it:ad:design:investigations:security:authorisation:abac

IT:AD:Design:Investigations:Security:Authorisation:ABAC

Summary

Attribute Based Access Control (ABAC) is by some, as:

Attribute-Based Access Control (ABAC) surpasses all previous authorization models. It provides easily scalable, dynamic, context-aware and risk-intelligent access control, essential for the modern enterprise.

That's a tall statement…

Notes

  • Granted not on Subject(User) rights, but Attributes of the Subject (eg: “Age>=18”)provided to the ABAC Engine, proven/backed by an Authority (ie: Attributes as Claims).
  • Subject/User does not need to be Authenticated (can be Anonymous) and still have proven Attributes.
    • Note: However this require means for proving claims anonymously. This can for instance be achieved using anonymous credentials or XACML.
  • An ABAC Control Policy specifies which Claims are needed to be be satisfied in order to grant Access to an Object.

Resources

  • /home/skysigal/public_html/data/pages/it/ad/design/investigations/security/authorisation/abac.txt
  • Last modified: 2023/11/04 02:46
  • by 127.0.0.1