Executive Director and Endowed Chair ACM Workshop on AttributeBased Access Control March 24 2017 Scottsdale AZ ravisandhuutsaedu wwwprofsandhucom wwwicsutsaedu Ravi Sandhu ID: 754445
Download Presentation The PPT/PDF document "1 ABAC Panel Prof . Ravi Sandhu" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
1
ABAC PanelProf. Ravi SandhuExecutive Director and Endowed ChairACM Workshop on Attribute-Based Access ControlMarch 24, 2017, Scottsdale, AZravi.sandhu@utsa.eduwww.profsandhu.comwww.ics.utsa.edu
© Ravi Sandhu
World-Leading Research with Real-World Impact!Slide2
What do you see as the need for ABAC in practice
?Automation, Adaptability, Analytics, AnonymityWhat ABAC issues, if any, have been well-studied and addressed by our community?Foundational understandingWhat challenges remain?AdoptionHow can academia, industry and NIST engage effectively?Develop consensus, e.g., XACML ≠ ABAC© Ravi Sandhu
2
World-Leading Research with Real-World Impact!
QuestionsSlide3
Automation
AdaptabilityAnalytics (Review)Anonymity (Privacy)© Ravi Sandhu3World-Leading Research with Real-World Impact!The 4 A’sSlide4
© Ravi Sandhu
4World-Leading Research with Real-World Impact!Foundational UnderstandingDiscretionary Access Control (DAC), 1970Mandatory Access Control (MAC), 1970Role Based Access Control (RBAC), 1995Attribute Based Access Control (ABAC), ????Relationship Based Access Control (ReBAC), ????Slide5
Historically, industry has built access control mechanisms that are
Mathematically incomprehensible Lack rigorous foundations Are over-featured Are under-utilizedCan this be changed? How do we make it to 5 A’s?© Ravi Sandhu5
World-Leading Research with Real-World Impact!
AdoptionSlide6
Maybe start with some elementary issues, e.g.,
XACML ≠ ABAC User-Subject distinction is fundamental© Ravi Sandhu6World-Leading Research with Real-World Impact!Develop ConsensusSlide7
What do you see as the need for ABAC in practice
?Automation, Adaptability, Analytics, AnonymityWhat ABAC issues, if any, have been well-studied and addressed by our community?Foundational understandingWhat challenges remain?AdoptionHow can academia, industry and NIST engage effectively?Develop consensus, e.g., XACML ≠ ABAC© Ravi Sandhu
7
World-Leading Research with Real-World Impact!
Questions