What is attribute based access control (ABAC) and what is its main difference with the rest of access controls?
Attribute based access control (ABAC) is an emerging access control model that integrates various attributes about the subject and evaluates those attributes against a security policy to make an access control decision. For this reason, it is sometimes referred to as policy-based or next-generation access control model. Before granting access to subjects, ABAC checks each of those attributes defined in the security policy. And it provides more flexibility and features than other access control models. To achieve these requirements, it defines complex security policies to allow or deny access rather than depending on binary values of allow or deny decisions. As opposed to other access control, it facilitates to establish dynamic, stringent security and privacy requirements. However, it becomes complex to design, manage and provision resources. Besides, it involves
Organizational assets that implements ABAC employs a set of security policy attributes to make access control decisions. The crucial characteristics of the ABAC model is its implementation of security rules that can include multiple attributes. Furthermore, access is processed based on specific attributes such as location, time zone, working hours, access rights and devices associated with subjects and the objects to be accessed. This will help to make granular and policy based access control decisions.