[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] US NIST 1800-3 ABAC
Hi John, On 3/10/2015 6:21 AM, John Tolbert wrote:
Hello, NIST is releasing a practice guide for ABAC. It features XACML prominently. The call for comments is open until Dec. 4, 2015. Perhaps we should discuss on our next call and determine if we have any collective comments for them. https://nccoe.nist.gov/projects/building_blocks/attribute_based_access_control
I notice that SP 1800-3b treats ABAC and externalized authorization as synonymous (see 3.2 and 5.4.5). XACML is about both, but it isn't necessarily so in general. One can implement ABAC without externalized authorization and one can implement externalized authorization without using ABAC. Some of the claimed benefits of ABAC over RBAC are actually benefits of externalized authorization over internal, per-application authorization. Regards, Steven
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]