-
-
Save CamiloGarciaLaRotta/ee851cf3d26690818c25c83382dd95fc to your computer and use it in GitHub Desktop.
ABAC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Attribute Based Access Control | |
Access Control paradigm in which access rights are granted through policies which combine attributes together. | |
Subject attributes: describe the user attempting the action. age, department, position | |
Action attributes: describe the action being attempted. read, write, delete | |
Object attributes: describe the object/resource targeted. type, directory | |
Environment attributes: describe dynamic aspects of the scenario. time, location | |
Architecture: | |
- Policy Enforcement Point (PEP): protects the app/data you want to apply ABAC to. | |
It inspects the request and generates an authorization request which is sent to the PDP. | |
- Policy Decision Point (PDP): evaluates requests against policies. | |
Generates a permit/deny decision. Leverages PIP to retrieve missing metadata. | |
- Policy Information Point (PIP): bridges PDP to external sources of attributes. eg LDAP/DB |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment