ABAC – Attribute Based Access Control
is a type of access control model that uses attributes to determine whether a user should be granted access to a resource.
- Evaluates the attributes of the user or entity requesting access.
- Evaluates the object and the resources to be accessed.
- Evaluates the environment and the context of the request.
- Evaluates the policy and the rules defining the access conditions.
- Can use the XACML language, or ALFA
- Reference Architecture Points: PEP, PDP, PIP and PAP.
- PEP: intercepts the requests and enforces access decisions.
- PDP: Evaluates the policies and takes access decisions.
- PIP: Retrieves the values of the attributes.
- PAP: Manages the policies.
- Pros: Flexibility and handling complex scenarios without touching the code.
- Pros: Separation of concerns, facilitation of governance, scalability
- Cons: Performance, since several evaluations are necessary.
- Cons: A demanding and rigorous governance around the attributes and their meanings