Attribute Based Access Control Flashcards
How are access decisions made in ABAC?
Access decisions are based on the attributes or characteristics of:
- Requesting subject: name, certificates/tokens, age, etc.
- The requested resource: sensitivity, path, size, etc.
- Environmental conditions: location, network, IP-address, access time, etc.
What are the advantages with ABAC?
ABAC models are very easily tuned and offers a great deal of precision when focusing on different attributes. This is especially useful as precise policies are required for controlled information flow.
An example could be when assigning users access to a project they are working on. In this case, we only need to ensure that the relevant users will have access to the project with the given attribute, e.g., project code/ID. In such scenarios, ABAC is much more convenient than RBAC.
What is the main downside with ABAC?
The number of options makes ABAC models complicated to work with and difficult to implement effectively. As a result, most organizations stick to RBAC models.
