summaryrefslogtreecommitdiff
path: root/abac.mdwn
blob: d3e4562481bf49daf74b51302d3b7874baa23fc4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[//]: # ([[meta copyright="Copyright © 2007, 2008 Free Software Foundation, Inc."]])

[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
id="license" text="Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no Invariant
Sections, no Front-Cover Texts, and no Back-Cover Texts.  A copy of the license
is included in the section entitled
[[GNU Free Documentation License|/fdl]]."]]"""]]

[[!meta title="ABAC"]]

ABAC stands for authorization-based access control.
In this model, access is not granted based on the
identity of the caller but by an authorizing agent
that delegates access to a particular resource.
Such authorization is then encapsulated in
[[capabilities|capability]] allowing them to be freely [[delegated|delegation]].

Back in 2009, there [has been talk about](https://www.hpl.hp.com/techreports/2009/HPL-2009-30.html) renaming "ABAC" to "ZBAC - [AuthoriZation Based Access Control](https://objectsecurity.com/blog/2016/08/05/authorization-based-access-control-zbac-model-driven-security/)" - This article says "ZBAC" instead of ABAC to avoid confusion, supposedly with "ABAC - Attribute-Based-Access-Control"

See also [[IBAC]].

#External Links
* [[!wikipedia Computer_Access_Control]] on Wikipedia
* [[!wikipedia Access_Control_List]] on Wikipedia