[1] ABAC is a method of implementing access control policies that is highly adaptable and can be customized using a wide range of attributes, making it suitable for use in distributed or rapidly changing environments.
The only limitations on the policies that can be implemented with ABAC are the capabilities of the computational language and the availability of relevant attributes.
Through defining consistent subject and object attributes into security policies, ABAC eliminates the need for explicit authorizations to individuals’ subjects needed in a non-ABAC access method, reducing the complexity of managing access lists and groups.
[citation needed] Although the concept itself existed for many years, ABAC is considered a "next generation" authorization model because it provides dynamic, context-aware and risk-intelligent access control to resources allowing access control policies that include specific attributes from many different information systems to be defined to resolve an authorization and achieve an efficient regulatory compliance, allowing enterprises flexibility in their implementations based on their existing infrastructures.
They tend to fall into 4 different categories: Policies are statements that bring together attributes to express what can happen and is not allowed.
ABAC tries to address this by defining access control based on attributes which describe the requesting entity (the user), the targeted object or resource, the desired action (view, edit, delete), and environmental or contextual information.
The US Department of Commerce has made this a mandatory practice and the adoption is spreading throughout several governmental and military agencies.
An important consideration when evaluating ABAC solutions is to understand its potential overhead on performance and its impact on the user experience.
[9][10] As of Windows Server 2012, Microsoft has implemented an ABAC approach to controlling access to files and folders.
This is achieved through dynamic access control (DAC)[11] and Security Descriptor Definition Language (SDDL).