Attribute Based Access Control


Attribute Based Access Control (ABAC) is an Access Control Model when the values of values of Attributes for a Digital Subject determine Permission.

Despite ABAC’s advantages and federal guidance that comprehensively defines ABAC and the considerations for enterprise deployment (NIST Special Publication NIST.SP.800-162), adoption has been slow. In response, the National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), developed an example of an advanced access control system. (NIST Special Publication] NIST.SP.1800-3)

Attribute Based Access Control Examples#

Examples of Access Control Models that is consistent with ABAC is the EXtensible Access Control Markup Language (XACML). The XACML model employs elements such as:
  • rules
  • policies
  • rule- and policy-combining algorithms
  • attributes (subject, (resource) object, action and environment conditions), obligations, and advice.
EXtensible Access Control Markup Language reference architecture includes functions such as: Another example is the Next Generation Access Control (ANSI 499, NGAC).


The silly discussion of RBAC vs ABAC.

More Information#

There might be more information for this subject on one of the following: