Adaptive Policy-Based Access Management: Beyond ABAC and RBAC
Over the past several years, there have been a lot of discussions around terms such as RBAC (Role Based Access Control), ABAC (Attribute Based Access Control), Dynamic Authorization Management (DAM) and standards such as XACML. Other terms such as RiskBAC (Risk Based Access Control) have been introduced more recently.
In particular, a frequent discussion has been going on between RBAC and ABAC enthusiasts, as to whether attributes should or must replace roles. However, most RBAC approaches in practice rely on more than purely role (i.e. on other attributes), while roles are a common attribute in ABAC. In practice, it is not RBAC vs. ABAC, but rather a continuum.
During this session, Martin Kuppinger will open the discussion on the different ways how access is granted – in a static, ACL-like approach or more dynamically, based policies and contextual information – and what the challenges are when moving to a more dynamic approach.