I am studying ABAC (Attribute Based Access Control), specifically for application in the context of access to digital evidence. Is there a document that gives an overview of step by step how to make ABAC policy, then how to implement and mechanism for testing of policy validation. Are there any tools that can be used for ABAC's purposes ?
When I was experimenting with ABAC (admittedly a while ago), I did it through tools that manipulated policies written in XACML. I suggest starting with such a tool and its instructions on how to build and test policies and playing with that until you get a good understanding. There is an open source community version of OpenIAM that you can see here:
https://www.openiam.com/registration/?_s2member_vars=page..level..0..page..233..L3Jlc291cmNlcy9kb3dubG9hZHMv&_s2member_sig=1516040667-6711e9c680ec8a4f45889d1bc03eaa81
Axiomatics sells policy tools using XACML that can you use to implement ABAC. I am not sure if you can get a free version from them, but the overall architecture of how it works might be helpful to you as a place to start with ABAC, as shown here:
http://ma.axiomatics.com/acton/attachment/10529/f-0082/1/-/-/-/-/Axiomatics%20Policy%20Server%206.0%20Data%20Sheet.pdf
Check this article:
https://www.slideshare.net/Axiomatics/building-an-effective-api-security-framework-using-abac
- Badges
- Science topic
- Similar topics
- Methodology
- Research Methodology
- Research Papers