Revision as of 17:23, 11 November 2024 edit Quondum (talk \| contribs) Extended confirmed users 38,926 edits some cleanup ← Previous edit		Revision as of 06:48, 22 December 2024 edit undo Citation bot (talk \| contribs) Bots 5,866,970 edits Added date. \| Use this bot. Report bugs. \| Suggested by Dominic3203 \| Category:Computer access control \| #UCB_Category 110/120 Next edit →
Line 15: ABAC can be seen as: * Externalized authorization management<ref>{{Cite web\|url=https://www.gartner.com/doc/2358815/technology-overview-externalized-authorization-management\|title=Technology Overview for Externalized Authorization Management\|website=www.gartner.com\|access-date=2017-05-31}}</ref> * Dynamic authorization management<ref>{{Cite web\|url=https://plus.kuppingercole.com/article/mc71144/dynamic-authorization-management/\|title=Leadership Compass: Dynamic Authorization Management - 71144\|website=KuppingerCole\|date=14 July 2020 \|access-date=2020-07-14}}</ref> * Policy-based access control * Fine-grained authorization Line 53: [[XACML]], the eXtensible Access Control Markup Language, defines an architecture (shared with ALFA and NGAC), a policy language, and a request/response scheme. It does not handle attribute management (user attribute assignment, object attribute assignment, environment attribute assignment) which is left to traditional [[Identity management\|IAM]] tools, databases, and directories. Companies, including every branch in the United States military, have started using ABAC. At a basic level, ABAC protects data with 'IF/THEN/AND' rules rather than assign data to users. The US Department of Commerce has made this a mandatory practice and the adoption is spreading throughout several governmental and military agencies.<ref>{{cite web \|last1=Sanford \|first1=Jim \|title=Encryption on Steroids – Attribute Based Access Control (ABAC) \|url=https://blogs.sw.siemens.com/thought-leadership/2019/03/28/attribute-based-access-control-abac-encryption-on-steroids/ \|website=Siemens \|date=28 March 2019 \|access-date=13 October 2023}}</ref> == Applications == Line 98: === File server security === As of Windows Server 2012, Microsoft has implemented an ABAC approach to controlling access to files and folders. This is achieved through dynamic access control (DAC)<ref>{{Cite web\|url=https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/dynamic-access-control\|title = Dynamic Access Control Overview (Windows 10) - Windows security\| date=13 February 2024 }}</ref> and Security Descriptor Definition Language (SDDL). SDDL can be seen as an ABAC language as it uses metadata of the user (claims) and of the file/ folder to control access. == See also ==

Attribute-based access control: Difference between revisions