Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Access Control System and Process for Managing and Enforcing an Attribute Based Access Control Policy

Patent Number: 10,719,617


An access control system for managing and enforcing an attribute based access control (ABAC) policy includes: a minimum ABAC implementation that produces a representation access control list in an ABAC policy system; and a local host system that produces a resource repository access control list in the local host system such that the resource repository access control list is based on the representation access control list.

Patent Description

This is a method that centrally manages Attribute-Based Access Control (ABAC) policies and locally computes and enforces decisions over those policies on objects that are locally protected using Access Control Lists (ACLs). The method is as follows:

  1. Centrally express an ABAC policy that conforms to the access control rules of the enterprise using a standalone ABAC system.
  2. Introduce representations of local objects needing protection into the ABAC expression as object attributes.
  3. Maintain a correspondence between the ABAC representations and the actual objects in local systems.
  4. Formulate ACLs for representations in accordance with the ABAC policy using policy analytics (i.e., who can access the representation and how).
  5. Create ACLs on local objects using the ACLs of their corresponding representations.
  6. As the ABAC policy configuration changes, update the ACLs on affected representations and automatically update corresponding ACLs on local objects.
Description of how the technology works for patent 10,719,617


  • Policy support that goes beyond what is feasible through direct management of ACLs
  • Simpler authorization management than direct management of ACLs
  • Better performance then ABAC in granting or denying user access requests
  • Policy analytics beyond what is possible through ACLs
  • Enforces ABAC policies in local systems with minimal changes to those systems
Created August 27, 2020, Updated April 18, 2024