Content deleted Content added
Updated the short description to match the contents more correctly |
→Implementations: Added the 3 main implementations |
||
Line 47:
==Implementations==
There are three main implementations of ABAC:
One standard that implements attribute- and policy-based access control is [[XACML]], the eXtensible Access Control Markup Language. XACML defines an architecture, a policy language, and a request/response scheme. It does not handle attribute management (user attribute assignment, object attribute assignment, environment attribute assignment) which is left to traditional [[Identity management|IAM]] tools, databases, and directories.▼
* [https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#CURRENT OASIS XACML]
* [[Abbreviated Language for Authorization|Abbreviated Language for Authorization (ALFA)]].
* [[National Institute of Standards and Technology|NIST]]'s [https://www.nist.gov/identity-access-management/policy-machine-and-next-generation-access-control Next-generation Access Control] (NGAC)
▲
Companies, including every branch in the United States military, have started using ABAC. At a basic level, ABAC protects data with ‘IF/THEN/AND’ rules rather than assign data to users. The US Department of Commerce has made this a mandatory practice and the adoption is spreading throughout several governmental and military agencies.<ref>{{Cite web|url=https://community.plm.automation.siemens.com/t5/Digital-Transformations/Attribute-Based-Access-Control-ABAC-Encryption-on-Steroids/ba-p/580836|title=Attribute Based Access Control (ABAC) – Encryption on Steroids|last=Coffey|first=Alisa|date=2019-03-28|website=Siemens PLM Community|language=en|access-date=2019-04-01}}</ref>
| |||