+
  Policy’s role in authorization, XACML today, & OpenID’s new policy charter Listen to the podcast  

5 Misconceptions About a Policy-based Approach to Access Control

At its core a Policy-based Access Control (PBAC) model (also referred to as Attribute-based Access Control, or ABAC) is a concept any developer can understand. The phrase “access control” refers to application mechanisms that govern what each user can (or can’t) see and do. And a “policy” is a principle, rule, or guideline formulated or adopted by an organization.

While learning the fundamentals of access control and how it helps development teams secure their applications, you may be exposed to some conflicting ideas or even misinformation about policy-based access control and the value of an ABAC-based solution.

Here are five common misconceptions about a policy-based access control model and the value you may be missing.

Download PDF