ABAC – Attribute Based Access Control

is a type of access control model that uses attributes to determine whether a user should be granted access to a resource.

• Evaluates the attributes of the user or entity requesting access.
• Evaluates the object and the resources to be accessed.
• Evaluates the environment and the context of the request.
• Evaluates the policy and the rules defining the access conditions.
• Can use the XACML language, or ALFA
• Reference Architecture Points: PEP, PDP, PIP and PAP.
• PEP: intercepts the requests and enforces access decisions.
• PDP: Evaluates the policies and takes access decisions.
• PIP: Retrieves the values of the attributes.
• PAP: Manages the policies.
• Pros: Flexibility and handling complex scenarios without touching the code.
• Pros: Separation of concerns, facilitation of governance, scalability
• Cons: Performance, since several evaluations are necessary.
• Cons: A demanding and rigorous governance around the attributes and their meanings