Attribute Based Access Control (ABAC)
What is Attribute Based Access Control (ABAC)?
Rather than relying on cumbersome roles or embedded application checks, attribute-based authorization uses attributes to make access control decisions. Since attributes—such as name, department, citizenship, clearance, role—can reside in different and distributed identity stores, deploying such a system is most easily and effectively done if you can provide a single source that has all of the identities and all of the attributes, in a single location.
What challenges in implementing ABAC does an Identity Data Fabric solve?
The ability to build a global profile for users simplifies the deployment of an ABAC authorization system and enables the enterprise to use all its information in the authorization process—even when that contextual data is scattered across multiple heterogeneous data stores. A common scenario enterprises face is that the same identity exists in a number of directories and databases. This means that the attributes applications need are not neatly contained within one data source but spread across multiple sources. Identity information from many different data sources has to be merged/joined to present one complete enterprise entry for an individual so that proper policy decisions can be made by the application. That data unification is provided by an Identity Data Fabric.