I've been working on implementing ABAC for an enterprise environment, and realised it's actually really hard.
- ABAC is limited if the application doesn't support it. You basically have to fall back to RBAC (using groups) if it doesn't.
- ABAC within common business applications just doesn't exist.
I'm keen to hear from people who have had experiences implementing it.
To support other wary travellers in future, I've also created a new github directory, ala awesome-sysamdin, with software that either natively supports ABAC, is a "plugin" for another software to enable it, or is a software library for implementing ABAC in your own apps.
- ABAC is limited if the application doesn't support it. You basically have to fall back to RBAC (using groups) if it doesn't.
- ABAC within common business applications just doesn't exist.
I'm keen to hear from people who have had experiences implementing it.
To support other wary travellers in future, I've also created a new github directory, ala awesome-sysamdin, with software that either natively supports ABAC, is a "plugin" for another software to enable it, or is a software library for implementing ABAC in your own apps.
Reference:
https://en.wikipedia.org/wiki/Attribute-based_access_control
https://csrc.nist.gov/pubs/sp/800/162/upd2/final
TY!