Content deleted Content added
mNo edit summary |
Zolakrystie (talk | contribs) m expand information on ABAC |
||
Line 3:
ABAC policy rules are generated as Boolean functions of the subject's attributes, the object's attributes, and the environment attributes.<ref>{{Cite web |title=Guide to Secure Web Services: Recommendations of the National Institute of Standards and Technology |url=https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-95.pdf}}</ref>
Unlike [[RBAC|role-based access control (RBAC)]], which defines roles that carry a specific set of privileges associated with them and to which subjects are assigned, ABAC can express complex rule sets that can evaluate many different attributes. Through defining consistent subject and object attributes into security policies, ABAC eliminates the need for explicit authorizations to individuals’ subjects needed in a non-ABAC access method, reducing the complexity of managing access lists and groups.
Attribute values can be set-valued or atomic-valued. Set-valued attributes contain more than one atomic value. Examples are ''role'' and ''project''. Atomic-valued attributes contain only one atomic value. Examples are ''clearance'' and ''sensitivity''. Attributes can be compared to static values or to one another, thus enabling relation-based access control.
| |||