Guide to Attribute Based Access Control (ABAC) Definition and Considerations [includes updates as of 02-25-2019]

This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This document also provides considerations for using ABAC to improve information sharing within organizations and between organizations while maintaining control of that information.

[1]  P. Bowen,et al.  Information Security Handbook: A Guide for Managers , 2006 .

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[4]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[5]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[6]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[7]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[8]  Karen A. Scarfone,et al.  Guidelines for Access Control System Evaluation Metrics , 2012 .

[9]  Isabel F. Cruz,et al.  A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments , 2008, CollaborateCom.

[10]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[11]  Annie W. Sokol A Report on the Privilege (Access) Management Workshop , 2010 .

[12]  Tanya Brewer,et al.  Proceedings of the Privilege Management Workshop, September 1-3, 2009 , 2010 .

[13]  Carl Eklund,et al.  National Institute for Standards and Technology , 2009, Encyclopedia of Biometrics.

[14]  David F. Ferraiolo,et al.  Assessment of Access Control Systems , 2006 .

[15]  Ray A. Perlner,et al.  Digital Identity Guidelines: Authentication and Lifecycle Management , 2017 .