defined entitlements that the rules necessary for well-defined access can be created!

]]>