1 00:00:05,770 --> 00:00:07,880 - [Narrator] Attribute-Based Access Control 2 00:00:07,880 --> 00:00:09,870 or ABAC is a further evolution 3 00:00:09,870 --> 00:00:12,250 of access control model to adapt 4 00:00:12,250 --> 00:00:14,990 to organizations that need more complex 5 00:00:14,990 --> 00:00:18,260 access control models. 6 00:00:18,260 --> 00:00:21,280 And this will take into consideration other factors 7 00:00:21,280 --> 00:00:23,900 besides the identity or the role. 8 00:00:23,900 --> 00:00:28,420 Examples of these factors are the user's location, time, 9 00:00:28,420 --> 00:00:30,660 or temporal constraints, and the level 10 00:00:30,660 --> 00:00:33,350 of risk, or even threat information. 11 00:00:33,350 --> 00:00:35,860 And there may be others as well. 12 00:00:35,860 --> 00:00:40,080 So ABAC describes an access control model where 13 00:00:40,080 --> 00:00:43,190 the authorization decision is based on attributes 14 00:00:43,190 --> 00:00:48,190 which are designed and assigned to subjects and to objects 15 00:00:49,510 --> 00:00:52,860 also environmental conditions and a set of policies 16 00:00:52,860 --> 00:00:56,043 which are linked to these attributes and conditions. 17 00:00:57,250 --> 00:01:00,280 Attributes are defined as characteristics 18 00:01:00,280 --> 00:01:03,280 that belong to a subject, that means a user. 19 00:01:03,280 --> 00:01:06,140 An object, that means a resource. 20 00:01:06,140 --> 00:01:07,630 Or an environment. 21 00:01:07,630 --> 00:01:10,340 For example, a subject attribute could be the name, 22 00:01:10,340 --> 00:01:13,840 the nationality, the organization, a role, 23 00:01:13,840 --> 00:01:17,220 some type of identifier, even a security clearance, 24 00:01:17,220 --> 00:01:19,980 and many others of that subject. 25 00:01:19,980 --> 00:01:24,800 Examples of object attributes are things like name, owner, 26 00:01:24,800 --> 00:01:27,908 so the owner of the resource when the 27 00:01:27,908 --> 00:01:32,590 resource or the data was actually created and so on. 28 00:01:32,590 --> 00:01:35,481 Now environment conditions are instead 29 00:01:35,481 --> 00:01:39,050 contextual information associated to the access request. 30 00:01:39,050 --> 00:01:41,865 You know, things like location of the access, 31 00:01:41,865 --> 00:01:44,930 time of the access, threat levels. 32 00:01:44,930 --> 00:01:48,540 These are all examples of attributes of the environment. 33 00:01:48,540 --> 00:01:51,730 Now, every object should also be associated 34 00:01:51,730 --> 00:01:53,770 with at least one policy. 35 00:01:53,770 --> 00:01:57,730 This regulates in which operations a subject could perform 36 00:01:57,730 --> 00:02:00,410 on the object. So which operations 37 00:02:00,410 --> 00:02:04,943 that a user can actually do or perform on that object. 38 00:02:06,190 --> 00:02:08,690 This is done by examining the attributes 39 00:02:08,690 --> 00:02:11,480 and the environmental constraints. 40 00:02:11,480 --> 00:02:13,050 These are key concepts related 41 00:02:13,050 --> 00:02:15,750 to Attribute Based Access Control model or ABAC. 42 00:02:16,906 --> 00:02:19,690 Attribute Based Access Controls are controls 43 00:02:19,690 --> 00:02:22,740 where the access decision is taken based 44 00:02:22,740 --> 00:02:25,960 on the attributes associated to subjects, objects, 45 00:02:25,960 --> 00:02:27,370 and environment. 46 00:02:27,370 --> 00:02:29,560 Attributes are characteristics that belong 47 00:02:29,560 --> 00:02:31,950 to a subject or a user, objects 48 00:02:31,950 --> 00:02:34,650 or resource, or the environment. 49 00:02:34,650 --> 00:02:36,770 Then another thing to remember is 50 00:02:36,770 --> 00:02:38,830 that the user role identity 51 00:02:38,830 --> 00:02:42,170 and security classification could be considered also 52 00:02:42,170 --> 00:02:43,353 as attributes.