Concept of the Week blog series – Every week we define and explain the significance of a concept in the world of Identity and Access Management (IAM).
This week let’s discuss the concept of context. Here at Resilient we believe that fundamentally the more information an organization has about an access request the more likely it is to make the correct access decision. Context is a term that describes the sum of all information we can gather about an access request. It’s closely related to the concept of Attribute-based Access Control (ABAC) that we discussed in last week’s blog (see IAM Concept of the Week: RBAC vs. ABAC). There we defined attributes as “pieces of information that act as building blocks to describe relationships between users, actions and resources.” With enough information or attributes we can understand the context of any access request.
Attributes are broken down into four categories:
- Subject (Role, department, company, certifications, biometrics etc.)
- Action (Read, write, edit, download etc.)
- Resource (Apps, docs, files, APIs, services etc.)
- Environment (Time, location, device type, threat level etc.)
Organizations need to discover and gather these attributes in order to evaluate them against their access policies. The challenge however is that much of this information no longer resides solely within internal databases, such as Active Directory, but instead is dispersed across external databases. In a future post we’ll discuss the importance of a network-based approach to understanding context.
Next week we’ll talk more about the interplay between attributes and policy engines.
Other blogs in the IAM Concept of the Week series: