Seldom does any organization use a pure RBAC or a ABAC or any pure Access Control Model, system as typically there is a mix of using the values of Attributes on an LDAP Entry to determine the roles as used within RBAC.

Generally, organizations begin with primarily a ABAC system and as the IAM system matures, move to a system utilizing RBAC and then probably to Context Based Access Control.

However, as the attributes on an entry is still the only way, as far as we can determine, to decide how to add a Digital Subject to a Role, the discussions of RBAC vs ABAC tend to be more theoretical or Strategic direction than a possible tactical implementation.

More Information#

There might be more information for this subject on one of the following: