Boost privacy protections with attribute-based access control
Download as PPTX, PDF
0 likes25 views
This document discusses attribute-based access control (ABAC) as an evolution beyond role-based access control (RBAC). It defines ABAC and its components, such as the policy enforcement point (PEP) and policy decision point (PDP). The document recommends using attributes like subject, action, object, and context to define access control policies and rules. It suggests industries and applications that could benefit from ABAC. Finally, it outlines some of the pros and cons of implementing ABAC, such as added complexity but also more flexible security based on attributes rather than static roles.
Boost privacy protections with attribute-based access control
- 1. 1
- 2. Boost Privacy Protections with Attribute-Based Access Control Taking the Next Step Beyond Role-Based Access Controls
- 3. Raoul Miller Director, Content Strategy & Advisory TEAM IM raoul.miller@teamim.com @ECM_Raoul 3
- 4. TEAM IM Content and unstructured data specialists since 1999 Oracle, M-Files, Microsoft, Elasticsearch, HelloSign, Frevvo, ABBYY, Smartlogic partners Operate in US, Canada, Australia and New Zealand Advisory and Strategy practice is one part of what we do. 4 息 Raoul Miller
- 5. 5 Agenda Different types of access control Which attributes to use? Who should use ABAC? How to implement ABAC Some pros and cons (息 Raoul Miller)
- 6. 6 A good programmer is someone who always looks both ways before crossing a one-way street. -- Doug Linder, Author, Lawyer, Professor
- 7. Access Control Selective Restriction of Access to a Place or Resource Authentication Who are you? Authorization What can you do? Many different models most common: ACL RBAC ABAC 7 (息 Raoul Miller) (息 Raoul Miller)
- 8. Role-Based Access Control Most common method for most enterprise systems Person -> Role -> Permissions Usually integrated with directory and groups More scalable than ACLs (may be combined) 8 (息 Raoul Miller)
- 9. AttributeBased Access Control Evolved from RBAC Policy-based rather than static Next generation compared to RBAC Boolean logic (IF,THEN) in rules 9 (息 Raoul Miller)
- 10. Components of ABAC PEP Policy Enforcement Point Equivalent toWeb Gate PDP Policy Decision Point Where requests are processed Returns a permit / deny PIP Policy Information Point Bridges from PDP to external attribute sources 10 (息 Raoul Miller)
- 11. Which Attributes to Use? Subject attributes Clearance, age, role Action attributes Read, delete, view Object / resource attributes Object type, department, location, classification Contextual (environment) attributes Time, location, IP address, device 11 (息 Raoul Miller)
- 12. Who Should Use ABAC? Defense / National Security Medical Financial Legal Anywhere that data security is key CMS ERP Database 12(息 Raoul Miller)
- 13. How to Implement ABAC Buy a COTS product Axiomatics, PlainID, NextLabs, Symphonic Use XACML to integrate into solutions Web frameworks, middleware code Enable for certain applications Windows Server 2012 Hadoop, Oracle Spring (expression-based access control) 13 (息 Raoul Miller)
- 14. Some Pros and Cons of ABAC Complexity Its a new thing and not standard Defining rules Adds data to audit trail Privacy Decision is allow/deny, data in PDP/PIP Consistency 14(息 Raoul Miller)
- 15. Key Takeaways 15 You should consider ABAC for sensitive data or content Understanding the process of defining and implementing ABAC Pros and cons There is overlap between RBAC and ABAC (息 Raoul Miller)
- 16. Questions? Raoul Miller Director, Content Strategy and Advisory TEAM IM raoul.miller@teamim.com @ECM_Raoul (Twitter)