Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Access Control System and Process for Managing and Enforcing an Attribute Based Access Control Policy

Patent Number: 11,062,044


An access control system for managing and enforcing an attribute based access control (ABAC) policy includes: a minimum ABAC implementation that produces a representation access control list in an ABAC policy system; and a local host system that produces a resource repository access control list in the local host system such that the resource repository access control list is based on the representation access control list.

patent description

This invention is a method that centrally manages Attribute-Based Access Control (ABAC) policies and locally computes and enforces decisions over those policies on objects that are locally protected using Access Control Lists (ACLs). The method is based on the expression of an ABAC policy that conforms to the access control rules of an enterprise and leverages the ABAC policy expression by introducing representations of locally protected objects into the ABAC system through their assignment to object attributes. The method further maintains a correspondence between the ABAC representations of the protected objects and the actual protected objects in local systems.  The method also leverages an ability to conduct policy analytics in such a way as to formulate ACLs for those representations in accordance with the ABAC policy and creates ACLs on local objects using the ACLs of their corresponding representations.  As the ABAC policy configuration changes, the method updates the ACLs on affected representations and automatically updates corresponding ACLs on local objects.  Operationally, user attempts to access objects in local systems and the ABAC policy are enforced in those systems in terms of the ABAC-managed ACLs.

image for 11,062,044


  • Policy support that goes beyond what is feasible through direct management of ACLs
  • Simpler authorization management than direct management of ACLs
  • Better performance then ABAC in granting or denying user access requests
  • Policy analytics beyond what is possible through ACLs
  • Enforces ABAC policies in local systems with minimal changes to those systems
Created August 9, 2022, Updated April 18, 2024