Enrich RBAC and ABAC with ProBAC, #infosec #security #BPM
1 The problem
For the stable functioning of an enterprise, it is mandatory to define up-front WHO (person, system, role) can DO SOMETHING (e.g. read, update, delete) with WHAT (tangible or intangible asset or resource), WHEN (at a particular moment of time), WHERE (from which tool, environment), WHY (justification) and HOW to impose this.
There are two popular techniques: