Although networks, systems, and cyber security have come on in leaps and bounds, the fundamental theories of access control and the recent addition of identity to it (IAM) hasn’t really moved on from the 60s and 70s. Things like mandatory, discretionary, and role-based access control still sit at the heart of modern technologies such as Active Directory and OpenID. In some ways, the use of these services still follows an old way of thinking, a list that allows or denies access to a system or service. While these models have been shown to work very well, we may need think more radically for future technologies. This is especially true when we think about the evolution from Web 2.0 to Web 3.0 and beyond.
