ABAC stands for authorization-based access control. In this model, access is not granted based on the identity of the caller but by an authorizing agent that delegates access to a particular resource. Such authorization is then encapsulated in capabilities allowing them to be freely delegated.

Back in 2009, there has been talk about renaming "ABAC" to "ZBAC - AuthoriZation Based Access Control" - This article says "ZBAC" instead of ABAC to avoid confusion, supposedly with "ABAC - Attribute-Based-Access-Control"

See also IBAC.

External Links