Collaborate Disseminate
NB> This is not technical question but rather attempt to grasp the model and its natural restrictions.
I am thinking of Step-up authorization and Separation of Duty scenarios where either the same person who originated the operation sho… Continue reading Step-up authentication with NGAC/Policy Machine architecture
Given we use ABAC in portions of our security systems like the WAF to partially restrict traffic based on attributes like IP address/User Agent String. While they can be faked internally tagging can be restricted on cloud providers like AW… Continue reading Why has the adoption of ABAC been so slow?
I am trying to implement an efficient access control hierarchy/inheritance, where one can grant access to resources on a container level. However, it seems it is very easy to get privilege escalation bugs with something like that (I read a… Continue reading How to avoid privilege escalation with resource hierarchy access control?
While reading a number of definitions of attribute-based access control (ABAC), I found that there are two different definitions:
Access control decisions are made using the attributes of users,
objects and the environment…. Continue reading Attribute-based access control standard definition
I’m working on an application that needs access control. Basically, the problem I’m facing is this (heavily simplified):
The application has two main sections:
Files = File[]
Contacts = Contact[]
A File resource can hav… Continue reading RBAC: how to separately scope two resources that have a many-to-many relationship
Almost all applications mantain the permissions with the application and have no way of having at least the roles outside the application.
Is the only way to have centralized authentication but mantain the authorization insi… Continue reading How can an organization manage permissions in a centralized way?
I’m trying to formulate an RBAC permission model which allows separation between permissions and the scopes on which those permissions are applied. I have been unable to find a standard model which describes this.
Here’s an … Continue reading Separating "function" from "scope" in RBAC
The simple solution to access restriction when number of users are small is Access Control Matrix. Here the rows are the users and columns are different types of asset.
In my case, I have a document which I need to serve whi… Continue reading Access based on type of information requested and access grant
I am currently researching IAM solutions for my enterprise. I have researched Micro Focus, and SailPoint so far. I am looking for a system that most likely provides RBAC (Role Based Access Control) for internal applications… Continue reading What are good enterprise IAM (Identity and Access Management) solutions for a company that has multiple internal web applications? [on hold]
I am currently researching about access control models. While reading I found especially two different access control models, which I couldn’t differ.
One is Attribute Based Access Control (ABAC) and the other is Context Bas… Continue reading Difference between ABAC and CBAC