Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
A Method and System for Centralized ABAC Policy Administration and Local Policy Decision and Enforcement Using Access Control Lists
Patent Number: 11,062,004
An Access Control List (ACL) is a simple mechanism, dating back to the 1970s and remains in widespread use for the protection of system resources of varying types (e.g., files and directories). Resources are associated with an ACL that stores lists and groups users along with their approved rights (e.g., read, write) for controlling access to those resources.
Benefits:
- Extremely fast
- Easy to determine user access rights to a resource
Drawbacks:
- Difficult to directly update and manage
- Difficult to enforce modern-day access policies
- Difficult to determine and manage the access capabilities of users
Invention
An Access control method where user requests to perform operations on resources are granted or denied based on attributes assigned to users, attributes assigned to resources, and a set of policies that are specified in terms of those attributes.
Benefits:
- Ease in management of access policies
- Enforcement of sophisticated policies
- Ease in determining the access capabilities of users
Drawbacks:
- Less efficient than ACLs in computing access decisions and enforcing policy
- Challenging and costly to integrate into existing systems
Features
Benefits of ACLs and ABAC without their drawbacks.
When a user enters on duty or when a user's job function, authority, affiliation, or any other characteristic changes, an administrator simply assigns/reassigns the user to appropriate attributes, and corresponding ACLs are automatically created and/or updated.