U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Attribute Considerations for Access Control Systems

Published

Author(s)

Chung Tong Hu, David F. Ferraiolo, David Kuhn

Abstract

Attribute-based access control systems rely upon attributes to not only define access control policy rules but also enforce the access control. Attributes need to be established, issued, stored, and managed under an authority. Attributes shared across organizations should provide assurance via location, retrieval, publication, validation, update, modification, security, and revocation capabilities. Consequently, all attributes must be established, defined, and constrained by allowable values required by the appropriate digital policies; successful deployment of the schema for these attributes and allowable attribute values must be completed to help enable subject (e.g., consumers) and object (e.g., protected resource/service) owners with policy and relationship development. Once attributes and their allowable values are established, methods for provisioning attributes and appropriate attribute values to subjects and objects within a framework for storing, retrieving, updating, or revoking attributes must also be established. In addition, interfaces and mechanisms must be developed or adopted to enable sharing of these attributes. Finally, to achieve the assurance of attributes, an Attribute Evaluation Scheme, which brings confidence based on the five principal areas of interest, needs to be established:Preparation,Veracity,Security,Readiness, and Management.
Citation
Special Publication (NIST SP) - 800-205
Report Number
800-205
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.800-205
Local Download

Keywords

access control, access control mechanism, access control model, access control policy, attribute considerations, attribute, assurance, attribute-based access control (ABAC), authorization, privilege.
Identity and access management

Citation

, C. , Ferraiolo, D. and Kuhn, D. (2019), Attribute Considerations for Access Control Systems, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-205 (Accessed December 13, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created June 17, 2019, Updated March 1, 2021