Questions tagged [abac]

Attribute Based Access Control (ABAC) is an access control method based on attributes (key-value pairs) that are used inside policies and rules to express access control logic.

Attribute Based Access Control (ABAC) is an access control method where subject requests to perform operations on objects are granted or denied based on assigned attributes of the subject, assigned attributes of the object, environment conditions, and a set of policies that are specified in terms of those attributes and conditions.

Source: Guide to Attribute Based Access Control (ABAC) Definition and Considerations

In short, ABAC is an evolution of the role-based access control model (rbac). Where RBAC focuses on the user, its role(s), permissions, and optionally group(s) to define authorization logic, ABAC uses attributes and policies to define access control logic.

Attributes are key-values pairs e.g. role==manager or citizenship==Swedish. Attributes can describe:

the user
the resource or object being accessed / requested
the action being attempted (view, delete, approve...)
contextual data such as the time of the day, the user's IP, the authentication method...

xacml is an example of a standard which implements ABAC. alfa is a pseudo-code that can be used to design and implement ABAC policies.

286 questions

votes

2 answers

WSO2 Identity Server – How to write a XACML Policy for an Extended PIP

A PIP extension code using a "RedAttributeFinder" class is working now. It correctly register its claims into the WSO2 PDP extension console display. I start to create a XACML policy now, addressing the field that returns the dynamic data value…

authorization access-control xacml abac wso2-identity-server

asked Sep 24 '15 at 21:16

Claude Falbriard

votes

1 answer

WSO2 Identity - XACML PIP extension throws org.apache.axis2.AxisFault: Exception occurred

When adding a Java PIP extension by a Java program, packed as a .jar file and using the entitlement.properties configuration line: PIP.AttributeDesignators.Designator.2=com.ibm.carbon.pip.RedAttributeFinder an after the server restart, the server…

authorization access-control xacml abac wso2-identity-server

asked Sep 18 '15 at 18:23

Claude Falbriard

votes

2 answers

WSO2 Identity / How to Register XACML PIP Java Extension and its Claims

Scanning through the WSO2 documentation and several blogs, I found three different type of registry mechanisms to add new claims to a Java PIP module: By use of setup file calledentitlement.properties and by adding of Java static properties for…

xacml abac wso2-identity-server

asked Sep 15 '15 at 15:36

Claude Falbriard

votes

1 answer

Not Applicable XACML policy semantic error

I'm currently trying to write a simple policy using XACML. Unfortunately, My XACML engine doesn't seem to be finding the policy applicable for my request. What I've done is the following : Policy :

authorization access-control xacml xacml3 abac

asked Sep 15 '15 at 13:14

Neil

votes

1 answer

Authorization Model: Context of Role?

I am currently attempting to design an Authorization Model that has the following components: Privileges - an action that can either be granted or denied to a user/group Roles - a collection of privileges; roles can be associated with a user or…

security authorization claims-based-identity abac role-based-access-control

asked Jun 08 '15 at 18:48

Mackers

1,039
8
21

votes

2 answers

Is WSO2 Identity Server working with JSON XACML request/response?

I´m new in the world of WSO2 Identity Server. Does anyone know if Identity Server is able to send and receive XACML requests and responses using the new JSON defined in the Oasis XACML Definition? I cannot find any reference or tutorial talking…

json wso2 xacml abac wso2-identity-server

asked May 26 '15 at 10:28

Alvaro Lazaro

votes

1 answer

Controlling one user's access to another user's resources based on RBAC

I have a scenario where a user with a specific role is allowed to call an EJB method based on his own id . On the EJB bean i have @RolesAllowed annotation with the specific role for the user. For the role based checks the method invocation works…

ejb authorization access-control rbac abac

asked Jan 06 '15 at 19:22

jay

votes

1 answer

In which layer to implement RBAC in a web application?

I have an enterprise application comprising of EJBs and have some REST apis as well . Also i have some other services which consume my beans e:g ui services . My EJBs are annotated with role based annotations i:e RolesAllowed , DeclareRoles . I have…

authorization access-control rbac abac

asked Dec 18 '14 at 02:24

jay

votes

2 answers

WSO2 Identity server GUI creating different attribute id for policy and request

I have created XACML plocies with Wso2 GUI. I used Basic Policy Editor for the same. I gave following parameters For policy (in first tab I only gave Resource Name, kept other fields blank): Resource Names : https://www.xyz.com/blabla/ (in second…

wso2 rbac xacml alfa abac

asked Nov 28 '14 at 07:25

Budhh

votes

1 answer

XACML Policy Enforcement Point (PEP) Best Practices

I have the following scenario: in a business workflow many decisions regarding different arguments must be taken. eg: first check user roles, then do some business logic, then check business permission, ecc... my question is: assuming that on the…

authorization access-control xacml abac

asked Oct 22 '14 at 14:35

Spyna

votes

1 answer

XACML policy based on subject yields NotApplicable

Hi I have created policy using Wso2 identity server. This policy is based on the subject i.e. the email utsav@domain.com. While evaluating its giving result as not applicable. Please help me on the same.... Policy Format

wso2 xacml abac xacml3 wso2-identity-server

asked Jan 23 '14 at 12:33

Utsav

1,593
4
22
46

votes

1 answer

RBAC system with two parameters

I’m looking for an example or best practices for a RBAC system with two parameters. Rather than simply having a user associated with a role, and that role associated with a group of permissions; a user can be associated with a role “for a specific…

access-control rbac abac role-based-access-control

asked Jan 14 '14 at 10:17

jcropp

1,236
2
10
29

votes

1 answer

Fine grained access control with XACML 3.0 for an XML document

I want to express a fine-grained access control use case with XACML 3.0 for an XML document but I don't know whether I can use a full XPath expression like for $a in fn:distinct-values(sales/clientid)return (fn:sum(sales[clientid = $a]/value) This…

xpath authorization access-control xacml abac

asked Oct 16 '13 at 15:50

Mars

votes

1 answer

Bitwise AND function in XACML

Using XACML evaluation engine is there a bitwise AND function that would evaluate 2 values? If not is there a where to provide a custom function to the evaluation engine? If so can you provide some pointers on how to to that?

authorization access-control xacml abac

asked Jul 11 '13 at 17:42

user2573713

-1

votes

1 answer

Kubernetes ABAC Policies for Groups and Users?

Currently, I have an ABAC policy that gives "system:autheticated" all access. K8s starts up fine when I have this defined, but if I remove it, K8s doesn't start up. I'm trying to find out what namespaces, service accounts, groups, users, etcs are…

kubernetes usergroups abac policies

asked Feb 21 '19 at 23:33

hyperstack

Prev 1 2 3

…

20 Next