From a scenario in Modeling Access Control
“After some browsing, she tries to use the Search link but is told she’ll need to register to use the search. This costs only time, so she decides to do so.”
The problem with writing scenarios is keeping true to a persona, and not influencing it with what you think or would do– or what you wish people would do. The “she” of the scenario is a research scientist. I read “costs only time” and thought to myself, “is there anything more precious than time?” And wondered if the entire structure could be flawed if the scenario– which, after all, is driving the entire thing– is flawed.
However, the persona names (Dr. Amoxycxillian, Dr Beta-blocker) suggest only partially considered personas, and so this might be part of the problem. Without understanding the situation, the goals, and the motivations of the personas, behavior cannot be extrapolated.
Still, damn good looking poster. And a clear visualization of level of access, which ishard to get your head around.