A Systematic Approach to Implementing Dynamic Authorization using Attribute Based Access Control

“That sounds hard.” Shifting to a new way of managing access control requires a new way of thinking. But the approach is straightforward. This paper will break down the process into digestible, easy-to-implement steps as you switch to a policy-based approach, and upgrade your legacy role-based system.

In RBAC, users are assigned roles and roles assigned permissions. The use of roles and permissions makes access control more manageable. It also provides for a first tangible step towards externalized authorization However, RBAC also suffers from manageability. With the advent of the Internet, APIs, IoT, Big Data, there is an increasing need for finer-grained, context-aware authorization.

RBAC cannot provide access control based on relationships or contextual attributes such as time or location. Consequently, RBAC cannot express real-world access control policies. RBAC simply does not scale to the complexity in today’s IT environments. This is where Attribute Based Access Control (ABAC) comes in.

Other Resources

White Papers
Top 10 Misconceptions of a Policy-Based Approach
Even for senior software developers, wading into the world of IAM (Identity & Access Management) and access control can be daunting. Making your way through the...
White Papers
Infographic: Build vs. Buy for Dynamic Authorization Solutions
When making a Build vs Buy decision for IAM and dynamic authorization, you must take into account the hidden costs of DIY. In this infographic,...
White Papers
Build vs Buy for Dynamic Authorization Solutions
When should you consider investing in Dynamic Authorization software versus building your own in-house solution? When evaluating the best approach to securing your APIs, applications,...