2

I am currently researching about access control models. While reading I found especially two different access control models, which I couldn't differ.

One is Attribute Based Access Control (ABAC) and the other is Context Based Access Control (CBAC). Does anyone know what the differences between both of them are?

wake-0
  • 229
  • 2
  • 9
  • 2
    Your confusion might come from the fact that these two concepts don't have much to do with each other. ABAC is a paradigm for implementing access rights in software applications while CBAC is for firewall filter rules on the network layer. – Philipp Oct 01 '17 at 13:48
  • As far as I know CBAC does the decisions based on application layer protocol information or also content. - The same information could be used for ABAC. Am I wrong? – wake-0 Oct 01 '17 at 14:06

1 Answers1

3

ABAC is a generic term and access control model much like RBAC is. Both are defined and formalized by NIST. In their latest publication, NIST consider ABAC as the next evolution in access control.

CBAC on the other is not a model. It's vendor-specific, in this case Cisco. You can see CBAC as a specialization of ABAC.

I've written most of the ABAC Wikipedia page so I'll naturally recommend you check it out. There are implementations of ABAC out there (e.g. Axiomatics which is where I work) which you can use to define fine-grained access control on APIs, databases, and more.

Lastly, there is a standard that implements ABAC: XACML or extensible access control markup language

David Brossard
  • 1,360
  • 7
  • 16