Authorization Using Attributes

  • Date 21 Nov 2019 - Thursday

Authorization Using Attributes

21 Nov 2019, 13:20 - 14:10

Track 1: Emerging security tools & techniques

Most IAM Solutions focus on authentication which is a critical component of information security. Our discussion will be about authorization, specifically what is wrong with RBAC, and how to implement ABAC which solves many issues

After this session you will be able to:

  • Understand the three critical deficiencies of Role Based Access Control (Role Explosion, Accumulation, and Application Brittleness)
  • Understand the basics of Attribute Based Access Control including the NIST ABAC Model, why it is superior. Specifically the elegance of the architecture, the centralization of policies, and the enhancement based on environment controls.
  • Understand how using existing authoritative data sources such as enterprise applications (HR, Ops Management, Case Management, etc) provides a ready source of both Subject and Object attributes to create effective policies
  • Understand the basics of how to get started, including an approach (Think Big, Start Small, Scale Fast) as well as lessons learned towards implementation.



  • Nat Bongiovanni


    Chief Technology Officer

    NTT DATA Federal Services

    Nat Bongiovanni is the Chief Technology Officer at NTT DATA Federal Services, Inc. He is a United States Navy veteran with over 35 years’ experience...

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies.