Download joint Intel and Axiomatics White Paper: The XACML Enabled Gateway - The Entrance to a New SOA Ecosystem
What is ABAC?
Attribute-Based Access Control (ABAC) uses attributes to describe access control rules and access requests in a structured language. Attributes are sets of labelled properties which can be used to describe any entity (not only the subject) that needs to be considered for authorization purposes. ABAC thus offers fine-grained and context-aware access control that adapts to dynamically changing needs.
An abstract view of access control requests can be summarized as follows:|
A subject… |
… wants to |
… with a |
… in a given environment or under given circumstances |
|
Examples: |
|||
|
Medical doctor on duty… |
… wants to edit… |
… patient A. Smith's health record… |
… in the hospital's emergency reception office. |
|
Mr. Brown, father, … |
… wants to access… |
… an online absence report from his daughters school… |
… from his home computer via the Internet at 11 pm. |
|
Bank account holder… |
… wants to withdraw €200 … |
… from bank account xyz… |
… via ATM machine A located in city B. |
Thus, any syntactically correct and semantically meaningful sentence describing an access request in one way or the other will include building blocks which can be described with attributes:
- Press Release: Axiomatics, European Entitlement Management specialist, accelerates its US expansion by hiring top IAM analyst Gerry Gebel
- Highly merited analyst joining Axiomatics
- Enforcing Segregation of Duties (SoD)
- Cybercom White Paper on enhanced security released
- Axiomatics granted research funding
