What is ReBAC (Relationship-Based Access Control)?
AI that operates within your exact security boundaries
Relationship-Based Access Control (ReBAC) is Kamiwaza's approach to managing what AI agents can and cannot access, at the user and relationship level, not just the role level.
How It Works
In traditional role-based access control (RBAC), access is defined by a user's role (e.g., "analyst" or "admin"). ReBAC goes further: it evaluates permissions based on the specific relationship between a user, the data they're requesting, and the context of the request — including clearance levels, mission context, and operational relationships.
The Core Principle
In Kamiwaza's system: if a user doesn't have access to a file or system, neither does any AI agent acting on their behalf. This means AI capabilities never expand beyond the individual's existing permissions, even when agents are operating autonomously.
Why It Matters for Compliance
ReBAC enables Authorizing Officials to answer the question "what can the AI access?" with exactly the same answer as "what can the user see?" This simplifies compliance review, audit evidence generation, and Authority to Operate (ATO) processes, particularly important for government and healthcare customers.