ABAC – Attribute Based Access Control

Spread the love

ABAC – Attribute Based Access Control

is a type of access control model that uses attributes to determine whether a user should be granted access to a resource.

  • Evaluates the attributes of the user or entity requesting access.
  • Evaluates the object and the resources to be accessed.
  • Evaluates the environment and the context of the request.
  • Evaluates the policy and the rules defining the access conditions.
  • Can use the XACML language, or ALFA
  • Reference Architecture Points: PEP, PDP, PIP and PAP.
  • PEP: intercepts the requests and enforces access decisions.
  • PDP: Evaluates the policies and takes access decisions.
  • PIP: Retrieves the values of the attributes.
  • PAP: Manages the policies.
  • Pros: Flexibility and handling complex scenarios without touching the code.
  • Pros: Separation of concerns, facilitation of governance, scalability
  • Cons: Performance, since several evaluations are necessary.
  • Cons: A demanding and rigorous governance around the attributes and their meanings

Leave a Reply

Your email address will not be published. Required fields are marked *