Overview#

Attribute Based Access Control (ABAC) is an Access Control Model when the values of values of Attributes for a Digital Subject determine Permission.

Despite ABAC’s advantages and federal guidance that comprehensively defines ABAC and the considerations for enterprise deployment (NIST Special Publication NIST.SP.800-162), adoption has been slow. In response, the National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), developed an example of an advanced access control system. (NIST Special Publication] NIST.SP.1800-3)

Attribute Based Access Control Examples#

Examples of Access Control Models that is consistent with ABAC is the EXtensible Access Control Markup Language (XACML). The XACML model employs elements such as:

• rules
• policies
• rule- and policy-combining algorithms
• attributes (subject, (resource) object, action and environment conditions), obligations, and advice.

EXtensible Access Control Markup Language reference architecture includes functions such as:

• Policy Decision Points (PDPs)
• Policy Enforcement Points (PEPs)
• Policy Administration Points (PAPs)
• Policy Information Points (PIPs)

Another example is the Next Generation Access Control (ANSI 499, NGAC).

RBAC vs ABAC#

The silly discussion of RBAC vs ABAC.

More Information#

There might be more information for this subject on one of the following:

• ABAC
• Access Control Models
• Adaptive Policy-based Access Management
• Application Attributes
• Data Metadata
• Data State
• Entitlement Management System
• Geolocation Attributes
• NIST.SP.1800-3
• NIST.SP.800-162
• Network Attributes
• Next Generation Access Control
• Organizational Attributes
• RBAC vs ABAC
• Resource Action
• Sovrin
• Vectors of Trust
• XACML