Getting started with ABAC

Attribute Based Access Control (ABAC) is the next generation access control scheme. It leverages the currently domintaing model, Role Based Access Control (RBAC) but overcomes its weaknesses. With ABAC corporate access control policies are implemented using a rich policy language that reflect the actual business rules of the organization.

Restricting access to data with ABAC is a matter of defining corporate policies in a generic policy language and identifying the sources of attributes on which these policies depend. If a policy defines that managers only can view records relating to their own departments in an information system, then the department code and the role "manager" must be identifyable when an access request is evaluated.

The various steps involved in the roll-out of an ABAC-based infrastructure therefore involves procedures relating both to the policies and the attributes they used.

This paper discusses these different procedures and provides a high-level view of the steps involved in the creation of an Attribute Based Access Control (ABAC) system.

Some resources on this web site are available for registered users only. To access them, you need to login. If you do not have an account yet, use the registration form.