Top 10 Misconceptions of a Policy-Based Approach

Even for senior software developers, wading into the world of IAM (Identity & Access Management) and access control can be daunting. Making your way through the acronyms is a chore in and of itself — RBAC, ABAC, PBAC, XACML, SAML, etc. Then, you must wrap your head around the complexities of roles, permissions, attributes and so on.

But, at its core, a policy-based access control model (also referred to as Attribute Based Access Control or “ABAC”) is a concept any developer can understand. The phrase “access control” refers to application mechanisms that govern what each user can (or can’t) see and do. And a “policy” is a principle, rule, or guideline formulated or adopted by an organization.

See 10 major misconceptions about a policy-based approach to access control and learn how those myths have been dispelled and why.

Other Resources

White Papers
A Systematic Approach to Implementing Dynamic Authorization using Attribute Based Access Control
“That sounds hard.” Shifting to a new way of managing access control requires a new way of thinking. But the approach is straightforward. This paper...
White Papers
Infographic: Build vs. Buy for Dynamic Authorization Solutions
When making a Build vs Buy decision for IAM and dynamic authorization, you must take into account the hidden costs of DIY. In this infographic,...
White Papers
Build vs Buy for Dynamic Authorization Solutions
When should you consider investing in Dynamic Authorization software versus building your own in-house solution? When evaluating the best approach to securing your APIs, applications,...