Overview#Attribute Based Access Control (ABAC) is an Access Control Model when the values of values of Attributes for a Digital Subject determine Permission.
Despite ABAC’s advantages and federal guidance that comprehensively defines ABAC and the considerations for enterprise deployment (NIST Special Publication NIST.SP.800-162), adoption has been slow. In response, the National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), developed an example of an advanced access control system. (NIST Special Publication] NIST.SP.1800-3)Examples of Access Control Models that is consistent with ABAC is the EXtensible Access Control Markup Language (XACML). The XACML model employs elements such as:
- rule- and policy-combining algorithms
- attributes (subject, (resource) object, action and environment conditions), obligations, and advice.
- Policy Decision Points (PDPs)
- Policy Enforcement Points (PEPs)
- Policy Administration Points (PAPs)
- Policy Information Points (PIPs)