|
|
|
|
|
|
by wan0net
484 days ago
|
|
|
I've been working on implementing ABAC for an enterprise environment, and realised it's actually really hard. - ABAC is limited if the application doesn't support it. You basically have to fall back to RBAC (using groups) if it doesn't. - ABAC within common business applications just doesn't exist. I'm keen to hear from people who have had experiences implementing it. To support other wary travellers in future, I've also created a new github directory, ala awesome-sysamdin, with software that either natively supports ABAC, is a "plugin" for another software to enable it, or is a software library for implementing ABAC in your own apps. Reference: https://en.wikipedia.org/wiki/Attribute-based_access_control https://csrc.nist.gov/pubs/sp/800/162/upd2/final TY! |
|
|