White Paper: Security Information Governance

Executive summary

*/BAC refers to the domain of attribute-based access control that enables organizations to meet a broad set of regulatory requirements using an access control where authorization is based on information dynamically evaluated at runtime.

Before the */BAC revolution, organizations statically assigned permissions and entitlements to users and stored them in a common, central catalogue, governance over the security information (who has access to what) was much easier as it was converged into a single attribute store, e.g., Microsoft Active Directory.

With */BAC, access rules deciding who has access to what and under what circumstances, is no longer pre-defined in a static assignment, such as adding a user to a security group. Instead, the access rules, or policies if you like, are based on attributes in different perspectives, typically “Subject”, “Resource”, “Action” and “Circumstance”.

Download White Paper.

Share this post on Linkedin

Recommended articles