Simplify File Sharing and User Access via Attribute Based Access Control

Kim Mays

Access control usually requires that a user is given access to perform a specific operation on an object which they have been given permission to access in a specified way (e.g., a user editing a Word document). Their ability to access the file is a result of permissions granted to them due to their assignment to a particular group or role.

IT professionals and users alike have dealt with this often frustrating form of access control for many years. In IT, it is not always an easy task to assign certain capabilities or roles to single users or groups, and thus access control can be difficult to manage.

A different way to manage such access can be granted via attribute based access control (ABAC), where user requests for access are granted based on various attributes of the file or object along with other conditions that are relevant to current policies.

In 2009, the Federal CIO Council published the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Plan v1.0, to provide guidance to federal organizations that were reconfiguring their logical access control architectures to include the evaluation of attributes in order to give access between organizations within the Federal enterprise. Three years later, the FICAM Roadmap and Implementation Plan v2.0 identified ABAC as the recommended access control model to share between varied and different organizations.

In our IT Downloads, the Guide to Attribute Based Access Control (ABAC) Definition and Considerations provides Federal agencies and other enterprise organizations an opportunity to learn more about ABAC and its functionalities. The document was created by the National Institute of Standards Technology (NIST), and also provides details on how to plan for, design, implement, and put into operation the components of ABAC within the enterprise.


According to the document:

When deployed across an enterprise for the purposes of increasing information sharing among diverse organizations, ABAC implementations can become complex—supported by the existence of an attribute management infrastructure, machine-enforceable policies, and an array of functions that support access decisions and policy enforcement.

In addition to the basic policy, attribute, and access control mechanism requirements, the enterprise must support management functions for enterprise policy development and distribution, enterprise identity and subject attributes, subject attribute sharing, enterprise object attributes, authentication, and access control mechanism deployment and distribution. The development and deployment of these capabilities requires the careful consideration of a number of factors that will influence the design, security, and interoperability of an enterprise ABAC solution.

High-level IT security professionals will benefit from this informative document. It can assist enterprises (both Federal and non-governmental) to maintain control of data while they improve file sharing capabilities among users and between organizations.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Close
Thanks for your registration, follow us on our social networks to keep up-to-date