The National Institute of Standards and Technology, NIST, has published a bulletin and guide to ABAC that may be of interest to administrators (see below for links to the bulletin and guide).
A news artice from
BankInfoSecurity (
http://www.bankinfosecurity.com/nist...control-a-6612) states:
Quote:
Attribute-based access control, or ABAC, is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, such as a user or employee; an object, such as specific computerized resource; and requested operations.
The flexibility of the ABAC model allows the greatest breadth of subjects to access the greatest breadth of objects without specifying individual relationships between each subject and each object, according to the NIST guidance.
"Access decisions can change between requests by simply changing attribute values, without the need to change the subject/object relationships defining underlying rule sets," says NIST Computer Scientist Vincent Hu, who co-wrote the guidance. "This provides a more dynamic access control management capability and limits long-term maintenance requirements of object protections."
|
The NIST Bulletin may be found at
http://csrc.nist.gov/publications/ni...bul2014_03.pdf and the 46-page guide may be found at
http://nvlpubs.nist.gov/nistpubs/spe...sp.800-162.pdf.
Interesting reading.
Hope this helps some.