I'm studying for CISSP certification and one of the video lectures I viewed (CBT Nuggets) really confused me. Here are some excerpts from the lecture:
"Role Based Access Control doesn't always use the role for the basis for how it's going to divide information and access the information"
"Now let's get into, I guess the easiest way to define it is the 'types of RBAC' that you might see out there. The first one is role based and that one is the one that's naturally the idea here because we're talking about role based access control. But what I'm also going to say is that there's also what's known as Task Based Access Control, also called RBAC. In other words, the way we're going to divide our groups or our containers is either going to be by role or by task.
Is it correct to consider Task Based Access Control as a type of RBAC? That doesn't seem right and other resources seem to discuss it as an entirely separate access control framework (e.g. http://books.google.com/books?id=qf_h9ixAx70C&lpg=PA61&dq=RBAC%20TBAC&pg=PA61#v=onepage&q=RBAC%20TBAC&f=false)