All Research
Advisory Note

Why don't you like this?

I like this
I don't like this

Unifying RBAC and ABAC in a Dynamic Authorization Framework

Dan Blum
Mastering authorization is critical for modern organizations with multiple user constituencies, applications, and data types. Groups are necessary but not sufficient in complex environments. Roles are handy for adding manageability and assurance to coarse- or medium-grained authorization but break down in the face of dynamic environments or complex access policies. Attribute-based access control (ABAC) has gained adherents, but is in fact just another piece of the puzzle. In this note, KuppingerCole will unfold the dimensions of a unified authorization framework incorporating all of the above and more.

1 Management Summary

Dynamic authorization in complex enterprise IT environments is one of the most challenging parts of identity and access management (IAM) and information security alike. To be successful, organizations must address authorization through a holistic architecture. In this note, KuppingerCole breaks the problem down into three dimensions: Governance and admin time authorization, access policy models, and runtime authorization.

Admin time policy management and runtime policy enforcement must meet in the middle with policy model for groups, RBAC, ABAC, entitlements, and policy expressions (or rules). Organizations must create as their architecture a unified authorization framework spanning the three dimensions and often requiring hybrids of all the policy models. Herein, KuppingerCole provides frameworks, models, decision trees, and recommendations to get started.

Full article is available for registered users with free trial access or a paid subscription.
Log in
Become a Member and read on!
Create an account and buy a Membership package or use our 7-days free trial period to access this and 600+ other in-depth and up-to-date insights.
Register and request your 7-day free trial
Register
Already convinced? Check out our packages
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use