Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Method and System for Centralized ABAC Policy Administration and Local Policy Decision and Enforcement Using Access Control Lists

Patent Number: 11,062,004

Depiction of centralized ABAC policy managed and local enforced of the ABAC policy in local systems using native ACL mechanism

An Access Control List (ACL) is a simple mechanism, dating back to the 1970s and remains in widespread use for the protection of system resources of varying types (e.g., files and directories). Resources are associated with an ACL that stores lists and groups users along with their approved rights (e.g., read, write) for controlling access to those resources.

Benefits:

  • Extremely fast
  • Easy to determine user access rights to a resource

Drawbacks:

  • Difficult to directly update and manage
  • Difficult to enforce modern-day access policies
  • Difficult to determine and manage the access capabilities of users

Invention

An Access control method where user requests to perform operations on resources are granted or denied based on attributes assigned to users, attributes assigned to resources, and a set of policies that are specified in terms of those attributes.

Benefits:

  • Ease in management of access policies
  • Enforcement of sophisticated policies
  • Ease in determining the access capabilities of users

Drawbacks:

  • Less efficient than ACLs in computing access decisions and enforcing policy
  • Challenging and costly to integrate into existing systems

Features

Benefits of ACLs and ABAC without their drawbacks.

When a user enters on duty or when a user's job function, authority, affiliation, or any other characteristic changes, an administrator simply assigns/reassigns the user to appropriate attributes, and corresponding ACLs are automatically created and/or updated.

Created June 18, 2025
Was this page helpful?