CSO security expert: There are myths of authentication and authorization. He says attribute-based access control (ABAC) is overkill, but role-based control (RBAC) should be used. The problem is that people are being assigned roles based on manual processes and requests, not by automatic decisions driven by users attributes. Roles are like taxes, easy to dole out and rarely taken back, he says. Fetching someone’s status via a database is a rudimentary process that can factor into the security decisions that your platform makes that decision.”]