At its core a policy-based access control model (also referred to as Attribute Based Access Control or “ABAC”) is a concept any developer can understand.
The phrase “access control” refers to application mechanisms that govern what each user can (or can’t) see and do. And a “policy” is a principle, rule, or guideline formulated or adopted by an organization.
While learning the fundamentals of access control and how it helps development teams secure their applications, you may be exposed to some conflicting ideas or even misinformation about policy-based access control and the value of an ABAC-based solution.
Adopting external authorization will impact performance System performance is a major concern for most teams. As a result, when developers are introduced to the concept of externalized authorization via “a centralized server,” the conversation quickly turns to performance and concerns about further slowing processes. In reality, there is no impact on process efficiency and flow.
ABAC streamlines decision processes so your application code is not overwhelmed with security rules.
For the developer, the interface is very simple: send a package of attributes to the authorization service, then process the permit/deny response.
Here are five common misconceptions about a policy-based access control model and the value you may be missing.