Home

ABAC

Attribute-Based Access Control (ABAC) is an access control paradigm in which access decisions are made by evaluating attributes of the requester, the resource, and the context against policy rules. Attributes are properties that describe subjects (users or processes), objects (data or resources), and the environment (time, location, device, risk level).

Access requests are processed by a policy decision point (PDP) that evaluates policies typically articulated in

ABAC allows fine-grained, context-aware access control and scales to large, dynamic environments, reducing the need to

Challenges include managing large sets of attributes, ensuring attribute provenance and revocation, privacy concerns, performance overhead,

Common use cases include cloud services, collaborative data sharing, healthcare records, and enterprise document management, where

a
formal
language
or
policy
framework.
A
policy
administration
point
(PAP)
manages
policy
definitions,
and
a
policy
enforcement
point
(PEP)
enforces
the
PDP's
decisions
at
the
resource.
Attribute
values
may
be
retrieved
from
attribute
authorities
or
identity
stores
(PIP).
enumerate
roles.
It
supports
dynamic
attributes
such
as
time,
location,
and
device
posture.
Standards
include
XACML,
and
guidelines
from
NIST
SP
800-162.
and
policy
complexity.
A
well-governed
ABAC
program
requires
robust
attribute
sources,
policy
design,
and
auditing.
access
decisions
depend
on
user
identity,
purpose,
clearance,
data
sensitivity,
and
contextual
factors.