HelpNetSecurity Feature: The 10 Misconceptions of Using a Policy-based Approach for Access Control
Axiomatics CEO Niklas Jakobsson featured in HelpNetSecurity
The principle of Attribute Based Access Control (ABAC) has existed for many years. It’s the evolution from simple access control lists and role-based access control, to a highly flexible system for administering access based on the evaluation of attributes.
For authorization requirements, this separates the management of access control code from the application development lifecycle. In essence, it reduces the need to touch application code every time there is a business, regulatory or internal change. ABAC presents a centralized mechanism to create policies that hone and control who has access to what, and under what conditions. The policies are created once, and implemented across the application ecosystem.
As this approach gains mainstream acceptance, the benefits and ROI of using ABAC are widely understood, but there remain some common misconceptions that delay enterprises in adopting the technology quickly. Dispelling these myths will help get the development implementation team and business leaders alike on board.
Corporate Communications Manager