OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] ABAC Definition


Hi everyone,

In addition to the definitions above, Hal, I would like to add this one to the list


I have put quite some effort in spreading the word on ABAC. For instance neither the Wikipedia page nor the Stack Overflow tag existed. And when one reads authorization-related questions on Stack Overflow or even Security Stack Exchange, there is a clear lack of awareness around ABAC (and even at times RBAC).

Regarding XACML and ABAC, I think both are tightly coupled together. You could argue that ABAC Is just a concept and that many frameworks implement ABAC already in their own way e.g. 
But XACML is unique in the sense that it is truly policy-based and technology-neutral. It can be applied to any language (Java... C#... you name it). I think this agnostic aspect is what makes XACML particularly compelling.

The fact XACML is policy-based also provides some benefits over other approaches:
Just my two cents,
David.

On Mon, Jan 11, 2016 at 10:29 AM, Hal Lockhart <hal.lockhart@oracle.com> wrote:
During the call there was some discussion of the definition of ABAC. While as I pointed out during the call, our concern is XACML not ABAC per se, XACML is frequently cited as an exemplar of ABAC and further in order to have a clear understanding during our debates, we need to have at least rough agreement on what we mean by the words we use.

A quick search for "ABAC definition" produced these results, among others. ("abac" can refer to a certain type of graph.)

All of these seem to correspond to my idea of what the definition is.

http://www.itbusinessedge.com/itdownloads/security/guide-to-attribute-based-access-control-abac-definition-and-considerations.html


http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf

https://en.wikipedia.org/wiki/Attribute-based_access_control

Hal

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php




--
David Brossard
VP of Customer Relations
+46(0)760 25 85 75
+1 312 774-9163
+1 502 922 6538
Axiomatics AB

Västmannagatan 4
S-111 24 Stockholm, Sweden
Axiomatics for developers: http://developers.axiomatics.com
Connect with us on LinkedIn | Twitter | Google + | Facebook | YouTube


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]