IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [abac]

Attribute-based Access Control (ABAC) is an access control model which uses attributes and policies to express access control logic. It extends the capabilities of RBAC (role-based access control).

Attribute-based Access Control (ABAC) is an access control model which uses attributes and policies to express access control logic. It extends the capabilities of (role-based access control).

ABAC can be broken down into:

  • Externalized authorization: decoupled from the business logic
  • Centralized authorization: Authorization logic moved into a single point of management
  • Policy-driven authorization: Authorization logic expressed as configurable policies rather than code
  • Attribute-based access control: Policies use attributes as their building blocks

Much like RBAC was standardized by NIST in 1992, ABAC is also being standardized by NIST. The project page can be found here.

The main implementation of ABAC today is XACML, the eXtensible Access Control Markup Language. XACML is defined by OASIS.

13 questions
13
votes
1 answer

Separating "function" from "scope" in RBAC

I'm trying to formulate an RBAC permission model which allows separation between permissions and the scopes on which those permissions are applied. I have been unable to find a standard model which describes this. Here's an example: A Permission…
metacubed
  • 231
  • 1
  • 5
11
votes
1 answer

Looking for approach to implement attribute based access control (ABAC)

We are looking to implement Attribute-Based Access Control. While we are sold on the philosophy, there are two topics that seem to crop up: Will it lead to significant performance issues? Especially if we seek fine-grained access. I guess I am…
raghu
  • 283
  • 1
  • 2
  • 7
4
votes
2 answers

How to design an Access Control system that is quick to implement and understand, yet maintainable and flexible enough?

We're currently redesigning our access control system for our SaaS startup (over the past two years it has grown alongside the business and decided to clean it up at this point). The access control system should serve customers with 500 - 10,000…
Sarah
  • 41
  • 1
3
votes
1 answer

Are there any simpler ABAC implementations available for big data systems?

Can any one suggest simpler Attribute Based Access Control implementations available for big data systems like Hadoop, Hive etc? I have checked Apache ranger they dont have any support for ABAC yet . Apache Sentry does not do ABAC it just has…
sashank
  • 511
  • 5
  • 17
3
votes
3 answers

RBAC: how to separately scope two resources that have a many-to-many relationship

I'm working on an application that needs access control. Basically, the problem I'm facing is this (heavily simplified): The application has two main sections: Files = File[] Contacts = Contact[] A File resource can have many contacts assigned to…
idix
  • 133
  • 2
3
votes
0 answers

How can an organization manage permissions in a centralized way?

Almost all applications mantain the permissions with the application and have no way of having at least the roles outside the application. Is the only way to have centralized authentication but mantain the authorization inside the application or…
Forced Port
  • 251
  • 1
  • 9
3
votes
1 answer

Access based on type of information requested and access grant

The simple solution to access restriction when number of users are small is Access Control Matrix. Here the rows are the users and columns are different types of asset. In my case, I have a document which I need to serve which have different…
prakharjain
  • 447
  • 1
  • 3
  • 11
2
votes
0 answers

Web app access control system design

I am having trouble finding a scalable way to create a access control system which both follows best practices and can scale well. I have looked at various approaches like RBAC and ABAC. For the uses cases I am concerned with, RBAC does not seem to…
Goblinlord
  • 161
  • 5
2
votes
1 answer

Difference between ABAC and CBAC

I am currently researching about access control models. While reading I found especially two different access control models, which I couldn't differ. One is Attribute Based Access Control (ABAC) and the other is Context Based Access Control (CBAC).…
wake-0
  • 229
  • 2
  • 9
2
votes
1 answer

ABAC policy formulation and RBAC question

I am asked to answer a question that says: One online book-store wants to grand access to clients regarding their subscription. There are 3 types of subscriptions A , B and C. Customers get access in the subscription type they chose. Also if a book…
Jamesgr
  • 23
  • 2
1
vote
1 answer

Attribute-based access control standard definition

While reading a number of definitions of attribute-based access control (ABAC), I found that there are two different definitions: Access control decisions are made using the attributes of users, objects and the environment. Access control…
synthesis
  • 155
  • 1
  • 1
  • 15
1
vote
1 answer

Authorization based on OASIS ABAC/RBAC/XACML approach

Is anybody aware of any open source .NET authorization solution based on OASIS ABAC/RBAC/XACML approach? I have found some visible amount of Java based solutions but it seems .NET is completely out of it (lack of interest, not in trend?). What does…
AC.
  • 113
  • 5
1
vote
0 answers

ABAC Policy Formal Presentation

I am asked to answer a question but i can't find such info in the internet so i created this post. The problem is: An on-line paper company decide to give access to their customers depend on their subscription. So the customer read the news…
CodeL
  • 11
  • 2