Date Published: February 2019
Comments Due:
Email Questions to:
Author(s)
Vincent Hu (NIST), David Ferraiolo (NIST), Richard Kuhn (NIST)
Announcement
Draft SP 800-205 describes the attribute-influencing factors that an access control system must address when engineering and evaluating attributes. The document expands upon NIST SP 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations, by proposing some notional implementation suggestions for consideration from the perspectives of fundamental security properties. It is intended to be a guide for federal agencies to attribute considerations with Attribute Evaluation Scheme examples for access control.
NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
This document provides federal agencies with a guide for implementing attributes for use in access control systems. Attributes enable a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environmental conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This document outlines factors which influence attributes that an authoritative body must address when standardizing an attribute system and proposes some notional implementation suggestions for consideration.
This document provides federal agencies with a guide for implementing attributes for use in access control systems. Attributes enable a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object,...
See full abstract
This document provides federal agencies with a guide for implementing attributes for use in access control systems. Attributes enable a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environmental conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This document outlines factors which influence attributes that an authoritative body must address when standardizing an attribute system and proposes some notional implementation suggestions for consideration.
Hide full abstract
Keywords
access control; access control mechanism; access control model; access control policy; attribute considerations; attribute; assurance; attribute-based access control (ABAC); authorization; privilege
Control Families
Access Control
