IAM Standard Processes
Facebook Twitter LinkedIn

RBAC & ABAC Hybrid Approaches

Combined Session
Thursday, May 07, 2015 12:00—13:00
Location: AMMERSEE I

Over the past several years, there have been a lot of discussions around terms such as RBAC (Role Based Access Control), ABAC (Attribute Based Access Control), Dynamic Authorization Management (DAM) and standards such as XACML. Other terms such as RiskBAC (Risk Based Access Control) have been introduced more recently.

Quite frequently, there has been a debate between RBAC and ABAC, as to whether attributes should or must replace roles. However, most RBAC approaches in practice rely on more than purely role (i.e. on other attributes), while roles are a common attribute in ABAC. In practice, it is not RBAC vs. ABAC, but rather a sort of continuum.

However, the main issue in trying to position ABAC as the antipode to RBAC is that attributes vs. roles is not what the discussion should be about. The difference is in how access is granted.

This panel will be not be about RBAC vs. ABAC. It will be about RBAC & ABAC & more. What are the essential elements for moving towards an adaptive, policy-based access management (or APAM)? What do we need for a better access management that we can implement today and extend subsequently, moving from static to dynamic controls and from ACLs to policies? How to make this work with and without application integration? This panel is a must-attend panel for all people involved in defining and redefining their Access Management approaches.

Frank Böhm
Frank Böhm
FSP
Frank Boehm has been Managing Director at FSP since 2002. He started his professional career 1989 as a consultant for the financial services sector at Accenture and lead international...
Thorsten Niebuhr
Thorsten Niebuhr
WedaCon
With nearly 30 years experience in IT and in the fields of Directory Technologies, Identity Management and Data Privacy, Thorsten is a recognized expert in our industry. As a technical trainer,...
Patrick Parker
Patrick Parker
EmpowerID
Patrick Parker is the founder and CEO of EmpowerID, a company specializing in Identity and Access Management for over 20 years. He pioneered the unique use of Role and Attribute-Based Access...
Frank Wittlich
Frank Wittlich
Talanx Systeme AG
He started his professional career as consultant for safety critical applications at TUV Rheinland Group, changed over as project manager and IT process consulatant in the software development...
Subscribe for updates
Please provide your email address