Overview#Access Control Policy are high-level Policy requirements that specify how Access Control is managed and who, under what circumstances, may access what resources.
Access Control Policy has traditionally been done in an Application-centric or Organizational-centric bounded Context. With microservices and Zero Trust architectures a data-centric bounded Context is more appropriate.
While Access Control Policy can be Application-centric and thus taken into consideration by the application vendor, Access Control Policy are just as likely to pertain to user actions within the context of an organizational unit or across Organizational-centric boundaries. For instance, Access Control Policy may pertain to resource usage within or across organizational units or may be based on need to know, competence, authority, obligation, or conflict-of-interest factors.
Access Control Policy BeyondCorp#Access Control Policy is a programmatic representation of the Resources, Trust Tiers, and other predicates that MUST be satisfied for successful authorization
More Information#There might be more information for this subject on one of the following:
- Access Control
- Access Control Engine
- Access Control Models
- Access Control Service
- Cloud Access Security Broker
- Data Accuracy
- Digital Rights Management
- Identity Governance and Administration
- NISTIR 8112
- Policy Based Management System
- Privilege Conflict
- Web Blog_blogentry_061218_1
- Zero Trust