Implementing and Managing Policy Rules in Attribute Based Access Control

Attribute Based Access Control (ABAC) is a popularapproach to enterprise-wide access control that provides flexibility suitable for today´s dynamic distributed systems. ABAC controls access to objects by evaluating policy rules against the attributes of entities (subject and object),operations, and the environment relevant to a request, but great care must be taken in setting up and maintaining the access control rules that allow such flexible operations. This article summarizes important considerations in ABAC deployment first introduced in the Guide to Attribute Based Access Control [1].