Attribute Based Access Control

The National Cybersecurity Center of Excellence (NCCoE) has drafted a building block addressing attribute based access control. You can download the draft below. The draft building block is published here so that interested members of the public can comment.

Attribute Based Access Control (PDF)

Please send your comments to abac-nccoe@nist.gov by March 28, 2014. The document will be revised accordingly and reposted here.

This building block will use commercially available technologies to demonstrate an enterprise-class attribute based access control (ABAC) implementation that enables federated identity management between multiple enterprises through the use of an attributed exchange service. These technologies enhance the granularity of access control policies by increasing the range of possible attributes available when making automated access control decisions in an enterprise. The ABAC technology solution stack demonstrated in this document is designed to be modular, allowing corporations flexibility in their implementations based on their current network infrastructures.

The solutions proposed by this effort will not be the only ones available in the fast-moving cybersecurity technology market. If you would like to propose an alternative architecture or know of products that might be applicable to this challenge, please contact us at abac-nccoe@nist.gov.