**Open Source Attribute Based Access Control (OS ABAC) is scheduled to end Sept 30, 2016. All OS ABAC-related documentation and source code is currently available on Software Forge. OS ABAC will end once the current customer transition is confirmed; however, the code will remain on Software Forge.**
Open Source Attribute Based Access Control (OS ABAC) is an enterprise service that provides logical access control based on authoritative attributes. OS ABAC consists of government off-the-shelf (GOTS) and open source commercial off-the-shelf (COTS) components. It offers an open source Policy Decision Point (PDP), Policy Enforcement Point (PEP), Policy Service (PS), and Attribute Service (AS) to assist users in developing an ABAC solution for any DOD system on either the Non-secure Internet Protocol Router Network (NIPRNet) or the Secure Internet Protocol Router Network (SIPRNet).
OS ABAC is also available as a local instantiation. Combatant Commands, Services, and Agencies (CC/S/As) can choose to locally implement OS ABAC or utilize the DISA enterprise service deployed at a Defense Enterprise Computing Center (DECC).
VALUE TO OUR MISSION PARTNERS
OS ABAC enables the externalization of access control, allowing organizations to protect IT resources in a declarative manner—where any changes to access policy and application of those effects to the protected data can be done purely via configuration rather than code modification. Through implementing a standards-based definition of access control policies, which leverage authoritative attributes, organizations can protect IT resources in a more streamlined manner. As a result, application owners can avoid costs associated with legacy approaches towards IT user management and reallocate resources as needed. OS ABAC also provides CC/S/As with a starting point for an ABAC solution, which helps reduce the development burden and costs associated with standing up an ABAC solution from scratch. Further, by leveraging the OS ABAC solution, migrating policies to support additional authoritative enterprise attributes that as they become available can be transparent to the application and users.