{
  "id": "bbg-p0324-identity-access-and-auth-identity",
  "title": "Access Control Models",
  "chapter": "identity-access-and-auth",
  "batch": "15",
  "rank": 142,
  "sourcePage": 324,
  "sourcePointer": "p. 324",
  "status": "accepted",
  "reviewerStatus": "reviewed",
  "fidelityScore": 0.9,
  "canvas": {
    "width": 960,
    "height": 640
  },
  "fireworksTechGraph": {
    "style": "style-1-flat-icon",
    "diagramType": "comparison",
    "topologyNotes": [
      "source page render inspected",
      "extracted page text inspected",
      "source page render and extracted text inspected",
      "preserve RBAC, ABAC, ACL, and policy-based tradeoffs",
      "omit decorative source drawing"
    ],
    "publicBoundary": [
      "original vector output",
      "no source pixels",
      "no source mark or long wording"
    ]
  },
  "callouts": [],
  "sourceReview": {
    "conceptAnchors": [
      "concept: RBAC roles",
      "concept: ABAC attributes",
      "concept: ACL explicit permissions",
      "concept: policy-based access",
      "concept: scale and complexity tradeoff"
    ],
    "labelSource": "curated",
    "semanticStatus": "reviewed"
  },
  "groups": [
    {
      "id": "models",
      "label": "Authorization models",
      "x": 54,
      "y": 126,
      "w": 852,
      "h": 330
    }
  ],
  "shapes": [
    {
      "id": "subject",
      "kind": "actor",
      "label": "Subject",
      "detail": "user service",
      "x": 96,
      "y": 236,
      "w": 82,
      "h": 86,
      "tone": "blue"
    },
    {
      "id": "rbac",
      "kind": "rect",
      "label": "RBAC",
      "detail": "role grants",
      "x": 260,
      "y": 166,
      "w": 126,
      "h": 58,
      "tone": "green"
    },
    {
      "id": "abac",
      "kind": "rect",
      "label": "ABAC",
      "detail": "attributes",
      "x": 450,
      "y": 166,
      "w": 126,
      "h": 58,
      "tone": "orange"
    },
    {
      "id": "acl",
      "kind": "rect",
      "label": "ACL",
      "detail": "explicit list",
      "x": 640,
      "y": 166,
      "w": 126,
      "h": 58,
      "tone": "purple"
    },
    {
      "id": "policy",
      "kind": "gateway",
      "label": "Policy decision",
      "detail": "allow deny",
      "x": 430,
      "y": 316,
      "w": 146,
      "h": 82,
      "tone": "red"
    }
  ],
  "connectors": [
    {
      "from": "subject",
      "to": "rbac",
      "label": "role",
      "flow": "main"
    },
    {
      "from": "subject",
      "to": "abac",
      "label": "attributes",
      "flow": "data"
    },
    {
      "from": "subject",
      "to": "acl",
      "label": "entry",
      "flow": "data"
    },
    {
      "from": "rbac",
      "to": "policy",
      "label": "evaluate",
      "flow": "control"
    },
    {
      "from": "abac",
      "to": "policy",
      "label": "evaluate",
      "flow": "control"
    },
    {
      "from": "acl",
      "to": "policy",
      "label": "evaluate",
      "flow": "control"
    }
  ]
}