A computer-implemented method included: receiving, by an access manager, a query from a source; communicating the query from the access manager to a translator; translating the query into a next generation access control (NGAC) input; communicating the NGAC input to an NGAC engine, the NGAC engine including access control data; receiving the NGAC input; determining an authorization response; communicating the authorization response to the translator; translating the authorization response into a response statement; communicating the response statement to the access manager; communicating, if the response statement comprises a permitted statement: a permitted query to a database from the access manager, the permitted query comprising a data operation; and performing the data operation on data in the database; and blocking access by the source to data in the database if the response statement comprises a deny statement.
The Policy Machine is an access control framework that served as the basis for the development of an American National Standards Institute (ANSI)/ the International Committee for Information Technology Standards (INCITS – the central U.S. forum dedicated to creating technology standards for the next generation of innovation) standards call the Next Generation Access Control (NGAC).
NGAC consists of:
NGAC is a flexible access control framework in that it can be molded in support of combinations of diverse access control policies. NGAC can often provide much of the same data service functionality that is provided by existing application products and system utilities, such as file management, workflow, and internal messaging and with similar performance.
An advantage of NGAC is that access control policies are comprehensively enforced over its data services, while the non-NGAC data service counterpart are not.