Attribute Based Access Control (ABAC), OAuth 2.0 and OpenID Connect (OIDC) are complementary standards that can be used individually or in concert to offer comprehensive access control for applications that are built using microservice and API approaches. This document outlines a set of examples where security standards work together in addressing requirements that are difficult or impossible to meet by using OAuth or OIDC alone.
Learn how Axiomatics can help you avoid OAuth being used beyond its intent – delegated consent. Using Externalized Dynamic Authorization, you can prevent:
- Franken-scopes: different scopes blended together in ways that were not originally intended
- Scope Explosion: similar to role explosion, when you are forced to create many scopes to address different use cases when a policy based approach would make it much simpler
- Authorization logic from creeping into your microservices