@@ -147,5 +147,19 @@ directly into each transaction_.
### Relationship-Based Access Control (ReBAC)
+> Authorization decisions are based on the relationship between the resource owner
+> and the resource accessor in a social network maintained by the protection
+> system.
+
+A Social Network System (SNS) maintains a social network for at least two reason:
+
+1. It is used by the users to navigate the information space of the system
+2. The social network is used as a basis for formulating the access control
+ policies of user contributed resources.
+
+References
+
+* [Relationship-Based Access Control: Protection Model and Policy Language by Philip W. L. Fong](https://cspages.ucalgary.ca/~pwlfong/Pub/codaspy2011.pdf)
+
### Attribute-Based Access Control (ABAC)