Hi everyone, In addition to the definitions above, Hal, I would like to add this one to the list
http://stackoverflow.com/tags/abac/info http://security.stackexchange.com/tags/abac/info I have put quite some effort in spreading the word on ABAC. For instance neither the Wikipedia page nor the Stack Overflow tag existed. And when one reads authorization-related questions on Stack Overflow or even Security Stack Exchange, there is a clear lack of awareness around ABAC (and even at times RBAC). Regarding XACML and ABAC, I think both are tightly coupled together. You could argue that ABAC Is just a concept and that many frameworks implement ABAC already in their own way e.g. Ruby CanCanCan (the authorization Gem for Ruby on Rails) Laravel for PHP Apache Shiro But XACML is unique in the sense that it is truly policy-based and technology-neutral. It can be applied to any language (Java... C#... you name it). I think this agnostic aspect is what makes XACML particularly compelling. The fact XACML is policy-based also provides some benefits over other approaches: easier to visualize and audit - this is after all the end goal (satisfy the auditor) easier to manage Just my two cents, David. On Mon, Jan 11, 2016 at 10:29 AM, Hal Lockhart <
hal.lockhart@oracle.com > wrote: During the call there was some discussion of the definition of ABAC. While as I pointed out during the call, our concern is XACML not ABAC per se, XACML is frequently cited as an exemplar of ABAC and further in order to have a clear understanding during our debates, we need to have at least rough agreement on what we mean by the words we use. A quick search for "ABAC definition" produced these results, among others. ("abac" can refer to a certain type of graph.) All of these seem to correspond to my idea of what the definition is.
http://www.itbusinessedge.com/itdownloads/security/guide-to-attribute-based-access-control-abac-definition-and-considerations.html http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf https://en.wikipedia.org/wiki/Attribute-based_access_control Hal --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php -- David Brossard VP of Customer Relations +46(0)760 25 85 75 +1 312 774-9163 +1 502 922 6538 Axiomatics AB Västmannagatan 4 S-111 24 Stockholm, Sweden Support:
https://support.axiomatics.com Web:
http://www.axiomatics.com Axiomatics for developers:
http://developers.axiomatics.com Connect with us on LinkedIn Twitter Google + Facebook YouTube