PBAC Article Feedback

[idmken]

Review the PBAC article.

[idmken]

A few suggestions:

1. Overall - the article talks about PBAC in kind of an abstract way. I think somewhere in the beginning it would be great to have either a diagram or a bolded line that says something like "The level of PBAC support and implementation is dependent on application support or in combination with an access management tool like Single Sign-On". Give an example of an application supporting PBAC and how an access tool can be used to support PBAC for applications that may only support RBAC. The article does a fantastic job outlining the differences/advantages between RBAC and PBAC but I leave assuming PBAC is a supported function by all applications and maybe my org doesn't support it due to management complexity.
2. PBAC system is mentioned four times but it isn't defined. Define a PBAC system with a diagram. That could also address question 1.
3. The plumbing example in the symmetry section seems a little overly complex or out of place with the article. The article seems to point out that PBAC can be a potentially complex undertaking and due to this, you need to staff accordingly. The plumbing example of a small business may not have the proper staffing to take this on. Maybe continue with the document example from the previous section.

[hlflanagan]

(Cleaning up old GitHub issues) V2 published; Clarified scope as an introductory article; replaced section on static access controls; removed section on privacy. See https://bok.idpro.org/article/id/61/