18. Authorize Access - Dynamic
This use case provides, in detail, the steps for the dynamic method of authorizing access to a protected resource. It stems from the ‘Grant access to a protected resource’ use case and expands on Step 4, ‘Authorization Check.’ Under the dynamic model, an organization establishes a set of access policies. Whenever a user attempts to access a protected resource, the access control system (ACS) evaluates their attributes against those policies. When a user’s attributes change, their access entitlements change dynamically. This model is typical of ABAC (attribute-based access control) systems.
Pre-condition: Individual’s credential has been authenticated and meets the minimum required level of assurance.
|Obtain user’s identifier from user’s authenticated context.|
|Obtain resource’s access control policies.|
|Obtain the attributes needed for the access decision.
The attributes needed could be about the individual, the resource, or the environment.
|Evaluate collected attribute data against the access control policies.|
|If the request meets the conditions of the access policies, the ACS grants the individual access to the protected resource. Otherwise, access is denied.|
Post-condition: Individual is granted or denied access to the resource.
Click here for a consolidated image of this use case.