published	permalink	layout	filename	title
true	/attribute-exchange/	default	attribute-exchange.md	Attribute Exchange

Attribute-based access control (ABAC) is one of several methods of access control. ABAC defines an access control policy in terms of a user’s organic attributes (such as users who are Federal employees, who are managers and above, who are in agency X or Y).

Systems must know these attributes in order to implement ABAC. When a user accesses a system within their own organization, the system can retrieve the attributes from the local source. But when the user from one organization is accessing a system from another organization, there must be mechanism for these attributes to be conveyed – or exchanged – in a trusted manner.

If you want more information, these sources might be helpful:

SAML Attribute Sharing Profile for X.509 Authentication-based Systems
Guide to Attribute Based Access Control (ABAC) Definition and Considerations
Security Markup Language (SAML) 2.0 Identifier and Protocol Profiles for Backend Attribute Exchange (BAE) v2.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

attribute-exchange.md

attribute-exchange.md

Files

attribute-exchange.md

Latest commit

History

attribute-exchange.md

File metadata and controls