Attribute-based access control

Under attribute-based access control ( English attribute-based access control , ABAC ) refers to a design pattern in the information technology .

In the attribute-based access control, access is to a resource based on attributes of the user or of the client , the resource, the state of the system environment ( English environment state ), and applied to these attributes security rules ( English policies controlled).

The attribute-based access control is used in particular with OAuth and OpenID .

Procedure

First the identity of the client is authenticated using an authentication server . The corresponding attributes are then provided to the client by an attribute authority and certified by means of a digital signature .

If the client wants to access a resource, a checked Policy Decision Point (about: German security policy decision point ) the signature of the attributes provided by the client. If these are valid, the policy decision point decides on the basis of the security rules applied to the attributes whether access to the resource is permitted and grants or denies access to the resource on the basis of this decision.

swell

↑ ^a ^b ^c Cloud Patterns. In: Cloud Patterns. Arcitura Education Inc. , accessed May 7, 2017 .

[cp-1] Cloud Patterns. In: Cloud Patterns. Arcitura Education Inc. , accessed May 7, 2017 .