Open Site Navigation
  • Matthew Hardin

RBAC and ABAC

Symas Corporation recently merged with Joshua Tree Software, developers of the Fortress Role-Based Access Control (RBAC) Open Source Software suite. Fortress is based on OpenLDAP and has been shown to work well with Apache Directory Server (ApacheDS) as well. Fortress is the only production-ready implementation of the ANSI INCITS 359-2004 RBAC Standard available today.


There has recently been a renewal of interest in Attribute-Based Access Control or ABAC with some writers implying that ABAC obsoletes or supersedes RBAC. When we read the various articles and postings, we find much to think about but come away convinced that RBAC continues to address a style of security policy definition and administration quite common in many enterprises. The capabilities standardized by ANSI represent a powerful and relatively comprehensive base of capability in support of that style of access control. We think that claiming that ABAC replaces RBAC is going too far.


ABAC appears to bring a more complex, computationally intensive style of policy expression and evaluation into play. It seems to point to more complex administrative and auditing challenges, as well. In some ways, ABAC appears to be addressing a need for “dynamic permissioning” that is both more deductive than declarative and more a matter of logic among attribute values and, possibly, historical data. This is a form of rule-engine that is likely very valuable for application developers implementing more complex business rules than are typical of resource access policies.


We find both of these approaches to be interesting and potentially valuable in their respective use-cases and look forward to participating in the evolution of them both.

21 views0 comments

Recent Posts

See All

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well understood. Both OpenLDAP and LMDB’s scaling characteristics are

What's Different? OpenLDAP 2.5 represents the contribution of various Symas Open Source enhancements not previously adopted by the Project. Everything previously only available in Symas OpenLDAP Gold

  • Symas Blog RSS Feed
  • Symas on Facebook
  • Symas on Twitter
  • Symas Blog
  • Symas on LinkedIn
  • Symas YouTube Channel

Copyright © 2022, Symas Corporation. All rights reserved. Privacy Statement (updated Sept. 9, 2021)

Phone:

Main Office: +1.650.963.7601
Fax: +1.650.390.6284

Email:

Sales: sales@symas.com
Support: support@symas.com

Office Hours:

8:00 AM - 5:00 PM ET

Office Location:

Symas Corporation
PO Box 391
Grand Junction, CO 81507 USA