Sample XACML Implementation

Attribute-Based Access Control (ABAC)

An access control method where subject requests to perform operations on objects are granted or denied based on:

  1. assigned attributes of the subject,
  2. assigned attributes of the object,
  3. environment conditions, and
  4. a set of policies that are specified in terms of those attributes and conditions.

Source: NIST SP 800-263

Context-Based Access Control (CBAC)

The term CBAC is coined by Cisco, not a typical access control mechanisms you encountered in most of the CISSP study guides or NIST guidelines.

The Context-Based Access Control (CBAC) feature of the Cisco IOS® Firewall Feature Set actively inspects the activity behind a firewall.

Source: Cisco

Leave a Reply