Content deleted Content added
Restored revision 1291871632 by OAbot (talk): Remove content marketing, claims could and should be academically sourced. Tags: Twinkle Undo Mobile edit Mobile web edit Advanced mobile edit |
|||
Line 61:
=== API and microservices security ===
ABAC can be used to apply attribute-based, fine-grained authorization to the API methods or functions. For instance, a banking API may expose an {{Code|approveTransaction(transId)}} method. ABAC can be used to secure the call. With ABAC, a policy author can write the following:
* '''Policy''': managers can approve transactions up to their approval limit
* '''Attributes used''': role, action
The flow would be as follows:
# The user, Alice, calls the API method {{Code|approveTransaction(123)}}
# The API receives the call and authenticates the user.
# An interceptor in the API calls out to the authorization engine (typically called a Policy Decision Point or PDP) and asks: ''Can Alice approve transaction 123?''
Line 75:
=== Application security ===
One of the key benefits to ABAC is that the authorization policies and attributes can be defined in a technology neutral way. This means policies defined for APIs or databases can be reused in the application space. Common applications that can benefit from ABAC are:
# Content
# Enterprise resource planning (ERP) systems
# Home-grown
# Web
The same process and flow as the one described in the API section applies here too.
| |||