Changes between Version 5 and Version 6 of TIEDABACModel


Ignore:
Timestamp:
07/10/12 23:33:43 (12 years ago)
Author:
faber@isi.edu
Comment:

Sparta ABAC papers went missing, links to new references

Legend:

Unmodified
Added
Removed
Modified

  • TIEDABACModel

    v5 v6  
    33== Why ABAC? ==
    44
    5 [http://www.isso.sparta.com/research_projects/security_infrastructure/abac_overview.html ABAC] is an attribute-based authorization system that combines attributes using a simple reasoning system to provide authorization that
     5[wiki:TIEDABACRefs ABAC] is an attribute-based authorization system that combines attributes using a simple reasoning system to provide authorization that
    66 * Expresses delegation and other authorization models efficiently and scalably
    77 * Allows access requesters and granters to control how much information they reveal
     
    1111== ABAC Model ==
    1212
    13 ABAC facilitates authorization decisions by providing rules under which actors in the system, called principals, prove that they have certain attributes necessary for accessing resources.  Which attributes are required for a given resource is a matter of policy outside the system.  ABAC can represent delegation of various forms in scalable and separable ways that can be reasoned about formally.  This section sketches the ideas behind ABAC.  More information is available in [http://www.isso.sparta.com/research_projects/security_infrastructure/abac_overview.html#docs the literature ].
     13ABAC facilitates authorization decisions by providing rules under which actors in the system, called principals, prove that they have certain attributes necessary for accessing resources.  Which attributes are required for a given resource is a matter of policy outside the system.  ABAC can represent delegation of various forms in scalable and separable ways that can be reasoned about formally.  This section sketches the ideas behind ABAC.  More information is available in
     14[wiki:TIEDABACRefs  the literature].
    1415
    1516In ABAC, principals can be an individual (researcher, user) or larger authority (GPO, university).  Prinicpals can use a range of systems to authenticate themselves.  A principal can be the subject of authorization decisions and have attributes asserted about it by other principals.