From RBAC to CBAC: Claim Based Access Control

Many organizations that are in the process of defining the various different organizational roles for the purpose of Role Based Access Control (RBAC) will realize that this is a major or even unachievable undertaking. After all, mapping out all the roles for each department and job title is a time-consuming job. A consultant will have to check with every department to create an inventory of user privileges, formalize it and gain approval. Also, a high level of detail is to be avoided, as this would make it necessary to define as many roles as there are employees, which would undermine the value of automation.

To solve problems like these, Tools4ever has developed an Identity and Access Management solution that combines RBAC with Claim Based Access Control (CBAC). CBAC involves the assignment of access rights to applications and other services based on a so-called claim (proof of authenticity) through which a third party vouches for the authenticity of the person who is requesting access rights or a particular service.

In actual practice, this means that difficult scenarios, exceptions and doubts in the area of authorizations are handled by members in the organization rather than automatically assigned/revoked. To this end, Tools4ever offers a self-service portal which requests for access privileges can be delegated to the relevant manager or employee. Following their approval, the changes will be implemented across the network.

CBAC allows organizations to quickly and intelligently gain control over user access to network resources. All the decisions regarding the assignment of access rights are directly made by the responsible staff members.

For more information on Identity Management solutions, and other Tools4ever products, please visit our website.